Aggregator

A vulnerability was found in Elementor Website Builder Plugin up to 3.29.0 on WordPress. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-50555. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in SpecFit-Virtual Try On Woocommerce Plugin up to 7.0.5 on WordPress. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2025-23973. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Ultra Addons for Contact Form 7 Plugin up to 3.5.11/3.5.19 on WordPress. It has been classified as problematic. This affects the function ajax_get_table_data of the component Database Module. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-6212. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Modern Design Library Plugin up to 1.1.4 on WordPress and classified as problematic. Affected by this issue is some unknown functionality. The manipulation of the argument Class leads to cross site scripting. This vulnerability is handled as CVE-2025-5842. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in WProyal Royal Elementor Addons Plugin up to 1.7.1024 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Widget. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2025-5338. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Bulk YouTube Post Creator Plugin up to 1.0 on WordPress. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2025-49423. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Woocommerce Line Notify Plugin up to 1.1.7 on WordPress. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2025-30972. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as problematic has been found in FormLift for Infusionsoft Web Forms Plugin up to 7.5.20 on WordPress. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-47654. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability classified as problematic was found in School Management Plugin up to 92.0.0 on WordPress. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2025-47574. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Smart Notification Plugin up to 10.3 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2025-39478. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in FastBook Plugin up to 1.1 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2025-25173. The attack can be launched remotely. There is no exploit available.

Trend Micro launched Scam Radar, a new feature within the Trend Micro ScamCheck app. Scam Radar offers real-time protection by identifying scam tactics utilized by cybercriminals as they happen, alerting users early and empowering them to take action before any harm is done. A recent study by Trend Micro found that 30% of consumers reported having been a victim of an online scam and 39% of victims did not even realize they had been scammed … More →

The post Trend Micro Scam Radar analyzes different communications methods used by scammers appeared first on Help Net Security.

当前网络环境出现异常问题,需完成验证操作后方可继续访问。

当前环境异常，请完成验证以继续访问。

Sitecore被部署在数千个环境中，包括银行、航空公司和全球企业，影响广泛。

能源行业正经历一场前所未有的安全变革。随着“双碳”目标推进，风电、光伏等新能源并网规模激增，电力物联网、油气管网智能化改造加速，传统封闭隔离的安全防护模式正被彻底打破。面对高级持续性威胁（APT）、勒索软件等新型攻击手段的严峻挑战，能源行业正加速构建以主动防御、AI智能监测、韧性保障为核心的新型安全体系，通过零信任架构等创新技术手段，打造更高效、更可靠的网络安全防护能力。 嘶吼安全产业研究院基于《2025网络安全产业图谱》调研，通过对400+典型解决方案与案例的深度分析，从需求匹配度、实践成效、创新技术、应用价值等多维度展开综合评估。 调研分析发现，当前能源行业的安全建设正从基础防护向“业务安全与生产安全并重”转变。过去能源行业主要关注工控系统的基础隔离与合规要求，如今更强调攻击溯源、实时监测、生产业务零中断等高阶能力。此外，托管式安全运营服务正助力中小能源企业实现专业化、集约化的安全防护。 基于这些发现，我们将重点展示几个具有代表性的能源行业优秀安全解决方案，为能源行业的安全建设提供可借鉴的实践经验。 PS：解决方案展示排名不分先后，按企业简称首字母排序。 往期回顾： 2025中国网络安全「政务行业」优秀解决方案汇编 2025中国网络安全「金融行业」优秀解决方案汇编

In this Help Net Security interview, Dr. Tim Sattler, CISO at Jungheinrich, discusses the cybersecurity risks tied to smart warehouses and industrial control systems. He explains how to maintain operational continuity while building real cyber resilience in always-on environments. Dr. Sattler also shares practical strategies for working with third-party partners and preparing for the next wave of automation. What unique cybersecurity challenges arise from smart warehouse systems and industrial control systems? Smart warehouses incorporate a … More →

The post Building cyber resilience in always-on industrial environments appeared first on Help Net Security.

A vulnerability was found in HYDRO Plugin up to 2.8 on WordPress. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2025-31428. It is possible to launch the attack remotely. There is no exploit available.

一群图书作者起诉社交巨人，指控其未经许可盗版了数百万册受版权保护的书籍去训练其大模型 Llama。旧金山联邦法官 Vince Chhabria 周三裁定，Meta 使用书籍训练大模型受到了版权法合理使用的保护。但他强调，做出这一裁决更多是因为原告未能有效提供证据证明其指控。Meta 辩解称大模型无法复制版权材料，它就像人读完一本书之后能总结该书的信息，包括模仿写作风格，但不会一模一样复制。原告未能反驳 Meta 这一抗辩。为训练 Llama，Meta 被发现从盗版电子书库下载了逾百 TB 的电子书。

一群图书作者起诉社交巨人，指控其未经许可盗版了数百万册受版权保护的书籍去训练其大模型 Llama。旧金山联邦法官 Vince Chhabria 周三裁定，Meta 使用书籍训练大模型受到了