Aggregator

A vulnerability has been found in loopus WP Attractive Donations System Plugin up to 1.25 on WordPress and classified as critical. This impacts an unknown function. Performing a manipulation results in sql injection. This vulnerability is cataloged as CVE-2026-28115. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in ThemeREX Dr.Patterson Plugin up to 1.3.2 on WordPress and classified as critical. The impacted element is an unknown function. Such manipulation leads to improper control of filename for include/require statement in php program ('php remote file inclusion'). This vulnerability is documented as CVE-2026-28120. The attack can be executed remotely. There is not any exploit available.

A vulnerability was found in axiomthemes Nirvana Plugin up to 2.6 on WordPress. It has been rated as critical. Affected is an unknown function. The manipulation leads to improper control of filename for include/require statement in php program ('php remote file inclusion'). This vulnerability is traded as CVE-2026-28119. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability described as critical has been identified in axiomthemes Welldone Plugin up to 2.4 on WordPress. This issue affects some unknown processing. Executing a manipulation can lead to improper control of filename for include/require statement in php program ('php remote file inclusion'). The identification of this vulnerability is CVE-2026-28118. The attack may be launched remotely. There is no exploit available.

速修复

速修复

400 ученых пытаются остановить наше цифровое будущее.

A series of drone strikes on Amazon Web Services data center facilities in the United Arab Emirates and Bahrain triggered one of the most severe cloud outages in AWS history, knocking out or degrading more than 109 services across the ME-CENTRAL-1 region beginning March 1, 2026, and leaving thousands of enterprise customers scrambling to migrate […]

The post AWS Middle East (UAE) Region Hit by Drone Strikes, 109 Services Disrupted appeared first on Cyber Security News.

A vulnerability, which was classified as critical, has been found in Huawei HarmonyOS 6.0.0. This issue affects some unknown processing of the component Print Module. Performing a manipulation results in improper access controls. This vulnerability is reported as CVE-2026-24924. The attack requires a local approach. No exploit exists.

The Federal Bureau of Investigation seized the LeakBase cybercrime forum in an international crackdown led by Europol. The Federal Bureau of Investigation seized the LeakBase cybercrime forum (leakbase[.]la), a platform used to trade hacking tools and stolen data. The action formed part of “Operation Leak,” an international effort coordinated by Europol involving authorities from 14 […]

近日，国家信息安全漏洞库（CNNVD）收到关于Langflow 安全漏洞（CNNVD-202602-4530、CVE-2026-27966）情况的报送。

A vulnerability marked as critical has been reported in Membership Plugin up to 3.2.18/3.2.20 on WordPress. Affected by this issue is the function rcp_setup_registration_init of the component POST Parameter Handler. This manipulation of the argument rcp_level causes missing authorization. This vulnerability is tracked as CVE-2026-1321. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability labeled as critical has been found in Page and Post Clone Plugin up to 6.3 on WordPress. Affected by this vulnerability is the function content_clone. The manipulation of the argument meta_key results in sql injection. This vulnerability is identified as CVE-2026-2893. The attack can be executed remotely. There is not any exploit available.

Beazley Security has announced its Exposure Management product, which delivers continuous, automated discovery and intelligence-driven exposure notifications to help security teams accelerate risk mitigation in an era where AI-assisted attackers have compressed the time between vulnerability disclosure, weaponization, and exploitation. The product, validated with clients over the past eight months, is the first in an expanding suite of capabilities targeting internal and external exposures, third-party supplier risks, and leaked credentials that may be available on … More →

The post Beazley Exposure Management platform identifies external exposures and prioritizes cyber risk appeared first on Help Net Security.

Иран привыкает к цифровому средневековью.

Cisco has released a critical security advisory warning of a severe vulnerability in its Secure Firewall Management Center (FMC) Software. This flaw allows an unauthenticated, remote attacker to bypass authentication and execute script files, thereby gaining full root access to the underlying operating system. The vulnerability, tracked as CVE-2026-20079, stems from an improper system process […]

The post Cisco Secure Firewall Management Vulnerability Allow Attackers to Bypass Authentication appeared first on Cyber Security News.

活动时间：2026年3月09日 10点 - 3月18日 18点

LeakBase, an open-web cybercrime forum facilitating the trade of leaked databases and “stealer logs” containing stolen credentials, has been taken down in an international law enforcement operation coordinated by Europol and involving authorities from 14 countries. Police in action (Source: Europol) Active since 2021, LeakBase hosted a large archive of breached databases and compromised credentials used to facilitate account takeover, fraud and further cyber intrusions. By December 2025, the forum had more than 142,000 registered … More →

The post LeakBase cybercrime forum with 142,000 users taken down in global operation appeared first on Help Net Security.

当所有人都在卷算力的时候，理想汽车开始卷「数学定律」了。