Aggregator

While phishing has evolved, email security hasn't kept up. Attackers now bypass MFA & detection tools with advanced phishing kits, making credential theft harder to prevent. Learn how Push Security's browser-based security stops attacks as they happen. [...]

A vulnerability was found in Sonaar MP3 Audio Player for Music, Radio & Podcast Plugin up to 5.5 on WordPress. It has been declared as problematic. Affected by this vulnerability is the function sonaar_audioplayer of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-5664. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Auth0 Login Plugin up to 4.6.0 on WordPress. This affects an unknown part. The manipulation of the argument wle leads to cross site scripting. This vulnerability is uniquely identified as CVE-2023-6813. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Webmin. This issue affects some unknown processing of the component Ajaxterm Module. The manipulation leads to cross-site request forgery. The identification of this vulnerability is CVE-2024-36452. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Webmin and Usermin and classified as problematic. Affected by this vulnerability is an unknown functionality of the file session_login.cgi. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-36453. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Webmin and classified as problematic. Affected by this issue is some unknown functionality of the file sysinfo.cgi. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-36450. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in FULL Plugin up to 3.1.12 on WordPress. Affected is an unknown function of the component Parameter Handler. The manipulation of the argument License Plan leads to cross site scripting. This vulnerability is traded as CVE-2024-6447. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability has been found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0 and classified as problematic. Affected by this vulnerability is the function save_users of the file Users.php. The manipulation leads to cross-site request forgery. This vulnerability is known as CVE-2024-6649. The attack can be launched remotely. Furthermore, there is an exploit available.

GitGuardian’s State of Secrets Sprawl 2025 report shows no progress in combating secrets sprawl, with 23.8 million secrets leaked on public GitHub repositories in 2024—a 25% year-over-year increase. Despite GitHub Push Protection’s efforts, secrets sprawl is accelerating, especially with generic secrets, which made up 58% of all leaked credentials. More troubling, 70% of secrets leaked in 2022 remain active, significantly expanding the attack surface for threat actors. The report makes one thing clear: secrets management … More →

The post Report: The State of Secrets Sprawl 2025 appeared first on Help Net Security.

Vanta announced a series of new features and capabilities to help security and GRC teams seamlessly collaborate across their organization and extended network. These releases—including team-based collaboration and granular user access, an integrated Vanta Exchange for vendor security reviews, enhanced audit capabilities and expanded security questionnaire automation—reduce manual processes and enable companies to manage trust as a team. With 65% of businesses reporting that customers, investors and suppliers increasingly require proof of compliance, maintaining a … More →

The post Vanta strengthens collaboration between security and GRC teams appeared first on Help Net Security.

The question is no longer "Are we compliant?" but "Are we truly resilient?"

A surge in browser-based phishing attacks has been recorded over the past year, with a 140% increase compared to 2023 according to Menlo Security

Через год десятка останется без защиты, а миллионы компьютеров рискуют оказаться в «мусорной корзине»

A vulnerability classified as very critical has been found in JupiterX Theme Plugin up to 3.0.0 on WordPress. This affects the function print_pane. The manipulation leads to file inclusion. This vulnerability is uniquely identified as CVE-2023-32110. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability has been found in JupiterX Core Premium Plugin up to 3.3.5 on WordPress and classified as critical. This vulnerability affects unknown code. The manipulation leads to unrestricted upload. This vulnerability was named CVE-2023-38388. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in rankchecker Rankchecker.io Integration Plugin up to 1.0.9 on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. This vulnerability is handled as CVE-2025-28857. The attack may be launched remotely. There is no exploit available.