Aggregator

看雪论坛作者ID：htg

多家公司确认，威胁行为者共享的相关数据样本真实有效。

Hackers have long used Word and Excel documents as delivery vehicles for malware, and in 2025, these tricks are far from outdated. From phishing schemes to zero-click exploits, malicious Office files are still one of the easiest ways into a victim’s system. Here are the top three Microsoft Office-based exploits still making the rounds this year and what you need to know to avoid them. 1.

Discover how dynamic benchmarking and CTF exercises can strengthen your security team in our Masterclass webinar, From Theory to Action. Stay ahead of evolving cyber threats!

A vulnerability was found in Post Grid Gutenberg Blocks and Blog Plugin up to 4.1.1 on WordPress. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-5223. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Login Logout Register Menu Plugin up to 2.0 on WordPress. It has been declared as problematic. This vulnerability affects the function llrmloginlogout of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-3726. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Testimonial Carousel for Elementor Plugin up to 10.2.1 on WordPress. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-2253. The attack may be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Mitel MiContact Center Business up to 10.0.0.4. This affects an unknown part of the component Ignite. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-35283. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability classified as problematic has been found in WP To Do Plugin up to 1.3.0 on WordPress. This affects the function wptodo_addcomment. The manipulation leads to cross-site request forgery. This vulnerability is uniquely identified as CVE-2024-3943. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Unlimited Elements for Elementor Plugin up to 1.5.107 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Text Field Handler. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-3190. The attack may be launched remotely. There is no exploit available.

Известная кибершпионская банда впервые применила вирус-вымогатель.

VMware 于 3 月 21 日向特拉华州地方法院起诉西门子美国子公司，指控这家工业巨头盗版了它的软件。VMware 称，自 2012 年 11 月 28 日起它就与西门子签署了 Master Software License and Service Agreement 协议。去年 9 月西门子向 VMware 寄去了一份维护和支持服务采购订单，寻求续订一年支持服务。但 VMware 发现西门子的清单包含了大量没有许可证订购记录的产品。为了避免西门子业务中断以及避免被告，VMware 同意了提供支持服务。诉讼称西门子抵制了 VMware 寻找在其系统上运行脚本以查明该公司运行多少 VMware 软件的尝试。

A vulnerability classified as problematic was found in WP To Do Plugin up to 1.3.0 on WordPress. This vulnerability affects the function wptodo_manage. The manipulation leads to cross-site request forgery. This vulnerability was named CVE-2024-3945. The attack can be initiated remotely. There is no exploit available.

A vulnerability has been found in AffiEasy Plugin up to 1.1.7 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. This vulnerability is known as CVE-2024-4218. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in List Categories Plugin up to 0.4 on WordPress and classified as problematic. Affected by this issue is some unknown functionality of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-4356. The attack may be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in WP To Do Plugin up to 1.3.0 on WordPress. This issue affects the function wptodo_settings. The manipulation leads to cross-site request forgery. The identification of this vulnerability is CVE-2024-3947. The attack may be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in WP To Do Plugin up to 1.3.0 on WordPress. Affected is an unknown function of the component Setting Handler. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-3946. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in WPB Elementor Addons Plugin up to 1.0.9 on WordPress. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-3063. It is possible to initiate the attack remotely. There is no exploit available.