Aggregator

A vulnerability classified as problematic has been found in Concrete CMS up to 8.5.15/9.2.7. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-3180. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Concrete CMS up to 8.5.15/9.2.7. Affected by this vulnerability is an unknown functionality of the component Custom Class Page. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-3179. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Concrete CMS up to 8.5.15/9.2.7. It has been declared as critical. This vulnerability affects unknown code of the component Search Field. The manipulation leads to os command injection. This vulnerability was named CVE-2024-3181. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in devitemsllc ShopLentor Plugin up to 2.8.3 on WordPress. This affects an unknown part. The manipulation of the argument slitems leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-2868. It is possible to initiate the attack remotely. There is no exploit available.

亚马逊EC2 SSM Agent漏洞可提权执行任意代码，已紧急修复。

WhatsApp addressed a flaw, tracked as CVE-2025-30401, that could allow attackers to trick users and enable remote code execution. WhatsApp released a security update to address a vulnerability, tracked as CVE-2025-30401, that could let attackers trick users and enable remote code execution. The spoofing flaw impacts WhatsApp for Windows before version 2.2450.6. An attacker could […]

美国公司 Colossal Biosciences 宣布复活了一种灭绝的物种——恐狼。Colossal 公司声称，3 只基因编辑灰狼幼崽——10 月出生的两只公狼 Remus 和 Romulus，1 月出生的一只母狼 Khaleesi，后者实际上是恐狼。恐狼是一种已灭绝的大型犬科动物，曾生活在美洲地区，直到大约 1 万年前灭绝。这些动物看起来像披着白大褂的大型狼。它们因电视剧《权力的游戏》而广为人知，Khaleesi（卡丽熙）就以剧中主角的名字命名。灰狼和恐狼由于外观的相似性被认为是近亲，但 2021 年一项古 DNA 研究显示，它们最后一个共同祖先生活在大约 600 万年前。胡豺、非洲野犬、红豺与灰狼的关系都比二者更密切。Colossal 公司声称，仅仅通过 20 个基因编辑就把灰狼变成了恐狼。Shapiro 表示，事实上这 20 个基因编辑中，5 个是基于已知的能让灰狼产生浅色皮毛的突变；15 个直接基于恐狼基因组，旨在改变它的体形、肌肉组织和耳朵形状。“弄清楚它们是否对基因编辑动物产生了预期效果，还需要一年左右。”

The malware's creators insist a new open source version of Neptune is for educational use by pen testers, but a raft of sophisticated backdoor and evasion capabilities says otherwise.

NASCAR Allegedly Targeted by MEDUSA Ransomware Group

A vulnerability classified as critical has been found in Apple iCloud up to 7.12/10.5 on Windows. This affects an unknown part of the component WebKit. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2019-8689. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

You can now deploy static sites and full-stack applications on Cloudflare Workers. Framework support for React Router v7, Astro, Vue and more are generally available today and Cloudflare Vite plugin.

A vulnerability has been found in HPE Virtual Intranet Access up to 4.7.0 on Windows and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to denial of service. This vulnerability is known as CVE-2025-25041. The attack needs to be approached locally. There is no exploit available.

海蟾蜍是原产于中美洲及南美洲一种热带地区陆生的蟾蜍，有毒腺，蝌蚪对于大部分动物也有剧毒。它们被引入到包括澳大利亚在内的多国去控制害虫，它们的繁殖能力很强，由于没有天敌反而成为了害虫及入侵物种。现在澳大利亚麦考瑞大学的研究人员找到了一种控制方法，海蟾蜍的蝌蚪能吞食同类，研究人员创造出转基因海蟾蜍，让它们永远不会长大，保持在蝌蚪状态去吞食同类。研究人员移除了控制甲状腺激素产生的基因，甲状腺素推动了蝌蚪转变为蟾蜍的过程。基因编辑后的蝌蚪比普通蝌蚪更大，吃的卵是普通蝌蚪的三倍。目前澳大利亚北部有逾 2 亿只海蟾蜍，它们的数量会迅速增加，雌性蟾蜍一次产卵多达 30,000 枚，每年能繁殖两次。如何控制海蟾蜍是一大难题。

Jit has launched its new AI agents to offload specific and tedious tasks from AppSec teams such as creating risk assessments, threat models, and compliance reports; while making it easy to take action on mitigating security risk. As a result, AppSec teams can keep pace with the risks that are being introduced faster than ever due to AI code-generation tools. “With the rise of AI coding assistants accelerating development speed — security teams simply can’t … More →

The post Jit launches AI agents to ease AppSec workload appeared first on Help Net Security.

Traditional security fails with AI systems. Discover Microsoft's RAI Maturity Model and practical steps to advance from Level 1 to Level 5 in AI security governance.

The post What Microsoft Knows About AI Security That Most CISOs Don’t? appeared first on Security Boulevard.

No-code and low-code platforms offer undeniable benefits. But when security is an afterthought, organizations risk deploying vulnerable applications that expose sensitive data and critical systems.

The Cloudflare Vite plugin integrates Vite, one of the most popular build tools for web development, with Workers runtime. Today, we announce the 1.0 release and official support for React Router v7.