0day в WinZip: вирусы теперь проходят без предупреждения
Исправления до сих пор нет! Что делать обычным пользователям?
Aggregator
【动态】重庆信通设计院 助力 第八届关键信息基础设施自主安全创新论坛暨《2024网信自主创新调研报告》发布
9 months 3 weeks ago
2025年4月19日,第八届关键信息基础设施自主安全创新论坛暨《2024网信自主创新调研报告》发布活动在北京隆重举行,重庆信通设计院作为重要贡献单位荣幸出席发布仪式。
在发布仪式上,重庆信通设计院被授予“《2024网信自主创新调研报告》突出贡献单位”荣誉称号。
据悉,本年度调研在思路、流程和呈现形式上都进行了大胆创新,收获了积极成果。编委会在调研和编写过程中共收集220个案例,原始素材105万字,涉及10个重点行业(领域)、28个应用场景、155 个真实案例。这些来自行业和产业一线的数据真实地反映了网信自主创新工作的成果和现实问题。
在4月21日线上成果展示环节,重庆信通设计院软件成本度量专家展示了公司在“信息技术应用创新应用软件适配改造成本度量方法研究”方面的能力以及取得的一些成果。
要想掌握发展主动权,只有自主创新。重庆信通设计院将与业界一道,在充满机遇与挑战的2025年,肩负起网信自主创新的重任,在这条长征路上砥砺前行。
来源:重庆信通设计院天空实验室
网络伍豪
DeepSeek AI Banned on Government Devices Amid National Security Concerns
9 months 3 weeks ago
Discover why Chinese AI DeepSeek is labeled a 'profound threat' to US national security. Stay informed on global bans and cybersecurity measures.
The post DeepSeek AI Banned on Government Devices Amid National Security Concerns appeared first on Security Boulevard.
Devesh Patel
Google DeepMind Unveils Genie 2: Advanced AI for World-Building
9 months 3 weeks ago
Explore Genie 2, an advanced AI model by Google DeepMind, that generates interactive 3D environments for training AI agents. Discover its potential today!
The post Google DeepMind Unveils Genie 2: Advanced AI for World-Building appeared first on Security Boulevard.
Gopal Ghelot
WordPress Ad-Fraud Plugins Trigger Massive 1.4 Billion Daily Ad Requests
9 months 3 weeks ago
Cybersecurity researchers have uncovered a sprawling ad-fraud operation exploiting WordPress plugins to trigger over 1.4 billion fraudulent ad requests every day. Dubbed “Scallywag,” this scheme leverages customizable extensions to monetize digital piracy through a complex web of cashout domains, URL shorteners, and crafty redirections. Monetizing pirated content has always presented challenges for cybercriminals, as mainstream […]
The post WordPress Ad-Fraud Plugins Trigger Massive 1.4 Billion Daily Ad Requests appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Divya
Python 3.14 将支持模板字符串
9 months 3 weeks ago
Python Steering Council 接受了 PEP 750 (Template Strings) ,预计 10 月释出的 Python 3.14 将加入对模板字符串的支持。模板字符串((t-strings)是一种新型的字符串,能生成结构化数据而不是原始字符串,允许 Python 库作者构建自己的自定义模板处理逻辑。Python 自 2015 年起就有 f-strings,t-strings 为开发者提供了更多灵活性。
CVE-2025-3458 | OceanWP Ocean Extra Plugin up to 2.4.6 on WordPress cross site scripting
9 months 3 weeks ago
A vulnerability was found in OceanWP Ocean Extra Plugin up to 2.4.6 on WordPress. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting.
The identification of this vulnerability is CVE-2025-3458. The attack may be initiated remotely. There is no exploit available.
vuldb.com
CVE-2025-3457 | OceanWP Ocean Extra Plugin up to 2.4.6 on WordPress Shortcode oceanwp_icon cross site scripting
9 months 3 weeks ago
A vulnerability was found in OceanWP Ocean Extra Plugin up to 2.4.6 on WordPress. It has been declared as problematic. This vulnerability affects the function oceanwp_icon of the component Shortcode Handler. The manipulation leads to cross site scripting.
This vulnerability was named CVE-2025-3457. The attack can be initiated remotely. There is no exploit available.
vuldb.com
CVE-2024-11299 | Caseproof Memberpress Plugin up to 1.11.37 on WordPress information disclosure
9 months 3 weeks ago
A vulnerability was found in Caseproof Memberpress Plugin up to 1.11.37 on WordPress. It has been classified as problematic. This affects an unknown part. The manipulation leads to information disclosure.
