Aggregator

智能家居设备暗藏安全危机，黑客可窃听操控！

A vulnerability, which was classified as problematic, has been found in Astoundify WP Modal Popup with Cookie Integration Plugin up to 2.4 on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2025-31772. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic was found in Neteuro Turisbook Booking System Plugin up to 1.3.7 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2025-31803. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Publitio Plugin up to 2.1.8 on WordPress. Affected is an unknown function. The manipulation leads to missing authorization. This vulnerability is traded as CVE-2025-31799. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in ExpressTech Systems Gutena Kit Plugin up to 2.0.7 on WordPress. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2025-31805. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in DraftPress Follow Us Badges Plugin up to 3.1.11 on WordPress. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2025-31804. The attack can be initiated remotely. There is no exploit available.

Currently trending CVE - Hype Score: 1 - The Kubio AI Page Builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.5.1 via thekubio_hybrid_theme_load_template function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the ...

NHL CISO David Munroe outlines how the league protects critical infrastructure across public arenas and streaming platforms. He details the league's use of cloud and AI tools, and highlights the importance of cloud governance, AI-powered defenses and user education in mitigating risk.

Attacker With Project Access Could Have Retrieved Private Images, Researchers Said
Google has fixed Google Cloud Platform vulnerability attackers could have exploited to gain unauthorized access to private container images, due to access restriction shortcomings. Researchers said the flaw highlights how services built atop other services can pose unexpected security risks.

AI Giant Eyes Expansion Amid Structural Challenges
OpenAI on Monday closed a record $40 billion funding round, valuing it at $300 billion. SoftBank led with $30 billion, joined by Microsoft and others. Operational shifts accompanied OpenAI's expansion. CEO Sam Altman announced stepping back from daily operations to focus on innovation.

Authors/Presenters: Sven Cattell

Our sincere appreciation to BSidesLV, and the Presenters/Authors for publishing their erudite Security BSidesLV24 content. Originating from the conference’s events located at the Tuscany Suites & Casino; and via the organizations YouTube channel.

Permalink

The post BSidesLV24 – Keynotes – Day One: “Secure AI” Is 20 Years Old appeared first on Security Boulevard.

使用tabby分析rome反序列化链

​North Korea's IT workers have expanded operations beyond the United States and are now increasingly targeting organizations across Europe. [...]

The bill will allow Japan to implement safeguards and strategies that have been in use by other countries for some time.

The security vendor counters that none of the information came directly from its systems but rather was acquired over a period of time by targeting individuals.

Microsoft’s offensive security team discovered a critical code execution vulnerability impacting Canon printer drivers.  Researchers at Microsoft’s Offensive Research and Security Engineering (MORSE) team have discovered a critical code execution vulnerability, tracked as CVE-2025-1268 (CVSS score of 9.4), impacting Canon printer drivers.  The vulnerability is an out-of-bounds issue that resides in certain printer drivers for […]

Simbian, under the leadership of CEO Ambuj Kumar, is hosting an innovative AI Hackathon on April 8, 2025., and participation is limited.

The post When AI Fights Back: Simbian’s 2025 Hackathon Challenges Humans to Outsmart the Machines appeared first on Security Boulevard.

Внутренние конфликты, заблокированные статьи и страх утечек парализуют исследовательскую свободу.