Aggregator

参宿四，这颗夜空中最亮的红超巨星，终于被发现不再孤单！天文学家利用位于夏威夷的北双子星望远镜，首次直接拍摄到一颗紧贴着它的小伴星，这颗恒星暂时被命名为 Siwarha（阿拉伯语意为「她的手镯」）。新发现的恒星是一颗小而微弱的伴星，绕行参宿四的距离极近。虽然探测极为困难，但它的存在与过去的理论预测吻合，这一发现标志着重大突破。另一方面，这对双星最令人惊讶的是它们的演化步调大相径庭：参宿四已走向生命尽头，而 Siwarha 还未踏上主序星阶段，核心尚未开始氢核融合反应。虽然它们同时诞生，但由于质量差异，进程可说是各走极端。参宿四是夜空中最亮的恒星之一，也是距离地球最近的红超巨星，约 548 光年远，半径约为太阳的 700 倍，质量高达 19 倍。尽管它的年龄仅有一千万年，却已迈入生命晚期，预计在未来 10 万年内以壮观的超新星爆炸结束生命。参宿四与 Siwarha 可能同时诞生，但潮汐力将导致伴星最终被吞噬，科学家推测这场吞噬可能在一万年内发生。Siwarha 甚至可能在参宿四爆炸成超新星时被摧毁。

As Microsoft puts the final patch in place, a growing number of hackers, including several China state-sponsored threat groups, are quickly pushing forward to exploit the security flaws that will allow them compromise on-premises SharePoint servers to steal data and maintain persistence.

The post Microsoft Patches SharePoint Flaws as Hackers Rush to Exploit Them appeared first on Security Boulevard.

Hexagon ETQ’s Java-based quality management system, ETQ Reliance, has several serious flaws, according to a new security research revelation by Assetnote. The software, which facilitates document and form management with integrations like Microsoft Word macros and Jython scripting, has been found susceptible to exploits ranging from reflected cross-site scripting (XSS) to XML External Entity (XXE) […]

The post ETQ Reliance RCE Flaw Grants Full SYSTEM Access with a Single Space appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

As Microsoft continues to update its customer guidance for protecting on-prem SharePoint servers against the latest in-the-wild attacks, more security firms have begun sharing details about the ones they have detected. Most intriguingly, Check Point Research says that they observed the first exploitation attempts on July 7th, with the target being a major Western government. That date not only precedes the publication of the screenshot of the ToolShell exploit chain (CVE-2025-49706 + CVE-2025-49704) in action … More →

The post Microsoft pins on-prem SharePoint attacks on Chinese threat actors appeared first on Help Net Security.

Хотите вернуть Lorem ipsum и sample.xlsx? Гоните выкуп!

A vulnerability has been found in Chaindesk up to 2025-05-26 and classified as problematic. This vulnerability affects unknown code of the component Agent Chat. The manipulation leads to cross site scripting. This vulnerability was named CVE-2025-51859. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in ChatPlayground.ai up to 2025-05-24. This affects an unknown part of the component Chat. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-51858. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Omnishop Plugin up to 1.0.9 on WordPress. Affected by this issue is the function permission_callback of the file /users/delete of the component REST Endpoint. The manipulation leads to cross-site request forgery. This vulnerability is handled as CVE-2025-6214. The attack may be launched remotely. There is no exploit available.

The Cybersecurity and Infrastructure Security Agency (CISA), FBI, Department of Health and Human Services, and Multi-State Information Sharing and Analysis Center have issued an urgent joint advisory warning of escalating attacks by the Interlock ransomware group, which has been targeting businesses and critical infrastructure sectors since late September 2024. The newly emerged Interlock variant represents […]

The post CISA Warns of Interlock Ransomware With Double Extortion Tactics Attacking Windows and Linux Systems appeared first on Cyber Security News.

A vulnerability classified as problematic was found in Fleetwire Fleet Management Plugin up to 1.0.19 on WordPress. Affected by this vulnerability is the function fleetwire_list of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2025-6261. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as critical has been found in Featured Image Plus Plugin up to 1.6.4 on WordPress. Affected is the function fip_get_image_options. The manipulation leads to server-side request forgery. This vulnerability is traded as CVE-2025-5818. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Valuation Calculator Plugin up to 1.3.2 on WordPress. It has been rated as problematic. This issue affects some unknown processing. The manipulation of the argument Link leads to cross site scripting. The identification of this vulnerability is CVE-2025-5753. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in Youtube Vimeo Video Player and Slider WP Plugin up to 3.8 on WordPress. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2025-53563. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Universal Video Player Plugin up to 3.2.1 on WordPress. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-53562. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Revolution Video Player with Bottom Playlist Plugin up to 2.9.2 on WordPress and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2025-53212. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in Universal Video Player Plugin up to 3.2.1 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2025-48170. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in SHOUT Plugin up to 3.5.4 on WordPress. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2025-48163. The attack may be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Multimedia Playlist Slider Addon for WPBakery Page Builder Plugin up to 2.1 on WordPress. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2025-30626. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability classified as problematic was found in HTML5 Radio Player Plugin up to 2.5 on WordPress. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2025-53564. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Simple Link Directory Pro Plugin up to 14.8.0 on WordPress. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-48297. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.