Aggregator

A vulnerability, which was classified as problematic, has been found in Ultimate Addons for Beaver Builder Plugin up to 1.5.7 on WordPress. Affected by this issue is some unknown functionality of the component Info Table Widget. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-2142. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in funboot 1.1 and classified as problematic. This vulnerability affects unknown code of the component Create a Message. The manipulation of the argument Title leads to cross site scripting. This vulnerability was named CVE-2024-29278. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in Favorites Plugin up to 2.3.3 on WordPress. It has been classified as problematic. Affected is an unknown function of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-2948. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in PowerPack Addons for Elementor Plugin up to 2.7.17 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation of the argument _html_tag leads to cross site scripting. This vulnerability is handled as CVE-2024-2491. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in PowerPack Addons for Elementor Plugin up to 2.7.18 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Twitter Tweet Widget. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-2492. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Forminator Plugin up to 1.29.0 on WordPress. This affects an unknown part of the component File Upload. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-1794. It is possible to initiate the attack remotely. There is no exploit available.

Seal Security launched Seal Base Images, a solution designed to future-proof containerized applications. Seal Base Images delivers secure, continuously updated, and vulnerability-free base images, effectively eliminating up to 99% of potential future vulnerabilities. Standard container base images frequently contain unpatched vulnerabilities, creating significant security risks. Slow and inconsistent patching processes, coupled with unclear SBOMs, leave applications exposed. Seal Base Images directly addresses these challenges by providing hardened, reliably maintained base images with fast, consistent vulnerability … More →

The post Seal Base Images mitigates container vulnerabilities appeared first on Help Net Security.

由 150 余名神经科学家参与的“大脑皮层网络机器智能”（MICrONS）项目发表十篇论文，公布了迄今最详尽的哺乳动物大脑连接图谱。根据一粒沙大小的脑区就能绘制神经元连接、形态与功能图谱不仅是一项科学奇迹，更是迈向理解思维、情感和意识神秘起源的关键一步。美国贝勒医学院科学家首先利用专门的显微镜，记录了小鼠视觉皮层一立方毫米区域在观看各种电影和视频片段时的大脑活动。随后，艾伦研究所的研究人员取下这一立方毫米的大脑组织，将其切成25000多层，每层厚度仅为人类发丝的1/400，并使用一系列电子显微镜对每一层进行高分辨率成像。最后，普林斯顿大学的另一个团队利用人工智能和机器学习技术，将这些细胞和连接重建为三维图像。结合大脑活动记录，研究团队绘制出迄今最大的大脑连接图谱和功能图谱，其中包含20多万个细胞、4公里长的轴突（延伸至其他细胞的分支）以及5.23亿个突触（细胞间的连接点）。该连接图谱及其数据现可通过 MICrONS Explorer 免费获取。其数据量达1.6拍字节。

Google 宣布了第七代 TPU 处理器 Ironwood。TPU 代表 Tensor Processing Unit，是 Google 内部开发的专门用于加速机器学习的 ASIC 处理器。第一代 TPUv1 于 2016 年推出。TPU v7(Ironwood)据报道是专门为满足推理等大模型新兴需求而设计的。Google 最新的大模型 Gemini 2.5 运行在上一代的 TPU v6（Trillium）上，Google 表示 Ironwood 更高的推理速度和效率将为更多的突破奠定了基础。Ironwood 的峰值吞吐量为 4,614 TFLOPs。

Чтобы объяснить атрибутивную модель доступа (ABAC), ребята из RooX начали сочинять фантастический роман.

Agentic AI is transforming business. Organizations are increasingly integrating AI agents into core business systems and processes, using them as intermediaries between users and these internal systems. As a result, these organizations are improving efficiency, automating routine tasks, and driving innovation. But these benefits come at a cost.  AI agents rely on APIs to access [...]

The post The API Security Challenge in AI: Preventing Resource Exhaustion and Unauthorized Access appeared first on Wallarm.

The post The API Security Challenge in AI: Preventing Resource Exhaustion and Unauthorized Access appeared first on Security Boulevard.

A newly disclosed denial-of-service (DoS) vulnerability in Palo Alto Networks’ PAN-OS software enables attackers to force firewalls into repeated reboots using maliciously crafted packets. Tracked as CVE-2025-0128, the flaw impacts SCEP (Simple Certificate Enrollment Protocol) authentication and poses significant risks to unpatched systems. The vulnerability, CVE-2025-0128, enables unauthenticated attackers to disrupt network operations by sending a single […]

The post PAN-OS DoS Vulnerability Allows Attackers to Force Repeated Firewall Reboots appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Пентагон инвестирует триллионный бюджет в цифровизацию поля боя.

Firefox Application Security Team 安全团队在其博客 Attack & Defense 上发表文章，介绍了在加固 Firefox 前端上所做的工作。Firefox 的大部分 UI 是使用标准 Web 技术如 HTML、CSS 和 JavaScript 实现的，这么做的好处是可以在所有桌面操作系统上使用浏览器引擎渲染前端，缺陷是容易受到注入攻击。最常见的注入攻击是跨站脚本（Cross-Site Scripting 简写 XSS）攻击。为缓解 Firefox UI 的 XSS 和其它注入攻击，安全团队重写了逾 600 个 JavaScript 事件处理程序。这些代码将应用于 Firefox 下一个版本 v138(目前的稳定版本是 Firefox 137)。安全团队表示通过消除一整类攻击类型，他们大幅提高了攻击者利用 Firefox 的门槛。

The open-source Linux firewall solution, IPFire, has officially released its latest version, IPFire 2.29 – Core Update 193. This landmark update introduces cutting-edge post-quantum encryption capabilities for IPsec tunnels, along with extensive system upgrades to bolster security, performance, and hardware optimization for the long term. Post-Quantum Cryptography for a More Secure Future In a major step forward […]

The post Linux Firewall IPFire 2.29 Launches with Post-Quantum Encryption and System Enhancements appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

4月26日，我们北京见，欢迎报名！

4月26日，我们北京见，欢迎报名！

Keysight Technologies announces the Next-Generation Embedded Security Testbench, a consolidated and scalable test solution designed to address the increasing complex security testing demands of modern chips and embedded devices. This new solution offers enhanced flexibility, reduces test setup complexities, and improves the reliability and repeatability of critical security evaluations. The proliferation of connected devices and the escalating sophistication of security threats create significant challenges for developers and security labs. Traditional security testing often involves cumbersome … More →

The post Keysight simplifies security testing for modern chips and embedded devices appeared first on Help Net Security.