WPGateway plugin, a premium WordPress plugin, has a zero-day vulnerability that is already being aggressively abused in the wild. This gives bad actors the…
Vulnerable WordPress
security vulnerability
A Xalan-J vulnerability could lead to arbitrary code execution
Different SAML implementations make use of open-source initiatives. Researchers caution that a flaw in the Apache project Xalan-J used by numerous SAML implementations leads…
cybersecurity attacks
Systems Using RTLS Are Susceptible To MITM Attacks And Location Manipulation
Multiple UWB RTLS (real-time locating systems) vulnerabilities have been found by security researchers, giving threat actors the ability to conduct man-in-the-middle attacks and modify…
General
Update Zoom For Mac Right Away To Prevent The Root-Access Flaw
It’s time for a manual update if you use Zoom on a Mac. The most recent version to the video conferencing software closes a…
Vulnerabilities
The Issue Of Cloud Isolation Is That Several Cloud Companies Are Impacted By PostgreSQL Flaws
How PostgreSQL-as-a-Service solutions from GCP, Azure, and other providers were found to have numerous connected vulnerabilities. The cloud has an isolation problem Tenant isolation…
attackers
Samba-Critical Vulnerability Let Attackers Gain Remote Code Execution
A Virtual File System of Samba was found to be vulnerable to Remote Code Execution. Versions before 4.13.17 were vulnerable to this vulnerability. Samba…
Vulnerabilities
Many WordPress sites have become vulnerable as PHP RCE vulnerability identified
“PHP Everywhere” plugin for WordPress, which is used by more than 30,000 websites, has three critical remote code execution (RCE) vulnerabilities. PHP Everywhere, a…
Cross site scripting
Zimbra issues hotfix for XSS vulnerability under active exploitation
Attackers have targeted mailboxes in multiple waves across two attack phases. Business email platform Zimbra has released a hotfix for a cross-site scripting (XSS)…
Cybersecurity
SSRF flaws created in multiple apps via Google Drive integration errors
Execution flaws in Google Drive integrations created server-side request forgery (SSRF) vulnerabilities in a mixture of applications, a security researcher has disclosed. This included…
Cybersecurity
Log4j vulnerability targets SolarWinds, ZyXEL devices
SolarWinds and ZyXEL devices are being attacked by cybercriminals who are searching for Log4jShell vulnerability aka log4j vulnerability. The devices are known to contain…