Black Hat Europe 2025: Reputation matters – even in the ransomware economy
Being seen as reliable is good for ‘business’ and ransomware groups care about 'brand reputation' just as much as their victims
Aggregator
Qilin
2 weeks 2 days ago
You must login to view this content
cohenido
Microsoft bounty program now includes any flaw impacting its services
2 weeks 2 days ago
Microsoft now pays security researchers for finding critical vulnerabilities in any of its online services, regardless of whether the code was written by Microsoft or a third party. [...]
Sergiu Gatlan
Malware Discovered in 19 Visual Studio Code Extensions
2 weeks 2 days ago
A new campaign involving 19 malicious Visual Studio Code extensions used a legitimate npm package to embed malware in dependency folders
Blue Cross Blue Shield Patients Alerted to Conduent Data Leak Including Social Security Numbers
2 weeks 2 days ago
Blue Cross Blue Shield Patients Alerted to Conduent Data Leak Including Social Security Numbers
Dark Web Informer
SecWiki News 2025-12-11 Review
2 weeks 2 days ago
Tool: Forensic WACE - A multi-threaded tool for forensic analysis of What’s App chats
2 weeks 2 days ago
SANS Digital Forensics and Incident Response
HDMI Forum 继续阻挠 Linux 上的 HDMI 2.1 实现
2 weeks 2 days ago
因 HDMI 标准授权组织 HDMI Forum 在 2021 年关闭了 HDMI 2.1 规格的公开访问,开源驱动的发布需要征得 HDMI Forum 的批准,2024 年它拒绝了 AMD 发布开源驱动的尝试,阻止了 AMD 的 FreeSync 在 Linux 平台通过 HDMI 连接支持 120 Hz@4K 或 240 Hz@5K 显示。如今 Steam Machine 的开发商 Valve 证实 HDMI Forum 在继续阻挠 Linux 上的 HDMI 2.1 实现。Steam Machine 在理论上支持 HDMI 2.1,但被软件限制为 HDMI 2.0,基本上难以实现超过 60 Hz@4K 的显示。Valve 表示已在 Windows 下验证了 HDMI 2.1 硬件。
Defensie koopt Skyrangers om Nederland te beschermen tegen drones
2 weeks 2 days ago
Defensie schaft nieuwe luchtverdedigingssystemen aan. Het contract voor deze zogeheten Skyrangers is vandaag getekend in Soesterberg. De aankoop geeft Nederland meer mogelijkheden zich in het hoogste geweldspectrum te verdedigen tegen de dreiging van drones.
Hackers reportedly breach developer involved with Russia’s military draft database
2 weeks 2 days ago
A hacking group it had maintained access to the firm's systems for several months and had destroyed parts of the company’s infrastructure.
Notepad++ Vulnerability Let Attackers Hijack Network Traffic to Install Malware via Updates
2 weeks 2 days ago
The popular text editor Notepad++ has addressed a severe security weakness in its update mechanism that could allow attackers to hijack network traffic and push malicious executables to users under the guise of legitimate updates. Security researchers recently observed suspicious traffic patterns involving WinGUp, the built-in updater used by Notepad++. According to their findings, update […]
The post Notepad++ Vulnerability Let Attackers Hijack Network Traffic to Install Malware via Updates appeared first on Cyber Security News.
Guru Baran
«Мягкое выдавливание». В Госдуме допустили блокировку всех сервисов Google
2 weeks 2 days ago
Депутат Свинцов считает Google главной угрозой экономике.
CVE-2025-13966 | Paypal Payment Shortcode Plugin up to 1.01 on WordPress paypal-shortcode buttom_image cross site scripting
2 weeks 2 days ago
A vulnerability labeled as problematic has been found in Paypal Payment Shortcode Plugin up to 1.01 on WordPress. Affected by this vulnerability is the function paypal-shortcode of the component Shortcode Handler. The manipulation of the argument buttom_image results in cross site scripting.
This vulnerability is known as CVE-2025-13966. It is possible to launch the attack remotely. No exploit is available.
vuldb.com
CVE-2025-13884 | Hide Email Address Plugin up to 0.1 on WordPress Shortcode bg-hide-email-address inline_css cross site scripting
2 weeks 2 days ago
A vulnerability identified as problematic has been detected in Hide Email Address Plugin up to 0.1 on WordPress. Affected is the function bg-hide-email-address of the component Shortcode Handler. The manipulation of the argument inline_css leads to cross site scripting.
This vulnerability is traded as CVE-2025-13884. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com
CVE-2025-13960 | GPXpress Plugin up to 1.3 on WordPress Shortcode gpxpress cross site scripting
2 weeks 2 days ago
A vulnerability categorized as problematic has been discovered in GPXpress Plugin up to 1.3 on WordPress. This impacts the function gpxpress of the component Shortcode Handler. Executing manipulation can lead to cross site scripting.
This vulnerability appears as CVE-2025-13960. The attack may be performed from remote. There is no available exploit.
vuldb.com
CVE-2025-14119 | App Landing Template Blocks for WPBakery Visual Composer Page Builder Plugin atvc_video_play cross site scripting
2 weeks 2 days ago
A vulnerability was found in App Landing Template Blocks for WPBakery Visual Composer Page Builder Plugin up to 2.0.2 on WordPress. It has been rated as problematic. This affects the function atvc_video_play. Performing manipulation results in cross site scripting.
This vulnerability is reported as CVE-2025-14119. The attack is possible to be carried out remotely. No exploit exists.
vuldb.com
CVE-2025-13963 | FX Currency Converter Plugin up to 0.2.0 on WordPress Shortcode fxcc_convert cross site scripting
2 weeks 2 days ago
A vulnerability was found in FX Currency Converter Plugin up to 0.2.0 on WordPress. It has been declared as problematic. The impacted element is the function fxcc_convert of the component Shortcode Handler. Such manipulation leads to cross site scripting.
This vulnerability is documented as CVE-2025-13963. The attack can be executed remotely. There is not any exploit available.
vuldb.com
CVE-2025-12650 | Simple Post Listing Plugin up to 0.2 on WordPress Postlist Shortcode class_name cross site scripting
2 weeks 2 days ago
A vulnerability was found in Simple Post Listing Plugin up to 0.2 on WordPress. It has been classified as problematic. The affected element is an unknown function of the component Postlist Shortcode Handler. This manipulation of the argument class_name causes cross site scripting.
This vulnerability is registered as CVE-2025-12650. Remote exploitation of the attack is possible. No exploit is available.
vuldb.com
CVE-2025-13747 | NewStatPress Plugin up to 1.4.3 on WordPress Shortcode nsp_shortcode cross site scripting
2 weeks 2 days ago
A vulnerability was found in NewStatPress Plugin up to 1.4.3 on WordPress and classified as problematic. Impacted is the function nsp_shortcode of the component Shortcode Handler. The manipulation results in cross site scripting.
This vulnerability is cataloged as CVE-2025-13747. The attack may be launched remotely. There is no exploit available.
vuldb.com
CVE-2025-13962 | Divelogs Widget Plugin up to 1.5 on WordPress latestdive cross site scripting
2 weeks 2 days ago
A vulnerability has been found in Divelogs Widget Plugin up to 1.5 on WordPress and classified as problematic. This issue affects the function latestdive. The manipulation leads to cross site scripting.
This vulnerability is listed as CVE-2025-13962. The attack may be initiated remotely. There is no available exploit.
vuldb.com