Вам пришел SVG-файл? Не открывайте. Это новая фишинговая атака Tykit, нацеленная на пользователей Microsoft
За безобидным вложением скрывается многоступенчатая ловушка, которую не распознают классические антивирусы.
Aggregator
RALord
3 months 3 weeks ago
You must login to view this content
cohenido
新德里空气污染水平创五年新高
3 months 3 weeks ago
本周新德里的空气污染达到了五年以来的最高水平,排灯节(又名光明节)烟花和农田焚烧共同作用,让这座城市笼罩在有毒雾霾之中。本周德里部分地区的 AQI 指数超过 500,还有部分地区的 PM2.5 和 PM10 浓度峰值达到 1800,比 WHO 认定的健康水平高 20 倍。为了减少空气污染,自 2020 年以来德里禁止在排灯节期间出售和燃放烟花,但今年初执政的民族主义政党印度人民党(BJP)向最高法院申请放宽禁令,称需要在传统和环保之间取得平衡,允许燃放“绿色烟花”——此类烟花比传统烟花的污染排放降低约 30%。法官批准了人民党的要求。于是本周的排灯节烟花推动空气污染达到了五年以来的最高水平。
第135篇:美国APT的苹果手机"三角测量"行动是如何被溯源发现的
3 months 3 weeks ago
Русский след — фальшивка? Касперский вскрыл 2-летний шпионаж Китая
3 months 3 weeks ago
Внутри утилит PassiveNeuron обнаружилось больше улик, чем разработчики собирались оставить.
CVE-2025-59593 | Colibri Page Builder Plugin prior 1.0.334 on WordPress cross site scripting
3 months 3 weeks ago
A vulnerability was found in Colibri Page Builder Plugin on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality. Performing manipulation results in cross site scripting.
This vulnerability is identified as CVE-2025-59593. The attack can be initiated remotely. There is not any exploit available.
Upgrading the affected component is advised.
vuldb.com
CVE-2025-60135 | WeShare Buttons Plugin up to 13.0.0 on WordPress cross site scripting
3 months 3 weeks ago
A vulnerability classified as problematic has been found in WeShare Buttons Plugin up to 13.0.0 on WordPress. This affects an unknown function. Performing manipulation results in cross site scripting.
This vulnerability is reported as CVE-2025-60135. The attack is possible to be carried out remotely. No exploit exists.
vuldb.com
CVE-2025-60168 | HotelRunner Booking Widget Plugin up to 1.6 on WordPress cross-site request forgery
3 months 3 weeks ago
A vulnerability, which was classified as problematic, was found in HotelRunner Booking Widget Plugin up to 1.6 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation results in cross-site request forgery.
This vulnerability is known as CVE-2025-60168. It is possible to launch the attack remotely. No exploit is available.
vuldb.com
CVE-2025-60134 | WP Media Categories Plugin up to 2.1.0 on WordPress cross-site request forgery
3 months 3 weeks ago
A vulnerability has been found in WP Media Categories Plugin up to 2.1.0 on WordPress and classified as problematic. Affected by this issue is some unknown functionality. This manipulation causes cross-site request forgery.
This vulnerability is handled as CVE-2025-60134. The attack can be initiated remotely. There is not any exploit available.
vuldb.com
CVE-2025-60132 | Video Blogster Lite Plugin up to 1.2 on WordPress cross-site request forgery
3 months 3 weeks ago
A vulnerability was found in Video Blogster Lite Plugin up to 1.2 on WordPress and classified as problematic. This affects an unknown part. Such manipulation leads to cross-site request forgery.
This vulnerability is uniquely identified as CVE-2025-60132. The attack can be launched remotely. No exploit exists.
vuldb.com
CVE-2025-60131 | Werk aan de Muur Plugin up to 1.5 on WordPress cross site scripting
3 months 3 weeks ago
A vulnerability was found in Werk aan de Muur Plugin up to 1.5 on WordPress. It has been classified as problematic. This vulnerability affects unknown code. Performing manipulation results in cross site scripting.
This vulnerability was named CVE-2025-60131. The attack may be initiated remotely. There is no available exploit.
vuldb.com
CVE-2025-60176 | WP Tesseract Plugin up to 1.0.2 on WordPress cross site scripting
3 months 3 weeks ago
A vulnerability was found in WP Tesseract Plugin up to 1.0.2 on WordPress. It has been declared as problematic. This issue affects some unknown processing. Executing manipulation can lead to cross site scripting.
The identification of this vulnerability is CVE-2025-60176. The attack may be launched remotely. There is no exploit available.
vuldb.com
CVE-2025-59007 | tf-woo-product-grid Plugin up to 1.0.1 on WordPress deserialization
3 months 3 weeks ago
A vulnerability marked as critical has been reported in tf-woo-product-grid Plugin up to 1.0.1 on WordPress. This issue affects some unknown processing. This manipulation causes deserialization.
This vulnerability is tracked as CVE-2025-59007. The attack is possible to be carried out remotely. No exploit exists.
vuldb.com
CVE-2025-60151 | WP Gravity Forms HubSpot Plugin up to 1.2.5 on WordPress redirect
3 months 3 weeks ago
A vulnerability, which was classified as problematic, was found in WP Gravity Forms HubSpot Plugin up to 1.2.5 on WordPress. This impacts an unknown function. The manipulation results in open redirect.
This vulnerability is reported as CVE-2025-60151. The attack can be launched remotely. No exploit exists.
vuldb.com
TransparentTribe targets Indian military organisations with DeskRAT
3 months 3 weeks ago
这篇文章描述了TransparentTribe(APT36)针对印度政府Linux系统的钓鱼活动,利用DeskRAT远程控制木马通过ZIP附件和DESKTOP文件传播。攻击链包括下载恶意有效载荷、执行并打开诱饵PDF文档。C2服务器使用WebSocket通信,并具备现代化的控制界面和远程文件探索功能。
美国或进一步升级对我国出口“关键软件”限制;CMC最新调查:捷豹路虎网络攻击事件已让英国损失超180亿元 | 牛览
3 months 3 weeks ago
当前环境出现异常,请完成验证后继续访问。
构建“纵深防御”逻辑下的全维度私有云安全能力!《私有云云原生安全技术与应用研究(2025版)》报告发布(附下载二维码)
3 months 3 weeks ago
当前环境异常,请完成验证后继续访问。
Multiple BIND 9 DNS Vulnerabilities Enable Cache Poisoning and Denial of Service Attacks
3 months 3 weeks ago
The Internet Systems Consortium (ISC) disclosed three high-severity vulnerabilities in BIND 9 on October 22, 2025, potentially allowing remote attackers to conduct cache poisoning attacks or cause denial-of-service (DoS) conditions on affected DNS resolvers. These flaws, tracked as CVE-2025-8677, CVE-2025-40778, and CVE-2025-40780, primarily impact recursive resolvers used by organizations for domain name resolution, leaving authoritative […]
The post Multiple BIND 9 DNS Vulnerabilities Enable Cache Poisoning and Denial of Service Attacks appeared first on Cyber Security News.
Guru Baran
5000 块请 AI 看我「上厕所」?科勒这个新产品把美国人整不会了
3 months 3 weeks ago
马桶里的 AI,正凝视你的健康金矿。
On 110 operating systems
3 months 3 weeks ago
curl项目自2022年支持89个操作系统后,在一年内增至100个,并于近期更新至支持110个操作系统。这一成就展现了项目的开放性和跨平台能力。