Aggregator

前言PHP 作为广泛使用的服务端语言，其灵活的内置类（如 DOMDocument）和文件操作机制（.ini、.inc 的自动加载），为攻击者提供了天然的隐蔽通道。通过 动态函数拼接、反射调用、加密混淆 和 伪命名空间 等手法，恶意代码得以“寄生”于正常的业务逻辑中，甚至借助析构函数、自动加载等机制实现 无文件化触发。这种“隐写术”般的攻击方式，不仅挑战了传统检测技术的边界，也对开发者和安全团队提出

A vulnerability, which was classified as problematic, was found in Brady Vercher Cue Plugin up to 2.4.4 on WordPress. This affects an unknown part. The manipulation leads to missing authorization. This vulnerability is uniquely identified as CVE-2025-31787. It is possible to initiate the attack remotely. There is no exploit available.

智能家居设备暗藏安全危机，黑客可窃听操控！

A vulnerability, which was classified as problematic, has been found in Astoundify WP Modal Popup with Cookie Integration Plugin up to 2.4 on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2025-31772. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic was found in Neteuro Turisbook Booking System Plugin up to 1.3.7 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2025-31803. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Publitio Plugin up to 2.1.8 on WordPress. Affected is an unknown function. The manipulation leads to missing authorization. This vulnerability is traded as CVE-2025-31799. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in ExpressTech Systems Gutena Kit Plugin up to 2.0.7 on WordPress. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2025-31805. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in DraftPress Follow Us Badges Plugin up to 3.1.11 on WordPress. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2025-31804. The attack can be initiated remotely. There is no exploit available.

Currently trending CVE - Hype Score: 1 - The Kubio AI Page Builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.5.1 via thekubio_hybrid_theme_load_template function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the ...

NHL CISO David Munroe outlines how the league protects critical infrastructure across public arenas and streaming platforms. He details the league's use of cloud and AI tools, and highlights the importance of cloud governance, AI-powered defenses and user education in mitigating risk.

Attacker With Project Access Could Have Retrieved Private Images, Researchers Said
Google has fixed Google Cloud Platform vulnerability attackers could have exploited to gain unauthorized access to private container images, due to access restriction shortcomings. Researchers said the flaw highlights how services built atop other services can pose unexpected security risks.

AI Giant Eyes Expansion Amid Structural Challenges
OpenAI on Monday closed a record $40 billion funding round, valuing it at $300 billion. SoftBank led with $30 billion, joined by Microsoft and others. Operational shifts accompanied OpenAI's expansion. CEO Sam Altman announced stepping back from daily operations to focus on innovation.

Authors/Presenters: Sven Cattell

Our sincere appreciation to BSidesLV, and the Presenters/Authors for publishing their erudite Security BSidesLV24 content. Originating from the conference’s events located at the Tuscany Suites & Casino; and via the organizations YouTube channel.

Permalink

The post BSidesLV24 – Keynotes – Day One: “Secure AI” Is 20 Years Old appeared first on Security Boulevard.

使用tabby分析rome反序列化链

​North Korea's IT workers have expanded operations beyond the United States and are now increasingly targeting organizations across Europe. [...]

The bill will allow Japan to implement safeguards and strategies that have been in use by other countries for some time.

The security vendor counters that none of the information came directly from its systems but rather was acquired over a period of time by targeting individuals.

Microsoft’s offensive security team discovered a critical code execution vulnerability impacting Canon printer drivers.  Researchers at Microsoft’s Offensive Research and Security Engineering (MORSE) team have discovered a critical code execution vulnerability, tracked as CVE-2025-1268 (CVSS score of 9.4), impacting Canon printer drivers.  The vulnerability is an out-of-bounds issue that resides in certain printer drivers for […]