Aggregator

Скоро он узнает о ней всё, а вы так и не спросите «Как дела?»

Highlights Introduction Starting in January 2025, Check Point Research (CPR) has been tracking a wave of targeted phishing attacks aimed at European governments and diplomats. The Techniques, Tactics and Procedures (TTPs) observed in this campaign align with the WINELOADER campaigns, which were attributed to APT29, a Russia linked threat group. APT29, also commonly referred to as Midnight Blizzard […]

The post Renewed APT29 Phishing Campaign Against European Diplomats appeared first on Check Point Research.

In this ExecBrief, we unpack what economists are getting right (and wrong) about AI and workplace productivity in current times.

The post PinnacleOne ExecBrief | Economists on AI & Workplace Productivity appeared first on SentinelOne.

Why Comprehensive API Discovery Requires Both Domain-Based and Runtime Techniques The API attack surface is growing—and adversaries know it. Moving to the cloud, DevOps, and application modernization all lead to the proliferation of APIs. Resulting shadow APIs, deprecated endpoints, undocumented integrations, and increasing use of AI provide ideal entry points for attackers. Securing APIs starts […]

The post Why Comprehensive API Discovery Requires Both Domain-Based and Runtime Techniques appeared first on Cequence Security.

The post Why Comprehensive API Discovery Requires Both Domain-Based and Runtime Techniques appeared first on Security Boulevard.

ConnectSecure announced its new Google Workspace Assessments. This new capability enhances ConnectSecure’s vulnerability platform by empowering MSPs to assess, detect, and mitigate risks within their clients’ Google Workspace environments. With this addition, ConnectSecure expands its cloud assessment capabilities beyond Microsoft 365, offering broader protection across key collaboration platforms. As cloud adoption accelerates, the need for visibility and control over third-party platforms has never been greater. With the new Google Workspace Assessments, MSPs can now identify … More →

The post ConnectSecure empowers MSPs to mitigate risks within their clients’ Google Workspace environments appeared first on Help Net Security.

If you’ve followed Part 1 and Part 2 of this series, you already know one of the biggest takeaways from our inbox-level research: Credential phishing is consistently one of the most-missed types of attacks.

The post SEGs and Credential Phishing (Part 3) appeared first on Security Boulevard.

A vulnerability, which was classified as problematic, was found in gorilla csrf. Affected is an unknown function of the component Referer Validator. The manipulation leads to cross-site request forgery. This vulnerability is traded as CVE-2025-24358. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

AASF Open Letter for Professor XiaoFeng Wang

AASF Open Letter for Professor XiaoFeng Wang

A vulnerability, which was classified as problematic, has been found in WPJobBoard Plugin up to 5.11.0 on WordPress. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The identification of this vulnerability is CVE-2025-30965. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in EPC Photography Plugin up to 7.5.2 on WordPress. This vulnerability affects unknown code. The manipulation leads to server-side request forgery. This vulnerability was named CVE-2025-30964. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as problematic has been found in FS Poster Plugin up to 6.5.8 on WordPress. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-30962. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Eric-Oliver Mächler DSGVO Youtube Plugin up to 1.5.1 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2025-26982. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Quý Lê 91 Administrator Z Plugin up to 2025.03.24 on WordPress. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to missing authorization. This vulnerability is known as CVE-2025-26959. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in JetBlog Plugin up to 2.4.3 on WordPress. It has been classified as problematic. Affected is an unknown function. The manipulation leads to missing authorization. This vulnerability is traded as CVE-2025-26958. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in WP Royal Royal Elementor Addons Plugin up to 1.7.1006 on WordPress and classified as critical. This issue affects some unknown processing. The manipulation leads to server-side request forgery. The identification of this vulnerability is CVE-2025-26990. The attack may be initiated remotely. There is no exploit available.

——OpenAI高调拥抱竞对的MCP后，突然祭出"漏洞悬赏计划"，向全球抛出百万赏金。

——OpenAI高调拥抱竞对的MCP后，突然祭出"漏洞悬赏计划"，向全球抛出百万赏金。

Zyxel Networks announced its USG FLEX H series firewalls have been upgraded to combine both cloud and on-premises network security into a single seamless solution for small- and medium-sized businesses and managed service providers. Unlike most hybrid firewalls that treat cloud and on-premises security as separate entities, USG FLEX H series firewalls incorporate Smart Sync to provide synchronized security policies, network objects, and high availability settings across multiple devices. The integrated solution streamlines management, enhances … More →

The post Zyxel Networks upgrades USG FLEX H series firewalls appeared first on Help Net Security.

A vulnerability has been found in 1pluginjquery ZooEffect Plugin up to 1.11 on WordPress and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2025-26954. The attack can be initiated remotely. There is no exploit available.