Aggregator

A vulnerability was found in Filter & Grids Plugin up to 3.2.0 on WordPress. It has been declared as critical. This affects an unknown part. Such manipulation of the argument phrase leads to sql injection. This vulnerability is uniquely identified as CVE-2025-10289. The attack can be launched remotely. No exploit exists.

A vulnerability was found in a3 Lazy Load Plugin up to 2.7.5 on WordPress. It has been classified as problematic. Affected by this issue is some unknown functionality. This manipulation causes cross site scripting. This vulnerability is handled as CVE-2025-9873. The attack can be initiated remotely. There is not any exploit available.

A vulnerability was found in Colibri Page Builder Plugin up to 1.0.335 on WordPress and classified as problematic. Affected by this vulnerability is the function colibri_loop. The manipulation results in cross site scripting. This vulnerability is known as CVE-2025-11376. It is possible to launch the attack remotely. No exploit is available.

In a nod to the evolving threat landscape that comes with cloud computing and AI and the growing supply chain threats, Microsoft is broadening its bug bounty program to reward researchers who uncover threats to its users that come from third-party code, like commercial and open source software,

The post Microsoft Expands its Bug Bounty Program to Include Third-Party Code appeared first on Security Boulevard.

Israeli cybersecurity firms raised $4.4B in 2025 as funding rounds jumped 46%. Record seed and Series A activity signals a maturing, globally dominant cyber ecosystem.

The post Funding of Israeli Cybersecurity Soars to Record Levels  appeared first on Security Boulevard.

A vulnerability has been found in Emplibot Plugin up to 1.0.9 on WordPress and classified as critical. Affected is the function emplibot_call_webhook_with_error. The manipulation leads to server-side request forgery. This vulnerability is traded as CVE-2025-11970. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in YITH WooCommerce Quick View Plugin up to 2.7.0 on WordPress. This impacts the function yith_quick_view of the component Shortcode Handler. Executing manipulation can lead to cross site scripting. This vulnerability appears as CVE-2025-8617. The attack may be performed from remote. There is no available exploit.

A vulnerability, which was classified as critical, has been found in URL Shortener Plugin Plugin up to 3.0.7 on WordPress. This affects an unknown function. Performing manipulation of the argument analytic_id results in sql injection. This vulnerability is reported as CVE-2025-10738. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability classified as problematic was found in myCred Plugin up to 2.9.7 on WordPress. The impacted element is the function cashcred_pay_now. Such manipulation leads to missing authorization. This vulnerability is documented as CVE-2025-12362. The attack can be executed remotely. There is not any exploit available.

A vulnerability classified as problematic has been found in Devs CRM Plugin up to 1.1.8 on WordPress. The affected element is an unknown function of the file /wp-json/devs-crm/v1/bulk-update of the component API Endpoint. This manipulation causes missing authorization. This vulnerability is registered as CVE-2025-13093. Remote exploitation of the attack is possible. No exploit is available.

The Pierce County Library System published breach notifications this week on its website and with regulators in several states, detailing an incident first discovered in April.

Cybersecurity researchers are calling attention to a new campaign that's leveraging GitHub-hosted Python repositories to distribute a previously undocumented JavaScript-based Remote Access Trojan (RAT) dubbed PyStoreRAT. "These repositories, often themed as development utilities or OSINT tools, contain only a few lines of code responsible for silently downloading a remote HTA file and executing

At this week's Black Hat Europe conference, two researchers urged developers to adopt a shared responsibility model for open source software and not leave it all up to GitHub to handle.

A data breach at Coupang that exposed the information of 33.7 million customers has been tied to a former employee who retained access to internal systems after leaving the company. [...]