October 15, 2024 at 01:00AM Jetpack has released a security update to fix a critical vulnerability allowing logged-in users to access submitted forms on WordPress sites. The flaw, identified in an internal audit, affects versions since 2016. Jetpack collaborated with WordPress.org to ensure automatic updates. Meanwhile, WP Engine disputes WordPress’s control over its plugins. ### … Read more
October 7, 2024 at 05:36PM American Water, a major water provider in the US, has suspended billing and taken its MyWater app offline due to a cybersecurity breach. The company is conducting an investigation, cooperating with law enforcement and outside security investigators. It assures customers of safeguards for their data and minimal impact on water … Read more
August 1, 2024 at 08:06AM A security audit sponsored by the Open Tech Fund in August 2023 found 25 security defects in Homebrew, a popular package manager for macOS and Linux. The vulnerabilities allowed for code execution, privilege escalation, and secrets exfiltration. Trail of Bits notes the lack of explicit security documentation and the informal … Read more
October 12, 2023 at 08:26PM 35 vulnerabilities in the Squid caching proxy remain unfixed after more than two years, according to the person who reported them. The researcher found 55 flaws in Squid’s source code, but only 20 have been fixed. The remaining vulnerabilities do not have patches or workarounds, and some have not been … Read more