Aggregator

A vulnerability, which was classified as critical, was found in Grafana up to 12.0.0. This affects an unknown part of the file /api/org/users/. The manipulation leads to improper access controls. This vulnerability is uniquely identified as CVE-2025-3580. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Stop User Enumeration Plugin up to 1.7.2 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /wp-json/wp/v2/users/ of the component REST API. The manipulation leads to information exposure through discrepancy. This vulnerability is known as CVE-2025-4302. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

美国网络司令部拟增强JCC2系统自身能力和与JCWA的集成

美军各军种纷纷投资部署网电融合战术装备，以针对非IP协议和网络隔离的作战目标

Although there are many positives to new QC technology, we can’t ignore the fact that we’re entering an era of quantum computing that brings some serious cybersecurity threats.

The post Are We Truly Prepared for the Era of Quantum Computing? appeared first on Security Boulevard.

Компания объяснила, почему пользователей остались без интернета 14 июля.

The modern-day threat landscape requires enterprise security teams to think and act beyond traditional cybersecurity measures that are purely passive and reactive, and in most cases, ineffective against emerging threats and sophisticated threat actors. Prioritizing cybersecurity means implementing more proactive, adaptive, and actionable measures that can work together to effectively address the

关键词🔒 一、Coinbase数据泄露余波事件升级泄露规模：确认69,461名用户敏感信息被盗，含住址、证件

关键词漏洞安全研究机构 ERNW 今日披露，Windows Hello for Business（Window

关键词数据泄露🚨 S级信息安全事故 | 薪资明细大规模泄露，行业警钟再响近日，一则微博爆料引爆金融圈，声称某

这些包的总下载量已超过1.7万次

速修复

一图读懂 | GB/T 22080-2025《网络安全技术 信息安全管理体系 要求》

近日，国家数据局综合司公布2025年可信数据空间创新发展试点名单。

近日，Oracle官方发布了多个安全漏洞的公告，其中Oracle产品本身漏洞79个，影响到Oracle产品的其他厂商漏洞131个。

网信部门持续开展“清朗·整治短视频领域恶意营销乱象”专项行动，聚焦人民群众反映强烈的突出问题，指导督促短视频服务平台以及提供短视频功能的平台从深从细全面排查整治，依法依约处置违法违规账号，持续净化短视频内容生态。

A Department of Homeland Security memo confirms Chinese group Salt Typhoon, extensively compromised a US National Guard network for nearly a year, stealing sensitive military and law enforcement data.

Google has released an emergency update for its Chrome browser, addressing six security vulnerabilities—one of which is already being actively exploited in the wild. The flaws affect critical components related to Chrome’s graphics engine...

The post Emergency Chrome Update: Google Patches Actively Exploited Zero-Day Allowing Sandbox Escape appeared first on Penetration Testing Tools.

A vulnerability, which was classified as critical, was found in thinkgem JeeSite up to 5.12.0. This affects an unknown part of the file modules/core/src/main/java/com/jeesite/common/ueditor/ActionEnter.java of the component UEditor Image Grabber. The manipulation of the argument Source leads to server-side request forgery. This vulnerability is uniquely identified as CVE-2025-7759. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as critical, has been found in TOTOLINK T6 up to 4.1.5cu.748_B20211015. Affected by this issue is the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument ip leads to buffer overflow. This vulnerability is handled as CVE-2025-7758. The attack may be launched remotely. Furthermore, there is an exploit available.