WP3.XYZ malware attacks add rogue admins to 5,000+ WordPress sites
A new malware campaign has compromised more than 5,000 WordPress sites to create admin accounts, install a malicious plugin, and steal…
Hackers exploit KerioControl firewall flaw to steal admin CSRF tokens
Hackers are trying to exploit CVE-2024-52875, a critical CRLF injection vulnerability that leads to 1-click remote code execution (RCE) attacks in…
Four Ways to Harden Your Code Against Security Vulnerabilities and Weaknesses
The specter of security vulnerabilities is a constant concern in today’s digital landscape. They’re the hidden pitfalls that can undermine…
Cross-Site Scripting Is 2024’s Most Dangerous Software Weakness
MITRE and CISA's 2024 list of the 25 most dangerous software weaknesses exposes the need for organizations to continue to…
MITRE shares 2024’s top 25 most dangerous software weaknesses
MITRE has shared this year's top 25 list of the most common and dangerous software weaknesses behind more than 31,000…
18-year-old security flaw in Firefox and Chrome exploited in attacks
A vulnerability disclosed 18 years ago, dubbed "0.0.0.0 Day", allows malicious websites to bypass security in Google Chrome, Mozilla Firefox,…
What’s Bugging the NSA? A Vuln in Its ‘SkillTree’ Training Platform
Even the NSA leaves bugs in its software. In this case, it's the kind of cross-site issue that regularly slips…
Critical GitLab bug lets attackers run pipelines as any user
A critical vulnerability is affecting certain versions of GitLab Community and Enterprise Edition products, which could be exploited to run pipelines…
CISO Corner: Federal Cyber Deadlines Loom; Private Chatbot Danger
Our collection of the most relevant reporting and industry perspectives for those guiding cybersecurity strategies and focused on SecOps. Also…
Flawed AI Tools Create Worries for Private LLMs, Chatbots
Companies are looking to large language models to help their employees glean information from unstructured data, but vulnerabilities could lead…