Aggregator

A vulnerability was found in Six Apart Movable Type, Movable Type Advanced and Movable Type Premium 8.4 and classified as critical. Impacted is an unknown function. The manipulation results in unrestricted upload. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is known as CVE-2026-23704. It is possible to launch the attack remotely. No exploit is available.

Detectify has launched Internal Scanning, a solution that eliminates the visibility gap between external perimeters and internal environments, allowing security teams to discover and remediate vulnerabilities behind the firewall with the same speed and precision they apply to external assets. Organizations have been considering the internal network as a safe room. Detectify challenges this dangerous courtesy: compromised endpoints and lateral movement have turned internal-facing apps (like staging environments and admin panels) into prime targets. Internal … More →

The post Detectify Internal Scanning finds and fixes vulnerabilities behind the firewall appeared first on Help Net Security.

检测业务是否受到此漏洞影响，请联系长亭应急服务团队！

AI boosts productivity, but weak data governance and shadow AI are expanding the enterprise attack surface.

The post AI is Supercharging Work…and Your Attack Surface appeared first on Security Boulevard.

进入 2026 年，勒索软件仍然是制造业面临的最严峻网络安全威胁之一。

Проект AdBoost на GitHub пытается высмеять современный интернет.

美国零售业巨头沃尔玛市值周二突破 1 万亿美元，跻身科技巨头主导的“万亿美元市值俱乐部”。万亿美元市值俱乐部以英伟达 4.4 万亿美元居首，之后是苹果、微软、亚马逊、Alphabet 和博通，非科技公司包括了 Berkshire Hathaway 和沙特阿美。沃尔玛股价今年以来持续上涨，涨幅超过了标普 500 指数。沃尔玛成立于 1962 年，在全球有近 1.1 万家门店。

Microsoft has warned that information-stealing attacks are "rapidly expanding" beyond Windows to target Apple macOS environments by leveraging cross-platform languages like Python and abusing trusted platforms for distribution at scale. The tech giant's Defender Security Research Team said it observed macOS-targeted infostealer campaigns using social engineering techniques such as ClickFix since

In the rapidly changing landscape of cybersecurity, AI agents present both opportunities and challenges. This article examines the findings from Darktrace’s 2026 State of AI Cybersecurity Report, highlighting the benefits of AI in enhancing security measures while addressing concerns regarding AI-driven threats and the need for responsible governance.

The post Navigating the AI Revolution in Cybersecurity: Risks, Rewards, and Evolving Roles appeared first on Security Boulevard.

First month of the year, and we’re starting it off with updates that support faster decisions and more predictable SOC operations.  In January, we introduced a major workflow enhancement with the new ANY.RUN Sandbox integration with MISP, alongside expanded detection coverage across behavior signatures, YARA rules, and Suricata.  Let’s find out what this means for your team.  Product Updates  January brought another solid round of improvements […]

The post Release Notes: Workflow Improvements, MISP Integration & 2,000+ New Detections  appeared first on ANY.RUN's Cybersecurity Blog.

Кто на самом деле стоит за взломом популярного редактора?

Orion Security has raised $32 million in a Series A round led by Norwest Venture Partners, with participation from IBM and existing investors including PICO Venture Partners, Lama Partners, and others. The round comes less than a year after the company’s Seed financing and brings total funding since inception to $38 million. The funding will enable the company to accelerate development of its proprietary end-to-end architecture and specialized AI agents, while expanding go-to-market operations to … More →

The post Orion Security raises $32 million to build AI-powered data loss prevention solution appeared first on Help Net Security.

致力于第一时间为企业级用户提供权威漏洞情报和有效解决方案。

A vulnerability has been found in Samsung GalaxyDiagnostics up to 3.5.49 and classified as critical. This issue affects some unknown processing. The manipulation leads to improper access controls. This vulnerability is traded as CVE-2026-20987. An attack has to be approached locally. There is no exploit available. The affected component should be upgraded.

A vulnerability, which was classified as critical, was found in Samsung Chinese Samsung Members 15.5.05.4. This vulnerability affects unknown code. Executing a manipulation can lead to path traversal. This vulnerability appears as CVE-2026-20986. The attack requires local access. There is no available exploit. You should upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in WP Content Permission Plugin up to 1.2 on WordPress. This affects an unknown part. Performing a manipulation of the argument ohmem-message results in cross site scripting. This vulnerability is reported as CVE-2026-0743. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability classified as problematic was found in Smart Appointment & Booking Plugin up to 1.0.7 on WordPress. Affected by this issue is the function saab_save_form_data. Such manipulation leads to cross site scripting. This vulnerability is documented as CVE-2026-0742. The attack can be executed remotely. There is not any exploit available.

A vulnerability classified as problematic has been found in Extended Random Number Generator Plugin up to 1.1 on WordPress. Affected by this vulnerability is an unknown functionality of the component Setting Handler. This manipulation causes cross site scripting. This vulnerability is registered as CVE-2026-0681. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability described as critical has been identified in gtlwpdev All push notification for WP Plugin up to 1.5.3 on WordPress. Affected is an unknown function. The manipulation of the argument delete_id results in sql injection. This vulnerability is cataloged as CVE-2026-0816. The attack may be launched remotely. There is no exploit available.