Aggregator

2025年4月16日，深瞳漏洞实验室监测到一则Oracle E-Business Suite组件存在代码执行漏洞的信息，漏洞编号：CVE-2025-30727，漏洞威胁等级：严重。

DOGE залез в систему — хакеры влезли следом.

HackerNews 编译，转载请注明出处： 某非法论坛上名为”beltway”的新注册账号声称，其于2025年4月从武田制药官网Takeda.com导出约200万条用户信息。该威胁者表示：”我们现公开出售该数据集，起拍价7.5万美元，数据仅售一次。武田官网工作人员已联系我要求下架。” 威胁者提供了部分数据样本，据称包含大量敏感信息。样本内容显示个人身份信息、职业详情及内部系统标识符混杂存在，疑似来自CRM或数据管理系统（多次提及Veeva平台）。 样本清单包含： 姓名 电子邮箱 电话号码 职位头衔 组织隶属关系 各类系统数据（ID编号、联系数据、记录状态字段等） 日本最大制药企业武田制药（创立于1781年，市值450亿美元）尚未确认或否认该指控，也未向投资者发布相关信息。公司发言人表示：”武田高度重视数据与隐私安全。我们已知晓关于企业官网Takeda.com可能存在数据泄露的指控，已启动内部调查并评估其真实性。” 网络安全研究员Neringa Macijauskaitė分析称：”样本仅包含少量用户数据，难以验证真伪。不过Veeva系统确为生物医药行业常用CRM平台。”样本中提及的”医生”和”药师”字段显示数据可能涉及客户而非内部员工，包含医疗行业典型的客户追踪属性（专业资质、同意书状态、区域划分等）。 若数据泄露属实，受影响客户将面临商业电子邮件入侵（BEC）诈骗的高风险。Macijauskaitė警告：“详细的职业信息（如CEO、医生等头衔）可使钓鱼邮件更具针对性，伪造成可信医药公司索取敏感凭证。” 值得关注的是，成熟网络犯罪组织通常避免发布未经证实的信息。但近期虚假指控激增，如Babuk2黑客组织此前散布的伪造勒索声明。     消息来源：cybernews； 本文由 HackerNews.cc 翻译整理，封面来源于网络；  转载请注明“转自 HackerNews.cc”并附上原文

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released nine new advisories detailing severe vulnerabilities in widely-used Industrial Control Systems (ICS) products. These advisories, published on April 15, 2025, urge immediate action from operators and administrators overseeing critical infrastructure. Below are the key highlights from each advisory: Nine Industrial Control Systems Advisories 1.Siemens Mendix […]

The post CISA Issues 9 New ICS Advisories Addressing Critical Vulnerabilities appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability has been found in HT Mega Plugin up to 2.4.6 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument titleTag leads to cross site scripting. This vulnerability is known as CVE-2024-1397. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Shariff Wrapper Plugin up to 4.6.10 on WordPress and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-1450. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Easy Social Feed Plugin up to 6.5.4 on WordPress. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. This vulnerability was named CVE-2024-1213. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Sky Addons for Elementor Plugin up to 2.4.0 on WordPress. It has been classified as problematic. This affects an unknown part of the component Wrapper Link URL Handler. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-2286. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Easy Social Feed Plugin up to 6.5.4 on WordPress. It has been rated as problematic. This issue affects some unknown processing of the component Shortcode Handler. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-1278. The attack may be initiated remotely. There is no exploit available.

Here's what to know about malware that raids email accounts, web browsers, crypto wallets, and more – all in a quest for your sensitive data

对美国挑战大于机遇，对中国机遇大于挑战。

公司明确表示仍在继续提供病患护理服务

攻击始于从被入侵的合法账户（通常属于受信任的个人或组织）发送的看似无害的电子邮件。

Группа молчала целый год, а теперь триумфально возвращается с новыми инструментами.

2025年4月16日，绿盟科技CERT监测到Oracle官方发布了4月重要补丁更新公告CPU，此次共修复了390个不同程度的漏洞，Oracle强烈建议客户尽快应用关键补丁更新修复程序，对漏洞进行修复。

2025年4月16日，绿盟科技CERT监测到Oracle官方发布了4月重要补丁更新公告CPU，此次共修复了390个不同程度的漏洞，Oracle强烈建议客户尽快应用关键补丁更新修复程序，对漏洞进行修复。

小红书上多元长尾的生活需求，吸引着新一代的独立开发者们。

Security community reacts with shock at US government’s decision not to renew MITRE contract for CVE database

Учёные раскрыли ароматический код человеческих отношений.

Meta нашла способ легализовать массовый сбор данных пользователей.