The Internet’s Most Tempting Targets
What attracts the attackers? David “moose” Wolpoff, CTO at Randori, discusses how to evaluate your infrastructure…
Vulnerabilities
20K WordPress Sites Exposed by Insecure Plugin REST-API
The WordPress WP HTML Mail plugin for personalized emails is vulnerable to code injection and phishing…
McAfee Bug Can Be Exploited to Gain Windows SYSTEM Privileges
McAfee has patched two high-severity bugs in its Agent component, one of which can allow attackers…
Critical Cisco StarOS Bug Grants Root Access via Debug Mode
Cisco issued a critical fix for a flaw in its Cisco RCM for Cisco StarOS Software…
Microsoft: Attackers Tried to Login to SolarWinds Serv-U Via Log4j Bug
UPDATE: SolarWinds has fixed a Serv-U bug discovered when attackers used the Log4j flaw to try…
Pervasive Apple Safari Bug Exposes Web-Browsing Data, Google IDs
The information-disclosure issue, affecting Macs, iPhones and iPads, allows a snooping website to find out information…
All in One SEO Plugin Bug Threatens 3M Websites with Takeovers
A critical privilege-escalation vulnerability could lead to backdoors for admin access nesting in web servers. A…
Critical Apache HTTPD Server Bugs Could Lead to RCE, DoS
Don’t freak: It’s got nothing to do with Log4Shell, except it may be just as far-reaching…
Four Bugs in Microsoft Teams Left Platform Vulnerable Since March
Attackers exploiting bugs in the “link preview” feature in Microsoft Teams could abuse the flaws to…
Java Code Repository Riddled with Hidden Log4j Bugs; Here’s Where to Look
There are 17,000 unpatched Log4j packages in the Maven Central ecosystem, leaving massive supply-chain risk on…