Researchers Uncover Active Exploitation of WordPress Plugin Vulnerabilities

May 30, 2024 at 10:21AM Cybersecurity researchers have warned of high-severity security vulnerabilities in various WordPress plugins, being actively exploited to create rogue administrator accounts for further exploitation. The flaws allow for unauthenticated stored cross-site scripting attacks, enabling threat actors to inject malicious scripts. To mitigate these risks, WordPress site owners should review installed plugins, … Read more

Alert: Ivanti Discloses 2 New Zero-Day Flaws, One Under Active Exploitation

January 31, 2024 at 12:38PM Ivanti has flagged high-severity vulnerabilities in its Connect Secure and Policy Secure products. CVE-2024-21888 allows privilege escalation, while CVE-2024-21893 allows server-side request forgery. Although there’s no evidence of customers being impacted by CVE-2024-21888, CVE-2024-21893’s exploitation is targeted. Ivanti has released fixes and recommends a factory reset before patching. Temporary workarounds … Read more

Dozens of Bugs Patched in Apple TVs and Watches, Macs, iPads, iPhones

December 12, 2023 at 04:17PM Apple released patches for numerous vulnerabilities on Dec. 11, impacting iPhones, Macs, Apple TVs, Apple Watches, and Safari. Notable flaws include an iOS FindMy location privacy issue, unauthenticated access to private browsing tabs, and Apple Watch webkit vulnerabilities. Also, an authentication bypass vulnerability affecting macOS, iOS, Linux, and Android was … Read more