Federal agencies now only have one more day to patch React2Shell bug
Wide exploitation of the vulnerability known as React2Shell has prompted CISA to reduce the amount of time federal agencies have to patch the bug.
Aggregator
Akira
1 month ago
You must login to view this content
cohenido
Rhysida
1 month ago
You must login to view this content
cohenido
Black Hat Europe 2025: Reputation matters – even in the ransomware economy
1 month ago
Being seen as reliable is good for ‘business’ and ransomware groups care about 'brand reputation' just as much as their victims
Qilin
1 month ago
You must login to view this content
cohenido
Microsoft bounty program now includes any flaw impacting its services
1 month ago
Microsoft now pays security researchers for finding critical vulnerabilities in any of its online services, regardless of whether the code was written by Microsoft or a third party. [...]
Sergiu Gatlan
Malware Discovered in 19 Visual Studio Code Extensions
1 month ago
A new campaign involving 19 malicious Visual Studio Code extensions used a legitimate npm package to embed malware in dependency folders
Blue Cross Blue Shield Patients Alerted to Conduent Data Leak Including Social Security Numbers
1 month ago
Blue Cross Blue Shield Patients Alerted to Conduent Data Leak Including Social Security Numbers
Dark Web Informer
SecWiki News 2025-12-11 Review
1 month ago
Tool: Forensic WACE - A multi-threaded tool for forensic analysis of What’s App chats
1 month ago
SANS Digital Forensics and Incident Response
HDMI Forum 继续阻挠 Linux 上的 HDMI 2.1 实现
1 month ago
因 HDMI 标准授权组织 HDMI Forum 在 2021 年关闭了 HDMI 2.1 规格的公开访问,开源驱动的发布需要征得 HDMI Forum 的批准,2024 年它拒绝了 AMD 发布开源驱动的尝试,阻止了 AMD 的 FreeSync 在 Linux 平台通过 HDMI 连接支持 120 Hz@4K 或 240 Hz@5K 显示。如今 Steam Machine 的开发商 Valve 证实 HDMI Forum 在继续阻挠 Linux 上的 HDMI 2.1 实现。Steam Machine 在理论上支持 HDMI 2.1,但被软件限制为 HDMI 2.0,基本上难以实现超过 60 Hz@4K 的显示。Valve 表示已在 Windows 下验证了 HDMI 2.1 硬件。
Defensie koopt Skyrangers om Nederland te beschermen tegen drones
1 month ago
Defensie schaft nieuwe luchtverdedigingssystemen aan. Het contract voor deze zogeheten Skyrangers is vandaag getekend in Soesterberg. De aankoop geeft Nederland meer mogelijkheden zich in het hoogste geweldspectrum te verdedigen tegen de dreiging van drones.
Hackers reportedly breach developer involved with Russia’s military draft database
1 month ago
A hacking group it had maintained access to the firm's systems for several months and had destroyed parts of the company’s infrastructure.
Notepad++ Vulnerability Let Attackers Hijack Network Traffic to Install Malware via Updates
1 month ago
The popular text editor Notepad++ has addressed a severe security weakness in its update mechanism that could allow attackers to hijack network traffic and push malicious executables to users under the guise of legitimate updates. Security researchers recently observed suspicious traffic patterns involving WinGUp, the built-in updater used by Notepad++. According to their findings, update […]
The post Notepad++ Vulnerability Let Attackers Hijack Network Traffic to Install Malware via Updates appeared first on Cyber Security News.
Guru Baran
«Мягкое выдавливание». В Госдуме допустили блокировку всех сервисов Google
1 month ago
Депутат Свинцов считает Google главной угрозой экономике.
CVE-2025-13966 | Paypal Payment Shortcode Plugin up to 1.01 on WordPress paypal-shortcode buttom_image cross site scripting
1 month ago
A vulnerability labeled as problematic has been found in Paypal Payment Shortcode Plugin up to 1.01 on WordPress. Affected by this vulnerability is the function paypal-shortcode of the component Shortcode Handler. The manipulation of the argument buttom_image results in cross site scripting.
This vulnerability is known as CVE-2025-13966. It is possible to launch the attack remotely. No exploit is available.
vuldb.com
CVE-2025-13884 | Hide Email Address Plugin up to 0.1 on WordPress Shortcode bg-hide-email-address inline_css cross site scripting
1 month ago
A vulnerability identified as problematic has been detected in Hide Email Address Plugin up to 0.1 on WordPress. Affected is the function bg-hide-email-address of the component Shortcode Handler. The manipulation of the argument inline_css leads to cross site scripting.
This vulnerability is traded as CVE-2025-13884. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com
CVE-2025-13960 | GPXpress Plugin up to 1.3 on WordPress Shortcode gpxpress cross site scripting
1 month ago
A vulnerability categorized as problematic has been discovered in GPXpress Plugin up to 1.3 on WordPress. This impacts the function gpxpress of the component Shortcode Handler. Executing manipulation can lead to cross site scripting.
This vulnerability appears as CVE-2025-13960. The attack may be performed from remote. There is no available exploit.
vuldb.com
CVE-2025-14119 | App Landing Template Blocks for WPBakery Visual Composer Page Builder Plugin atvc_video_play cross site scripting
1 month ago
A vulnerability was found in App Landing Template Blocks for WPBakery Visual Composer Page Builder Plugin up to 2.0.2 on WordPress. It has been rated as problematic. This affects the function atvc_video_play. Performing manipulation results in cross site scripting.
This vulnerability is reported as CVE-2025-14119. The attack is possible to be carried out remotely. No exploit exists.
vuldb.com
CVE-2025-13963 | FX Currency Converter Plugin up to 0.2.0 on WordPress Shortcode fxcc_convert cross site scripting
1 month ago
A vulnerability was found in FX Currency Converter Plugin up to 0.2.0 on WordPress. It has been declared as problematic. The impacted element is the function fxcc_convert of the component Shortcode Handler. Such manipulation leads to cross site scripting.
This vulnerability is documented as CVE-2025-13963. The attack can be executed remotely. There is not any exploit available.
vuldb.com