Aggregator

ACSC warns over a campaign targeting organizations which uses ClickFix to deliver Vidar infostealer malware

斯特兰蒂斯计划扩大与中国零跑汽车合作特兰蒂斯集团计划扩大与中国零跑汽车的合作，其中包括联合开发一款欧宝品牌的电动车型、转让其西班牙一家工厂的所有权，以及扩大联合采购。斯特兰蒂斯旗下汽车品牌欧宝的CEO

A vulnerability classified as problematic has been found in oleksandrz E2Pdf Plugin up to 1.32.17 on WordPress. Affected is the function e2pdf-download of the component Shortcode Handler. This manipulation of the argument ID causes cross site scripting. This vulnerability appears as CVE-2026-7650. The attack may be initiated remotely. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability described as problematic has been identified in wowdevs Sky Addons Plugin up to 3.3.2 on WordPress. This impacts an unknown function of the component REST API. The manipulation of the argument sky_script_content results in cross site scripting. This vulnerability is reported as CVE-2026-7475. The attack can be launched remotely. No exploit exists. Upgrading the affected component is recommended.

A vulnerability marked as problematic has been reported in mirceatm NMR Strava Activities Plugin up to 1.0.14 on WordPress. This affects the function strava_nmr_connect of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability is documented as CVE-2026-5341. The attack can be initiated remotely. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability labeled as very critical has been found in Remote Spark SparkView 1122. The impacted element is an unknown function. Executing a manipulation can lead to reliance on untrusted inputs in a security decision. This vulnerability is registered as CVE-2026-6213. It is possible to launch the attack remotely. No exploit is available. The affected component should be upgraded.

Hackers who gained access to the databases of Spanish fast-fashion retailer Zara stole data belonging to more than 197,000 customers, according to data breach notification service Have I Been Pwned. [...]

分享另一种提取并解开Windows微信4.0版本主数据库密钥的思路，另一并详解 用于存储聊天图片的 DAT 文件的解密方法。

复旦大学系统软件与安全实验室白泽鉴微团队在 “2026数字中国创新大赛”获得金奖！

Ivanti has released fixes for 5 high-severity vulnerabilities in its Endpoint Manager Mobile (EPMM) solution, one of which (CVE-2026-6973) has being exploited as a zero-day by attackers. “We are aware of a very limited number of customers exploited with CVE-2026-6973,” the company said in a security advisory published on Thursday. About CVE-2026-6973 CVE-2026-6973 is caused by improper input validation and allows remote attackers with administrative privileges to execute arbitrary code on vulnerable instances. “If customers … More →

The post Ivanti EPMM vulnerability exploited in zero-day attacks (CVE-2026-6973) appeared first on Help Net Security.

The dark secret of enterprise security operations is that defenders have quietly institutionalized the practice of not looking. This is not just anecdotal, but rather backed by a recent report investigating more than 25 million security alerts, including informational and low-severity, across live enterprise environments.  The dataset behind these findings includes 10 million monitored

Dirty Frag затрагивает практически весь мир Linux — и исправлений пока нет.

漏洞风险提示

强势围观

Critical Vulnerabilities in Spring Cloud Config Overview: Multiple high-severity vulnerabilities disclosed in Spring Cloud Config, a component for centralized configuration […]

The post Weekly Threat Landscape Digest – Week 19 appeared first on HawkEye.

任天堂成为最新一家因为内存等零部件价格飙升而涨价的游戏机公司。Switch 2 日本版从 ¥49,980 提高到 ¥59,980，Switch（OLED Model）从 ¥37,980 提高到 ¥47,980，Switch 从 ¥32,978 提高到 ¥43,980，Switch Lite 从 ¥21,978 提高到 ¥29,980；美国区 Switch 2 从 $449.99 提高到 $499.99；加拿大从 $629.99 提高到 $679.99；欧洲从 €469.99 提高到 €499.99。Nintendo Switch Online 等服务也进行了涨价。日本涨价的生效日期是 5 月 25 日，美国加拿大和欧洲则是 9 月 1 日。

Google has expanded Play Policy Insights in Android Studio to help developers catch policy issues while coding, including warnings for common problems such as missing login credentials. Later this year, developers who connect their Play developer account directly to Android Studio will receive tailored insights. By leveraging SDK Index, a searchable list of Android SDKs that shows permissions, developer details, and Google Play registration status, they will also receive SDK insights in their workflows to … More →

The post Google is turning Android Studio into a policy watchdog appeared first on Help Net Security.

Исследования оказывают неудобную вещь: физический труд в хаотичной среде автоматизировать сложнее, чем работу с текстами, цифрами и формами.

Взлом Ekubo — небольшой эпизод большой катастрофы в мире DeFi.