Aggregator

Почему разработку уже называют самым опасным инфостилером 2025 года?

Smartwatches, glucose sensors, and connected drug-monitoring devices are common in care programs. Remote monitoring helps detect changes early and supports personalized treatment and long-term condition management. They give clinicians valuable insight into patient health but also introduce new exposure points. As more care shifts outside hospital walls, sensitive information crosses networks that few organizations can see end to end. Security leaders are paying attention. “Consider the devastating consequences of bad actors attacking remote patient monitoring … More →

The post Your wearable knows your heartbeat, but who else does? appeared first on Help Net Security.

这篇Phrack 72上的文章就像一部网络安全界的“谍战大片”，是来自匿名黑客（或黑客组织）的战果展示和深度剖

Currently trending CVE - Hype Score: 1 - Unity Runtime before 2025-10-02 on Android, Windows, macOS, and Linux allows argument injection that can result in loading of library code from an unintended location. If an application was built with a version of Unity Editor that had the vulnerable Unity Runtime code, then an ...

A vulnerability categorized as problematic has been discovered in Beaver Builder Plugin up to 2.9.2.1 on WordPress. This issue affects some unknown processing. The manipulation of the argument auto_play results in cross site scripting. This vulnerability is reported as CVE-2025-8427. The attack can be launched remotely. No exploit exists.

A vulnerability was found in MxChat Plugin up to 2.4.6 on WordPress. It has been rated as critical. This vulnerability affects the function mxchat_handle_chat_request of the component PDF Handler. The manipulation leads to server-side request forgery. This vulnerability is documented as CVE-2025-10705. The attack can be initiated remotely. There is not any exploit available.

A vulnerability was found in Feedzy RSS Aggregator Plugin up to 5.1.0 on WordPress. It has been declared as critical. This affects the function feedzy_sanitize_feeds. Executing manipulation can lead to server-side request forgery. This vulnerability is registered as CVE-2025-11128. It is possible to launch the attack remotely. No exploit is available.

A vulnerability was found in tagDiv Cloud Library Plugin up to 3.9 on WordPress. It has been classified as problematic. Affected by this issue is some unknown functionality. Performing manipulation results in cross site scripting. This vulnerability is cataloged as CVE-2025-62032. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in UDesign Core Plugin up to 4.14.1 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality. Such manipulation leads to cross site scripting. This vulnerability is listed as CVE-2025-62051. The attack may be performed from remote. There is no available exploit.

A vulnerability has been found in WPCasa Plugin up to 1.4.1 on WordPress and classified as problematic. Affected is an unknown function. This manipulation causes cross site scripting. This vulnerability is tracked as CVE-2025-62043. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability, which was classified as problematic, was found in TheGem Theme Elements for WPBakery Plugin up to 5.10.5.1 on WordPress. This impacts an unknown function. The manipulation results in cross site scripting. This vulnerability is identified as CVE-2025-62044. The attack can be executed remotely. There is not any exploit available.

A vulnerability, which was classified as problematic, has been found in tagDiv Composer Plugin up to 5.4.1 on WordPress. This affects an unknown function. The manipulation leads to cross site scripting. This vulnerability is referenced as CVE-2025-62030. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability classified as problematic was found in Simple Stripe Plugin up to 0.9.17 on WordPress. The impacted element is an unknown function. Executing manipulation can lead to cross-site request forgery. The identification of this vulnerability is CVE-2025-48085. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic has been found in wpNamedUsers Plugin up to 0.5 on WordPress. The affected element is an unknown function. Performing manipulation results in cross-site request forgery. This vulnerability was named CVE-2025-48083. The attack may be initiated remotely. There is no available exploit.

A vulnerability described as problematic has been identified in Block Country Plugin up to 1.0 on WordPress. Impacted is an unknown function. Such manipulation leads to cross-site request forgery. This vulnerability is uniquely identified as CVE-2025-48077. The attack can be launched remotely. No exploit exists.

A vulnerability marked as problematic has been reported in replyMail Plugin up to 1.2.0 on WordPress. This issue affects some unknown processing. This manipulation causes cross-site request forgery. This vulnerability is handled as CVE-2025-31029. The attack can be initiated remotely. There is not any exploit available.

A vulnerability labeled as problematic has been found in Slick Google Map Plugin up to 0.3 on WordPress. This vulnerability affects unknown code. The manipulation results in cross-site request forgery. This vulnerability is known as CVE-2025-48078. It is possible to launch the attack remotely. No exploit is available.

ESET researchers have uncovered a fresh wave of Operation DreamJob, a long-running campaign linked to North Korea’s Lazarus Group. This latest activity targeted several European defense contractors, including firms deeply involved in drone and UAV development, which may point to a connection with Pyongyang’s push to expand its drone capabilities. According to ESET, the attackers went after three defense companies in Central and Southeastern Europe, likely gaining initial access through carefully crafted social engineering lures. … More →

The post How Lazarus Group used fake job ads to spy on Europe’s drone and defense sector appeared first on Help Net Security.

Anthropic запустила ИИ для ускорения научных открытий.

A vulnerability was found in Bagisto up to 2.3.7. It has been classified as critical. The affected element is an unknown function of the component Product Description Handler. Performing manipulation results in code injection. This vulnerability is identified as CVE-2025-62416. The attack can be initiated remotely. There is not any exploit available. Upgrading the affected component is recommended.