MAL-2025-9671 Malicious code in @wix-platform/velo-multilingual-helper (npm)

The package @wix-platform/velo-multilingual-helper was found to contain malicious code...

Multilingual Source Tracing of Speech Deepfakes: a First Benchmark

Recent progress in generative AI has made it increasingly easy to create natural-sounding deepfake speech from just a few seconds of audio. While these tools support helpful applications, they also raise serious concerns by making it possible to generate convincing fake speech in many languages...

WordPress WPML Multilingual CMS Plugin < 4.6.13 RCE Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wpml:wpml"; if description...

From Cracks to Crooks: YouTube As a Vector for Malware Distribution

With billions of users and an immense volume of daily uploads, YouTube has become an attractive target for cybercriminals aiming to leverage its vast audience. The platform's openness and trustworthiness provide an ideal environment for deceptive campaigns that can operate under the radar of...

FaultLine: Automated Proof-Of-Vulnerability Generation Using LLM Agents

Despite the critical threat posed by software security vulnerabilities, reports are often incomplete, lacking the proof-of-vulnerability PoV tests needed to validate fixes and prevent regressions. These tests are crucial not only for ensuring patches work, but also for helping developers understa...

[SECURITY] Fedora 41 Update: roundcubemail-1.6.11-1.fc41

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

[SECURITY] Fedora 42 Update: roundcubemail-1.6.11-1.fc42

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

TRIDENT -- a Three-Tier Privacy-Preserving Propaganda Detection Model in Mobile Networks Using Transformers, Adversarial Learning, and Differential Privacy

The proliferation of propaganda on mobile platforms raises critical concerns around detection accuracy and user privacy. To address this, we propose TRIDENT - a three-tier propaganda detection model implementing transformers, adversarial learning, and differential privacy which integrates syntact...

Hiding in Plain Sight: Query Obfuscation Via Random Multilingual Searches

Modern search engines extensively personalize results by building detailed user profiles based on query history and behaviour. While personalization can enhance relevance, it introduces privacy risks and can lead to filter bubbles. This paper proposes and evaluates a lightweight, client-side quer...

A Threat Intelligence Event Extraction Conceptual Model for Cyber Threat Intelligence Feeds

In response to the escalating cyber threats, the efficiency of Cyber Threat Intelligence CTI data collection has become paramount in ensuring robust cybersecurity. However, existing works encounter significant challenges in preprocessing large volumes of multilingual threat data, leading to...

Phare: a Safety Probe for Large Language Models

Ensuring the safety of large language models LLMs is critical for responsible deployment, yet existing evaluations often prioritize performance over identifying failure modes. We introduce Phare, a multilingual diagnostic framework to probe and evaluate LLM behavior across three critical...

CVE-2024-44006

Missing Authorization vulnerability in Amir Helzer WooCommerce Multilingual & Multicurrency woocommerce-multilingual.This issue affects WooCommerce Multilingual & Multicurrency: from n/a through = 5.3.6...

CVE-2022-3141

The Translate Multilingual sites WordPress plugin before 2.3.3 is vulnerable to an authenticated SQL injection. By adding a new language via the settings page containing specific special characters, the backticks in the SQL query can be surpassed and a time-based blind payload can be injected...

CVE-2020-10568

The sitepress-multilingual-cms WPML plugin before 4.3.7-b.2 for WordPress has CSRF due to a loose comparison. This leads to remote code execution in includes/class-wp-installer.php via a series of requests that leverage unintended comparisons of integers to strings...

CVE-2019-1010290

Babel: Multilingual site Babel All is affected by: Open Redirection. The impact is: Redirection to any URL, which is supplied to redirect.php in a "newurl" parameter. The component is: redirect.php. The attack vector is: The victim must open a link created by an attacker. Attacker may use any...

CVE-2015-9416

The sitepress-multilingual-cms WPML plugin 2.9.3 to 3.2.6 for WordPress has XSS via the Accept-Language HTTP header...

MAPS: a Multilingual Benchmark for Global Agent Performance and Security

Agentic AI systems, which build on Large Language Models LLMs and interact with tools and memory, have rapidly advanced in capability and scope. Yet, since LLMs have been shown to struggle in multilingual settings, typically resulting in lower performance and reduced safety, agentic systems risk...

BadLingual: a Novel Lingual-Backdoor Attack against Large Language Models

In this paper, we present a new form of backdoor attack against Large Language Models LLMs: lingual-backdoor attacks. The key novelty of lingual-backdoor attacks is that the language itself serves as the trigger to hijack the infected LLMs to generate inflammatory speech. They enable the precise...

WordPress plugin WPML 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripti...

Darcula Phishing Kit Uses AI to Evade Detection, Experts Warn

Darcula phishing platform adds AI to create multilingual scam pages easily. Netcraft warns of rising risks from Darcula-Suite…...