Aggregator

A vulnerability, which was classified as problematic, has been found in Counter Live Visitors for WooCommerce Plugin up to 1.3.6 on WordPress. Affected by this issue is the function wcvisitor_get_block. The manipulation leads to denial of service. This vulnerability is handled as CVE-2025-7359. The attack may be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in WP Event Manager Plugin up to 3.1.50 on WordPress. This affects an unknown part. The manipulation of the argument organizer_name leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-2800. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Brandfolder Plugin up to 5.0.19 on WordPress and classified as problematic. This issue affects some unknown processing. The manipulation of the argument ID leads to cross site scripting. The identification of this vulnerability is CVE-2025-5843. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in Affiliate Reviews Plugin up to 1.0.6 on WordPress. It has been classified as problematic. Affected is an unknown function. The manipulation of the argument numColumns leads to cross site scripting. This vulnerability is traded as CVE-2025-5845. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Avada Fusion Builder Plugin up to 3.12.1 on WordPress. It has been declared as problematic. Affected by this vulnerability is the function fusion_map of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2025-6747. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Master Addons Plugin up to 2.0.8.2 on WordPress. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-5284. It is possible to initiate the attack remotely. There is no exploit available.

A critical security vulnerability has been discovered in Vim, the popular open-source command line text editor used by millions of developers worldwide.  The vulnerability, designated as CVE-2025-53906, affects the zip.vim plugin and enables attackers to overwrite arbitrary files through specially crafted zip archives.  Key Takeaways1. CVE-2025-53906, Vim's zip.vim plugin is vulnerable to path traversal attacks […]

The post Vim Command Line Text Editor Vulnerability Let Attackers Overwrite Sensitive Files appeared first on Cyber Security News.

A cybersecurity researcher has demonstrated how a carefully crafted Gmail message can trigger code execution through Claude Desktop, Anthropic’s AI assistant application, highlighting a new class of vulnerabilities in AI-powered systems that don’t require traditional software flaws. The exploit leverages the Model Context Protocol (MCP), which allows Claude to interact with various applications and services. […]

The post Gmail Message Exploit Triggers Code Execution in Claude, Bypassing Protections appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

作者开发了一个自动化工具来获取Microsoft Rewards积分，并通过设置3秒延迟避免被检测。该工具旨在防止公司剥削员工，并计划进一步改进。

Former US Army soldier Cameron Wagenius pleads guilty to hacking telecom companies and extorting $1 million+ using cybercrime forums like BreachForums and XSS.

Узнайте, как хакеры получают доступ к вашим аккаунтам: брутфорс, фишинг, вредоносное ПО, социальная инженерия и другие техники.

A former US Army soldier pleaded guilty to hacking telecom databases, stealing data, and extorting companies by threatening to release the stolen info. A former Army soldier, Cameron John Wagenius (21) pleaded guilty to conspiring to hack telecom companies’ databases, steal sensitive records, and extort victims by threatening to release stolen data unless ransoms were […]

前美军士兵承认参与电信公司数据库入侵和敲诈计划，窃取敏感数据并威胁公开以获取赎金。嫌疑人使用化名和工具非法访问至少10个组织网络，并通过Telegram和犯罪论坛出售数据，涉及金额超百万美元。最终被捕并面临多年监禁。

Valve 更新了内容发行规则，添加了一条规定，表示支付公司有权决定哪些游戏内容能在 Steam 上发行：“Content that may violate the rules and standards set forth by Steam’s payment processors and related card networks and banks, or internet network providers. In particular, certain kinds of adult only content.”根据 SteamDB 对 Steam 游戏数据库的跟踪，它下架了部分成人游戏，这些下架的游戏与乱伦相关。Valve/Steam 不是第一家因成人内容而受到支付公司如 PayPal 压力的平台，Patreon 也曾面临类似的问题。

The AI gold rush is on. But without identity-first security, every deployment becomes an open door. Most organizations secure native AI like a web app, but it behaves more like a junior employee with root access and no manager. From Hype to High Stakes Generative AI has moved beyond the hype cycle. Enterprises are: Deploying LLM copilots to accelerate software development Automating customer

Эти 8 символов ломают компании быстрее, чем вирусы.

Oracle Corporation released its July 2025 Critical Patch Update, addressing a substantial 309 security vulnerabilities across its extensive product portfolio. This quarterly security release represents one of the most comprehensive patches in recent years, affecting dozens of Oracle’s enterprise software solutions and requiring immediate attention from organizations worldwide. The critical update spans Oracle’s entire technology […]

The post Oracle Issues Critical Update Fixing 309 Vulnerabilities Across Products appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Streamlining your SOC workflows with fresh intelligence is now easier than ever: ANY.RUN introduces free access to Threat Intelligence Lookup.  With it, you can enrich your threat investigations with data on attacks targeting 15,000 companies all over the world. All you need to do to strengthen your defense against them is to register, browse our […]

The post Free. Powerful. Actionable. Make Smarter Security Decisions with Live Attack Data   appeared first on ANY.RUN's Cybersecurity Blog.

A vulnerability was found in Chris Simon Com Abbrev 1.1 and classified as problematic. This issue affects some unknown processing of the file index.php. The manipulation of the argument controller leads to path traversal. The identification of this vulnerability is CVE-2010-0985. The attack may be initiated remotely. Furthermore, there is an exploit available.

日本国立癌症研究中心等研究团队发现了一种可提高“Opdivo（欧狄沃）”等癌症免疫药效果的肠道细菌，并在使用小鼠的实验中证实了效果。“Opdivo”和“Keytruda”等癌症免疫药通过解除免疫细胞的抑制机制，增强其对癌细胞的攻击力。但是有疗效的患者被认为只有 2～3 成左右。日本研究团队首先调查了使用癌症免疫药的 50 名肺癌和胃癌患者的粪便。发现癌症免疫药产生疗效的患者体内“瘤胃球菌科（Ruminococcaceae）”肠道细菌的占比更高。对这种肠道细菌进行详细分析后，发现了此前未知的新型肠道细菌“YB328”。为调查 YB328 的功能和性质，研究团队将癌症免疫药无效的患者的粪便移植给小鼠，并对小鼠使用了癌症免疫药和 YB328，结果发现小鼠的肿瘤缩小。研究表明，YB328 刺激了被认为是免疫系统指挥官的“树突状细胞”，并使其活性化。