Aggregator

A vulnerability was found in Apache Hop Engine up to 2.7.x. It has been classified as problematic. This affects an unknown part of the component PrepareExecutionPipelineServlet Page. The manipulation of the argument ID leads to basic cross site scripting. This vulnerability is uniquely identified as CVE-2024-24683. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Advanced Social Feeds Widget & Shortcode Plugin up to 1.7 on WordPress. This affects an unknown part of the component Setting Handler. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-0951. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in PowerPack Lite for Beaver Builder Plugin up to 1.3.0 on WordPress. It has been declared as problematic. This vulnerability affects unknown code of the component Element Link Handler. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-2289. The attack can be initiated remotely. There is no exploit available.

The U.S. Department of Justice has launched a landmark initiative to block foreign adversaries—including China, Russia, and Iran—from exploiting commercial channels to access sensitive American data. The Data Security Program (DSP), enacted under Executive Order 14117, establishes stringent controls over transactions involving U.S. government-related data and bulk personal information such as genomic, financial, and geolocation […]

The post DoJ Launches Critical National Security Program to Protect Americans’ Sensitive Data appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Что может пойти не так, если каждый способен купить любовь по подписке?

Нейросеть выпустили на охоту за секретами других стран. И вот что получилось…

AI is changing cybersecurity faster than many defenders realize. Attackers are already using AI to automate reconnaissance, generate sophisticated phishing lures, and exploit vulnerabilities before security teams can react. Meanwhile, defenders are overwhelmed by massive amounts of data and alerts, struggling to process information quickly enough to identify real threats. AI offers a way to

A chilling new development in the cybersecurity landscape has emerged, as a threat actor has reportedly advertised an alleged zero-day exploit targeting Fortinet’s FortiGate firewalls on a prominent dark web forum. This exploit purportedly enables unauthenticated remote code execution (RCE) and full configuration access to FortiOS, unlocking the potential for attackers to seize control of […]

The post FortiGate 0-Day Exploit Allegedly Up for Sale on Dark Web appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

英国高级警官呼吁禁止 16 岁以下儿童使用社交媒体，称社媒推动和助长了犯罪。四名高级警官称，为了公共安全、国家安全和年轻一代的心理健康，有必要进一步控制社媒平台。Sarah Crew 称社媒平台让儿童面临被剥削和虐待的风险。她说今天的社媒平台就像 1850 年代的美国西部，快速扩张但没有监管和执法。负责反恐的 Matt Jukes 指出，去年因恐怖主义犯罪而被捕的人中有 20% 是儿童，他表示恐怖组织能通过社媒激进化年代一代。至于英国政府是否会考虑禁止儿童使用社交媒体，内政大臣 Yvette Cooper 早些时候对此表示，没有什么是不可以讨论的。

美国网络司令部新任代理司令向美国国会发表立场声明

电商运营受影响近3个月

速修复

缓解该风险的唯一方法是手动验证程序包名称，并永远不要假设由AI生成的代码片段中提到的程序包是真实安全的。

上周关注度较高的产品安全漏洞(20250407-20250413)

国家信息安全漏洞共享平台（以下简称CNVD）本周共收集、整理信息安全漏洞317个，其中高危漏洞146个、中危漏洞142个、低危漏洞29个。

上周关注度较高的产品安全漏洞(20250407-20250413)

国家信息安全漏洞共享平台（以下简称CNVD）本周共收集、整理信息安全漏洞317个，其中高危漏洞146个、中危漏洞142个、低危漏洞29个。

你的安全设备日志每天记录着数十次勒索攻击告警，渗透测试报告显示"无高危漏洞"，年度攻防演练全员通过考核——这些数字是否让你产生了错误的安全确信？

检测业务是否受到此漏洞影响，请联系长亭应急服务团队！

不要看一个人是怎么说的，要看他是怎么做的。