Aggregator

A vulnerability, which was classified as problematic, was found in hubspotdev HubSpot All-In-One Marketing Plugin up to 11.3.32 on WordPress. Affected by this vulnerability is an unknown functionality of the file leadin/public/admin/class-adminconstants.php. Executing a manipulation can lead to missing authorization. This vulnerability is handled as CVE-2025-11762. The attack can be executed remotely. There is not any exploit available. You should upgrade the affected component.

Overview Recently, NSFOCUS CERT detected that Xinference had suffered supply chain poisoning in its PyPI warehouse. The attacker stole the PyPI release permission credentials of Xinference maintainers and released three consecutive malicious versions implanted with Trojans on April 22, GMT+8. When triggered by the user, it will collect cloud credentials, SSH keys, API tokens, Sensitive […]

The post Xinference PyPI Supply Chain Poisoning Warning appeared first on NSFOCUS.

The post Xinference PyPI Supply Chain Poisoning Warning appeared first on Security Boulevard.

NASA 宣布 Nancy Grace Roman 太空望远镜最早今年九月发射最晚 2027 年 5 月发射。望远镜以 NASA 首任天文学部门女主任的名字命名，它属于红外望远镜，核心任务包括探测暗能量、发现系外行星及验证广义相对论宇宙时空曲率。望远镜使用美国国家侦察局捐赠的 2.4 米口径主镜（当年 NRO 捐赠了两台主镜），配备了两台科学仪器：3 亿像素多波段红外相机大视场仪表（WFI），能直接观测邻近恒星周围的类木行星的日冕仪（CGI）。

Overview On April 15, NSFOCUS CERT detected that Microsoft released the April Security Update patch, fixing 165 security issues involving Windows, Microsoft Office, Microsoft SQL Server, Microsoft Visual Studio, Microsoft .NET Framework, Widely used products such as Azure, including high-risk vulnerability types such as privilege escalation and remote code execution. Among the vulnerabilities fixed by […]

The post Microsoft’s April Security Update of High-Risk Vulnerability Notice for Multiple Products appeared first on NSFOCUS.

The post Microsoft’s April Security Update of High-Risk Vulnerability Notice for Multiple Products appeared first on Security Boulevard.

360AI知识库已率先接入DeepSeek V4！

领跑中国AI安全赛道

Secure-by-Design Principles for UK SMEs: A Practical Guide For many UK SMEs, security still gets treated as something to add once a system is already chosen, configured, or live. That approach can work for a while, but it often creates avoidable cost, friction, and rework. Secure-by-design principles take a different view. They ask a simple […]

The post Secure-by-Design Principles for UK SMEs: A Practical Guide appeared first on Clear Path Security Ltd.

The post Secure-by-Design Principles for UK SMEs: A Practical Guide appeared first on Security Boulevard.

Житель Екатеринбурга прилетел в столицу, чтобы отдать семейные сбережения преступникам.

Malicious npm packages spread via worm-like propagation and steal developer credentials

Jailer is an eBPF-based process jailing system that provides mandatory access control (MAC) for Linux. It tracks processes

The post Locked in eBPF: Meet Jailer, the Next-Gen Process Jailing System for Linux Security appeared first on Penetration Testing Tools.

A newly exposed server has revealed how a threat actor used automated tools, AI assistance, and Telegram bots to silently hack into more than 900 companies around the world. The operation, built around a tool called “Bissa scanner,” targeted internet-facing web applications at a massive scale, harvested sensitive credentials, and sent real-time exploit alerts straight […]

The post Hackers Use Telegram Bots to Track 900+ Successful React2Shell Exploits appeared first on Cyber Security News.

Subtle fluctuations in internet activity can serve as premonitory indicators of severe vulnerabilities long before their public disclosure.

The post The 11-Day Head Start: How “Internet Noise” Predicts the Next Major Zero-Day Breach appeared first on Penetration Testing Tools.

深度求索发布了 DeepSeek-V4 预览版。DeepSeek-V4 有两个版本，其中 Pro 版本有 1.6 万亿参数其中 490 亿活跃参数；Flash 版本有 2840 亿参数其中活跃参数 130 亿。两个版本都支持百万上下文。DeepSeek V4 除了支持英伟达 GPU 还支持华为昇腾 NPU。深度求索称，在 Agentic Coding 评测中，V4-Pro 已达到当前开源模型最佳水平，并在其他 Agent 相关评测中同样表现优异；Pro 在世界知识测评中，大幅领先其他开源模型，仅稍逊于顶尖闭源模型 Gemini-Pro-3.1；在数学、STEM、竞赛型代码的测评中，V4-Pro 超越当前所有已公开评测的开源模型。

The Windows Subsystem for Linux (WSL) has long been synonymous with contemporary iterations of the Windows operating system;

The post Retro Revolution: How One Hacker Brought the Windows Subsystem for Linux to Windows 95 appeared first on Penetration Testing Tools.

A sophisticated destructive malware, designated as Lotus Wiper, has been identified within Venezuela, specifically targeting the energy and

The post Digital Scorched Earth: The “Lotus Wiper” Attack Paralyzing Venezuela’s Energy Grid appeared first on Penetration Testing Tools.

Inexperienced North Korean cyber operatives have successfully exfiltrated millions of dollars in cryptocurrency over a span of several

The post The AI Multiplier: How North Korea’s “HexagonalRodent” Turned ChatGPT into a $12M Crypto Heist appeared first on Penetration Testing Tools.

While Iran remains sequestered from the global digital commons, a distinct narrative is gaining momentum within its borders:

The post Digital Siege: The “Midnight Hammer” and Iran’s 52-Day Descent into Absolute Isolation appeared first on Penetration Testing Tools.

Linux distributions have spent the past few years absorbing GPU vendor toolchains, Rust-based system components, and more stringent encryption defaults. Ubuntu 26.04 LTS, codenamed Resolute Raccoon, pulls most of those threads together into a single release that will receive standard security support until April 2031. Rust moves into the system layer One of the more consequential changes in this release is the expansion of memory-safe components at the OS level. Ubuntu 26.04 LTS ships with … More →

The post Ubuntu 26.04 LTS delivers memory-safe system tools and live patching for Arm servers appeared first on Help Net Security.

Routers that have long been decommissioned from official support have suddenly become the epicenter of a resurgent wave

The post Ancient D-Link Routers Hijacked by New “Tuxnokill” Mirai Botnet appeared first on Penetration Testing Tools.

Apple has expeditiously addressed a critical vulnerability within the iPhone and iPad architecture, wherein notifications designated for deletion

The post Apple Issues Emergency Fix for iPhone Notification “Leaks” Exploited by Forensics appeared first on Penetration Testing Tools.