This vulnerability is uniquely identified as CVE-2024-11299. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com
CVE-2025-3472 | OceanWP Ocean Extra Plugin up to 2.4.6 on WordPress Shortcode do_shortcode code injection
9 months 3 weeks ago
A vulnerability was found in OceanWP Ocean Extra Plugin up to 2.4.6 on WordPress and classified as critical. Affected by this issue is the function do_shortcode of the component Shortcode Handler. The manipulation leads to code injection.
This vulnerability is handled as CVE-2025-3472. The attack may be launched remotely. There is no exploit available.
vuldb.com
CVE-2025-26413 | Apache Kvrocks up to 2.11.1 SETRANGE Command offset denial of service
9 months 3 weeks ago
A vulnerability has been found in Apache Kvrocks up to 2.11.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component SETRANGE Command Handler. The manipulation of the argument offset leads to denial of service.
This vulnerability is known as CVE-2025-26413. The attack needs to be approached within the local network. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
Lotus Panda: Антивирус? Спасибо, загрузим вирус с него
9 months 3 weeks ago
Министерства, стройка и новости — что объединяет жертв милого животного?
CVE-2024-58250 | ppp up to 2.5.1 Passprompt Plugin untrusted search path
9 months 3 weeks ago
A vulnerability, which was classified as critical, was found in ppp up to 2.5.1. Affected is an unknown function of the component Passprompt Plugin. The manipulation leads to untrusted search path.
This vulnerability is traded as CVE-2024-58250. The attack needs to be approached locally. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2025-1732 | Zyxel USG FLEX H uOS up to V1.31 Configuration File privileges management
9 months 3 weeks ago
A vulnerability, which was classified as critical, has been found in Zyxel USG FLEX H uOS up to V1.31. This issue affects some unknown processing of the component Configuration File Handler. The manipulation leads to improper privilege management.
The identification of this vulnerability is CVE-2025-1732. It is possible to launch the attack on the local host. There is no exploit available.
vuldb.com
CVE-2024-13569 | Rustaurius Front End Users Plugin up to 3.2.32 on WordPress cross site scripting
9 months 3 weeks ago
A vulnerability classified as problematic was found in Rustaurius Front End Users Plugin up to 3.2.32 on WordPress. This vulnerability affects unknown code. The manipulation leads to cross site scripting.
This vulnerability was named CVE-2024-13569. The attack can be initiated remotely. There is no exploit available.
vuldb.com
CVE-2025-2300 | Hitachi Ops Center Common Services 11.0.3 log file (sec-2025-112)
9 months 3 weeks ago
A vulnerability classified as problematic has been found in Hitachi Ops Center Common Services 11.0.3. This affects an unknown part. The manipulation leads to sensitive information in log files.
This vulnerability is uniquely identified as CVE-2025-2300. Local access is required to approach this attack. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-46899 | Hitachi Ops Center Common Services up to 11.0.0-03 default credentials (sec-2025-111)
9 months 3 weeks ago
A vulnerability was found in Hitachi Ops Center Common Services and Ops Center Analyzer Viewpoint OVF up to 11.0.0-03. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to use of default credentials.
This vulnerability is handled as CVE-2024-46899. The attack may be launched remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
Microsoft Secures MSA Signing with Azure Confidential VMs Following Storm-0558 Breach
9 months 3 weeks ago
Microsoft on Monday announced that it has moved the Microsoft Account (MSA) signing service to Azure confidential virtual machines (VMs) and that it's also in the process of migrating the Entra ID signing service as well.
The disclosure comes about seven months after the tech giant said it completed updates to Microsoft Entra ID and MS for both public and United States government clouds to
The Hacker News
CVE-2025-3577 | Zyxel AMG1302-T10B 2.00(AAJC.16)C0 Web Management Interface path traversal
9 months 3 weeks ago
A vulnerability was found in Zyxel AMG1302-T10B 2.00(AAJC.16)C0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Web Management Interface. The manipulation leads to path traversal. This vulnerability only affects products that are no longer supported by the maintainer.
This vulnerability is known as CVE-2025-3577. The attack can be launched remotely. There is no exploit available.
vuldb.com
Fake Certificate Issued for Alibaba Cloud After SSL.com Validation Trick
9 months 3 weeks ago
A critical vulnerability in SSL.com’s domain validation process allowed unauthorized parties to fraudulently obtain TLS certificates for high-profile domains, including Alibaba Cloud’s aliyun.com, researchers revealed this week. The certificate authority (CA) has since revoked 11 improperly issued certificates, raising concerns about trust in automated validation systems. How Domain Validation Was Exploited According to Mozilla report, SSL.com’s Domain […]
The post Fake Certificate Issued for Alibaba Cloud After SSL.com Validation Trick appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Divya