WordPress.org denies service to WP Engine, potentially putting sites at risk

September 25, 2024 at 09:48PM WordPress has blocked WP Engine’s servers from accessing WordPress.org resources, including software updates. This action could prevent WP Engine users from updating plugins, leading to potential security issues. WordPress co-founder Matt Mullenweg has accused WP Engine of profiting from WordPress without contributing to its development, leading to a conflict between … Read more

Over 100 Malicious AI/ML Models Found on Hugging Face Platform

March 4, 2024 at 04:54AM Security researchers have discovered around 100 malicious AI/ML models on the Hugging Face platform. These models pose a significant security threat, potentially allowing attackers to gain control over machines, leading to data breaches and corporate espionage. Furthermore, researchers have developed techniques to manipulate large-language models (LLMs) for harmful purposes, demonstrating … Read more

Critical bug in ownCloud file sharing app exposes admin passwords

November 24, 2023 at 01:20PM Open-source file sharing software ownCloud has issued warnings about three critical security vulnerabilities. The first flaw exposes administrator passwords and mail server credentials. The second flaw allows unauthorized access to files without authentication. The third flaw bypasses subdomain validation in the OAuth2 library. Users are advised to apply recommended fixes … Read more

FBI, CISA Warn of Rising AvosLocker Ransomware Attacks Against Critical Infrastructure

October 13, 2023 at 07:06AM AvosLocker ransomware gang has been linked to recent attacks on critical infrastructure sectors in the U.S. The gang uses legitimate software and open-source remote administration tools to compromise networks and exfiltrate data. AvosLocker leverages sophisticated techniques to avoid detection and affects Windows, Linux, and VMware environments. The attacks rely on … Read more

Curl Bug Hype Fizzles After Patching Reveal

October 11, 2023 at 04:24PM The cybersecurity community anxiously awaited the disclosure of two security flaws in the open source proxy resolution tool, Curl. However, after patches and bug details were unveiled, neither vulnerability lived up to the hype. The first flaw could allow data corruption or remote code execution, but it only affects a … Read more

New One-Click Exploit Is a Supply Chain Risk for Linux OSes

October 10, 2023 at 04:47PM Researchers have discovered a vulnerability in a library used by the GNOME desktop environment for Linux systems. Exploiting the vulnerability through a malicious link could allow attackers to take over machines. The issue lies in a dependency called “libcue” used by a default GNOME application called “tracker-miners.” The researchers have … Read more