Aggregator

A vulnerability was found in Eclipse KUKSA up to 0.6.0. It has been rated as critical. Impacted is an unknown function of the component Normal Production gRPC API. Performing a manipulation results in missing authentication. This vulnerability is identified as CVE-2026-6272. The attack can be initiated remotely. There is not any exploit available.

A vulnerability was found in Grafana Tempo up to 2.10.x. It has been declared as problematic. This issue affects some unknown processing. Such manipulation leads to allocation of resources. This vulnerability is referenced as CVE-2026-21728. It is possible to launch the attack remotely. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability was found in Taqnix Plugin up to 1.0.3 on WordPress. It has been classified as problematic. This vulnerability affects the function taqnix_delete_my_account. This manipulation causes cross-site request forgery. The identification of this vulnerability is CVE-2026-3565. It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability was found in Liaison Site Prober Plugin up to 1.2.1 on WordPress and classified as problematic. This affects the function permissions_read of the file /wp-json/site-prober/v1/logs of the component REST API Endpoint. The manipulation results in missing authorization. This vulnerability was named CVE-2026-3569. The attack may be performed from remote. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability has been found in ITERAS Plugin up to 1.8.2 on WordPress and classified as problematic. Affected by this issue is the function combine_attributes of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2026-4078. The attack is possible to be carried out remotely. No exploit exists. The affected component should be upgraded.

A vulnerability, which was classified as problematic, was found in hubspotdev HubSpot All-In-One Marketing Plugin up to 11.3.32 on WordPress. Affected by this vulnerability is an unknown functionality of the file leadin/public/admin/class-adminconstants.php. Executing a manipulation can lead to missing authorization. This vulnerability is handled as CVE-2025-11762. The attack can be executed remotely. There is not any exploit available. You should upgrade the affected component.

Overview Recently, NSFOCUS CERT detected that Xinference had suffered supply chain poisoning in its PyPI warehouse. The attacker stole the PyPI release permission credentials of Xinference maintainers and released three consecutive malicious versions implanted with Trojans on April 22, GMT+8. When triggered by the user, it will collect cloud credentials, SSH keys, API tokens, Sensitive […]

The post Xinference PyPI Supply Chain Poisoning Warning appeared first on NSFOCUS.

The post Xinference PyPI Supply Chain Poisoning Warning appeared first on Security Boulevard.

NASA 宣布 Nancy Grace Roman 太空望远镜最早今年九月发射最晚 2027 年 5 月发射。望远镜以 NASA 首任天文学部门女主任的名字命名，它属于红外望远镜，核心任务包括探测暗能量、发现系外行星及验证广义相对论宇宙时空曲率。望远镜使用美国国家侦察局捐赠的 2.4 米口径主镜（当年 NRO 捐赠了两台主镜），配备了两台科学仪器：3 亿像素多波段红外相机大视场仪表（WFI），能直接观测邻近恒星周围的类木行星的日冕仪（CGI）。

Overview On April 15, NSFOCUS CERT detected that Microsoft released the April Security Update patch, fixing 165 security issues involving Windows, Microsoft Office, Microsoft SQL Server, Microsoft Visual Studio, Microsoft .NET Framework, Widely used products such as Azure, including high-risk vulnerability types such as privilege escalation and remote code execution. Among the vulnerabilities fixed by […]

The post Microsoft’s April Security Update of High-Risk Vulnerability Notice for Multiple Products appeared first on NSFOCUS.

The post Microsoft’s April Security Update of High-Risk Vulnerability Notice for Multiple Products appeared first on Security Boulevard.

360AI知识库已率先接入DeepSeek V4！

领跑中国AI安全赛道

Secure-by-Design Principles for UK SMEs: A Practical Guide For many UK SMEs, security still gets treated as something to add once a system is already chosen, configured, or live. That approach can work for a while, but it often creates avoidable cost, friction, and rework. Secure-by-design principles take a different view. They ask a simple […]

The post Secure-by-Design Principles for UK SMEs: A Practical Guide appeared first on Clear Path Security Ltd.

The post Secure-by-Design Principles for UK SMEs: A Practical Guide appeared first on Security Boulevard.

Житель Екатеринбурга прилетел в столицу, чтобы отдать семейные сбережения преступникам.

Malicious npm packages spread via worm-like propagation and steal developer credentials

Jailer is an eBPF-based process jailing system that provides mandatory access control (MAC) for Linux. It tracks processes

The post Locked in eBPF: Meet Jailer, the Next-Gen Process Jailing System for Linux Security appeared first on Penetration Testing Tools.

A newly exposed server has revealed how a threat actor used automated tools, AI assistance, and Telegram bots to silently hack into more than 900 companies around the world. The operation, built around a tool called “Bissa scanner,” targeted internet-facing web applications at a massive scale, harvested sensitive credentials, and sent real-time exploit alerts straight […]

The post Hackers Use Telegram Bots to Track 900+ Successful React2Shell Exploits appeared first on Cyber Security News.

Subtle fluctuations in internet activity can serve as premonitory indicators of severe vulnerabilities long before their public disclosure.

The post The 11-Day Head Start: How “Internet Noise” Predicts the Next Major Zero-Day Breach appeared first on Penetration Testing Tools.

深度求索发布了 DeepSeek-V4 预览版。DeepSeek-V4 有两个版本，其中 Pro 版本有 1.6 万亿参数其中 490 亿活跃参数；Flash 版本有 2840 亿参数其中活跃参数 130 亿。两个版本都支持百万上下文。DeepSeek V4 除了支持英伟达 GPU 还支持华为昇腾 NPU。深度求索称，在 Agentic Coding 评测中，V4-Pro 已达到当前开源模型最佳水平，并在其他 Agent 相关评测中同样表现优异；Pro 在世界知识测评中，大幅领先其他开源模型，仅稍逊于顶尖闭源模型 Gemini-Pro-3.1；在数学、STEM、竞赛型代码的测评中，V4-Pro 超越当前所有已公开评测的开源模型。

The Windows Subsystem for Linux (WSL) has long been synonymous with contemporary iterations of the Windows operating system;

The post Retro Revolution: How One Hacker Brought the Windows Subsystem for Linux to Windows 95 appeared first on Penetration Testing Tools.

A sophisticated destructive malware, designated as Lotus Wiper, has been identified within Venezuela, specifically targeting the energy and

The post Digital Scorched Earth: The “Lotus Wiper” Attack Paralyzing Venezuela’s Energy Grid appeared first on Penetration Testing Tools.