XSS flaw in WordPress WP-Members Plugin can lead to script injection
A cross-site scripting vulnerability (XXS) in the WordPress WP-Members Membership plugin can lead to malicious script injection. Researchers from Defiant’s…
Security
Understanding Brute Force Attacks: The Persistent Threat in Cybersecurity
Brute force attacks illustrate how persistence can pay off. Unfortunately, in this context, it’s for bad actors. Let’s dive into…
Binarly released the free online scanner to detect the CVE-2024-3094 Backdoor
Researchers from the firmware security firm Binarly released a free online scanner to detect the CVE-2024-3094 Backdoor Last week, Microsoft…
xz Utils Backdoor
The cybersecurity world got really lucky last week. An intentionally placed backdoor in xz Utils, an open-source compression utility, was…
Declassified NSA Newsletters
Through a 2010 FOIA request (yes, it took that long), we have copies of the NSA’s KRYPTOS Society Newsletter, “Tales…
Google agreed to erase billions of browser records to settle a class action lawsuit
Google is going to delete data records related to the ‘Incognito Mode’ browsing activity to settle a class action lawsuit.…
PandaBuy data breach allegedly impacted over 1.3 million customers
Threat actors claimed the hack of the PandaBuy online shopping platform and leaked data belonging to more than 1.3 million…
OWASP discloses a data breach
The OWASP Foundation disclosed a data breach that impacted some members due to a misconfiguration of an old Wiki web…
New Vultur malware version includes enhanced remote control and evasion capabilities
Researchers detected a new version of the Vultur banking trojan for Android with enhanced remote control and evasion capabilities. Researchers…
Magic Security Dust
Adam Shostack is selling magic security dust. It’s about time someone is commercializing this essential technology.