Aggregator
CVE-2026-15287 | rtcamp rtMedia Plugin up to 4.6.18 Query order_by sql injection
CVE-2026-15291 | themeatelier ChatHelp Plugin up to 3.1.3 REST API leads information disclosure
CVE-2026-15288 | brainstormforce SureForms Plugin up to 2.2.1 Payment Intent create_payment_intent/create_subscription_intent input validation
CVE-2026-15286 | stellarwp Kadence Blocks Plugin up to 3.5.32 REST API Endpoint get_items_permission_check improper authorization
15 лет в ядре Linux. Всего одно нажатие отдаёт ваш смартфон под полный контроль злоумышленников
CVE-2026-15282 | tenteeglobal Instant Appointment Plugin up to 1.2 File Upload insapp_upload_image_as_attachment unrestricted upload
Turning software supply chain security into a daily habit
In this Help Net Security video, Anastasia Tikhonova, Global Threat Research Lead at Group-IB, explains how to operationalize software supply chain risk. Instead of filing an SBOM away as a compliance document, she argues teams should use it every day for vulnerability triage, vendor access reviews, identity monitoring, and incident response. Drawing on Group-IB’s High-Tech Crime Trend Report 2026, she shows how supply chain attacks now link phishing, ransomware, and data breaches through inherited trust. … More →
The post Turning software supply chain security into a daily habit appeared first on Help Net Security.
CVE-2026-15285 | posimyththemes Plus Addons for Elementor Plugin up to 6.4.11 Button Widget tp_button.php render custom_attributes cross site scripting
2025年度四川省科学技术奖拟奖项目人选公布(网络空间安全领域)
AWS gives its ERP agent deny-by-default rules and a separate identity
Accounts receivable teams at large companies spend hours each day matching incoming bank payments to invoices by hand. When those payments sit unmatched for days, cash flow suffers and days sales outstanding climbs. The same pattern repeats across blocked invoices, purchase order approval holds, month-end close, and intercompany reconciliations in almost every industry. Built-in ERP automation, including SAP’s three-way match, still leaves plenty of these exceptions for people to sort out. AWS has released a … More →
The post AWS gives its ERP agent deny-by-default rules and a separate identity appeared first on Help Net Security.
ZDI-CAN-31118: Quest
GhostApproval: один клонированный репозиторий — и хакер уже в вашем SSH
反卫星武器和人工智能技术位列朝鲜最新军事愿望清单榜首
Only 28% of financial workforce MFA is phishing-resistant
Passwords remain part of many workforce authentication flows in financial organizations, making phishing and credential theft major identity security risks, according to a new Secret Double Octopus report. Key challenges preventing universal implementation of phishing-resistant MFA (Source: Secret Double Octopus) Workforce authentication trends Banks and financial organizations use a mix of authentication methods, combining phishing-resistant technologies with methods that remain vulnerable to phishing attacks. Password plus OTP remains more common among organizations with up to … More →
The post Only 28% of financial workforce MFA is phishing-resistant appeared first on Help Net Security.