Aggregator

快速浏览！2025.4.7—4.13安全动态周回顾。

要在使用AWS服务（如KMS、ACM或Secrets Manager）时激活ML-KEM后量子TLS，用户需要更新其客户端sdk并显式启用该功能。

经纬信安欺骗防御解决方案

A threat actor has claimed responsibility for the alleged politically motivated attack and has uploaded the stolen data to a Dark Web forum.

A vulnerability classified as critical was found in Mozilla Firefox up to 123. Affected by this vulnerability is an unknown functionality. The manipulation leads to memory corruption. This vulnerability is known as CVE-2024-2606. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Cegid Meta4 HR 819.001.022. This affects an unknown part of the file /sitetest/english/dumpenv.jsp. The manipulation of the argument lang leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-2633. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability has been found in Cegid Meta4 HR 819.001.022 and classified as problematic. This vulnerability affects unknown code of the file /sse_generico/generico_login.jsp. The manipulation of the argument lang leads to cross site scripting. This vulnerability was named CVE-2024-2634. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Cozmoslabs Passwordless Login Plugin up to 1.1.2 on WordPress and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-29143. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in WebberZone Better Search Plugin up to 3.3.0 on WordPress and classified as problematic. Affected by this issue is some unknown functionality of the component Search Result Handler. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-29142. The attack may be launched remotely. There is no exploit available.

重新回味一下当时做出的，品鉴当时没做出的

A vulnerability was found in PDF Embedder Plugin up to 4.6.4 on WordPress. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-29141. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Coda Unit4 Financials 2024Q1. It has been declared as problematic. This vulnerability affects unknown code. The manipulation of the argument cols leads to cross site scripting. This vulnerability was named CVE-2024-28734. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Themefic Tourfic Plugin up to 2.11.7 on WordPress. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-29137. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in DEV Institute Restrict User Access Plugin up to 2.5 on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-29138. The attack may be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Mark Tilly MyCurator Content Curation Plugin up to 3.76 on WordPress. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-29139. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability has been found in Matt Manning MJM Clinic Plugin up to 1.1.22 on WordPress and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-29140. The attack can be initiated remotely. There is no exploit available.

Иногда чтобы потушить пожар, нужно выбросить все ведра.

A vulnerability has been found in wowjoy 浙江湖州华卓信息科技有限公司 Internet Doctor Workstation System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /v1/pushConfig/detail/. The manipulation leads to improper authorization. This vulnerability is known as CVE-2025-3550. The attack can be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

As AI becomes embedded in daily business workflows, the risk of data exposure increases. Prompt leaks are not rare exceptions. They are a natural outcome of how employees use large language models. CISOs cannot treat this as a secondary concern. To reduce risk, security leaders should focus on policy, visibility, and culture. Set clear rules about what data can and cannot be entered into AI systems. Monitor usage to identify shadow AI before it becomes … More →

The post The quiet data breach hiding in AI workflows appeared first on Help Net Security.

Cell C, one of the biggest telecom providers in South Africa confirms a data breach following a 2024 cyberattack. Cell C is the fourth-largest mobile network operator in South Africa, ,after Vodacom, MTN, and Telkom. The company founded in 2001 offers prepaid and postpaid mobile plans, data bundles and internet services, fiber broadband, roaming and […]