September 18, 2024 at 08:24AM Google released Chrome 129 in the stable channel, addressing nine vulnerabilities, with the most severe being a type confusion bug in the V8 JavaScript engine. The update also resolves medium and low-severity vulnerabilities, with $13,000 in bug bounty payouts. Chrome 129 is now rolling out for Windows, macOS, and Linux, … Read more
September 17, 2024 at 11:57AM C/side, a startup focusing on protecting against malicious browser-side third-party scripts, raised $6M in seed funding. It has raised a total of $7.7M. The new investment round included Uncork Capital, Mantis VC, PrimeSet, Roar Ventures, and Scribble Ventures. They aim to help businesses monitor, optimize, and secure third-party scripts using … Read more
September 16, 2024 at 08:21AM Rapidly evolving PCI DSS landscape with v4.0 introduces rigorous requirements, particularly sections 6.4.3 and 11.6.1, necessitating strict monitoring and management of payment page scripts. Reflectiz offers a dedicated PCI dashboard with real-time, remote visibility, script-level monitoring, and a smart approval mechanism, ensuring efficient compliance and reduced risks. Access a 30-day … Read more
September 13, 2024 at 01:11PM Hackers are focusing on Oracle WebLogic servers to inject them with a new Linux malware called “Hadooken.” This malware initiates a cryptominer and a tool for distributed denial-of-service (DDoS) attacks. Based on the meeting notes, it is evident that there is a significant security concern related to hackers targeting Oracle … Read more
September 12, 2024 at 01:12AM WordPress.org is set to make two-factor authentication mandatory for accounts with the ability to update plugins and themes, aiming to enhance security and prevent unauthorized access. In addition to 2FA, the platform is introducing SVN passwords to further secure code commit access. These measures are a response to ongoing security … Read more
September 5, 2024 at 02:03PM A critical vulnerability was found in LiteSpeed Cache, a popular caching plugin for over 6 million WordPress sites. This flaw could impact user browsing speed. Based on the meeting notes, it appears that a critical severity vulnerability has been found in LiteSpeed Cache, a caching plugin used in over 6 … Read more
September 3, 2024 at 04:51AM Two Chrome browser updates, 128.0.6613.113/.114 and 128.0.6613.119/.120, addressed eight vulnerabilities last week. Four high-severity memory safety flaws, including issues in the V8 JavaScript engine, were resolved. The security patches also covered a heap buffer overflow in Skia. Google urges prompt updates, but no evidence of exploitation in the wild has … Read more
August 22, 2024 at 02:51PM New security fixes are being rolled out for Chrome to address a high-severity type confusion bug, identified as CVE-2024-7971, in the V8 JavaScript engine. Google reported the presence of an exploit for this vulnerability. The updated version 128 of Chrome will address 38 vulnerabilities, including CVE-2024-7971, and is expected to … Read more
August 21, 2024 at 01:27PM A critical vulnerability in the LiteSpeed Cache WordPress plugin allows attackers to create rogue admin accounts, potentially compromising millions of websites. Based on the meeting notes, it appears that a critical vulnerability has been identified in the LiteSpeed Cache WordPress plugin, which could potentially allow attackers to take over millions … Read more
July 31, 2024 at 10:23AM Three cross-site scripting (XSS) vulnerabilities (CVE-2024-37394, CVE-2024-37395, and CVE-2024-37396) were found in REDCap, a web app used by researchers. These vulnerabilities could allow attackers to execute malicious JavaScript code, potentially compromising sensitive data. Updating to REDCap version 14.2.1 or later is recommended to mitigate these flaws. Based on the meeting … Read more