XSS Remains as the Most Vulnerability Exploited
Of all the security flaws discovered in the WordPress ecosystem, cross-site scripting (XSS) vulnerabilities accounted for about 53.3% of the total. As of last year,…
Month: April 2024
Pentagon Releases Cybersecurity Strategy To Strengthen DIB
The DoD DIB Cybersecurity Strategy is a three-year plan (FY24-27) to improve cybersecurity for defense contractors that aims to create a secure and resilient information…
MarineMax Data Breach Confirmed In Dual SEC Filings
In March 2024, MarineMax, a prominent yacht retailer in Florida, USA, confirmed a cybersecurity incident. It fell victim to a data breach orchestrated by the…
PandaBuy data breach allegedly impacted +1.3M customers
PandaBuy data breach allegedly impacted over 1.3 million customers Pierluigi Paganini April 02, 2024 Threat actors claimed the hack of the PandaBuy online shopping platform…
Octopus Server Flaw Let Attackers Escalate Privilege
Octopus Server, a popular automation tool for deployment, operations runbooks, and development tasks, has identified a critical security flaw. The vulnerability tracked as CVE-2024-2975 could…
The XZ Backdoor: Everything You Need to Know
On Friday, a lone Microsoft developer rocked the world when he revealed a backdoor had been intentionally planted in XZ Utils, an open source data…
xz-utils Backdoor Affects Kali Linux Installations
A critical vulnerability has been identified in the xz-utils package, versions 5.6.0 to 5.6.1, which harbors a backdoor capable of compromising system security. This vulnerability,…
Google to Delete Billions of Browsing Records in ‘Incognito Mode’ Privacy Lawsuit Settlement
Apr 02, 2024NewsroomBrowser Security / Data Security Google has agreed to purge billions of data records reflecting users’ browsing activities to settle a class action…
Phishing-as-a-Service Platform Launched 20,000 Phishing Domains
The cybersecurity landscape faces a new threat with the emergence of ‘darcula,’ a Phishing-as-a-Service (PhaaS) platform. This sophisticated service enables cybercriminals to launch phishing campaigns…
Veracode Announces Acquisition of Longbow Security
Veracode, a leading provider in the cybersecurity space, has officially announced its acquisition of Longbow Security. This strategic move is poised to revolutionize how organizations…
XZ Utils Backdoor (CVE-2024-3094) Leads To SSH Compromise
A critical vulnerability has been discovered within the XZ Utils library (a command line tool for compressing and decompressing XZ files within Linux distros), marked…
CVE-2023-50969 Vulnerability Threatens SecureSphere Users
A critical security flaw, identified as CVE-2023-50969, has recently been discovered in Imperva SecureSphere, a popular on-premise Web Application Firewall (WAF). This Imperva SecureSphere vulnerability…