Popular WordPress Security Plugin Caught Logging Plaintext Passwords
The All-In-One Security (AIOS) WordPress plugin was found to be logging plaintext passwords from login attempts. Installed on more than one million WordPress sites, the…
Category: SecurityWeek
3 Tax Prep Firms Shared ‘Extraordinarily Sensitive’ Data About Taxpayers With Meta, Lawmakers Say
Three large tax preparation firms sent “extraordinarily sensitive” information on tens of millions of taxpayers to Facebook parent company Meta over the course of at…
Juniper Networks Patches High-Severity Vulnerabilities in Junos OS
Networking appliances maker Juniper Networks on Wednesday announced software updates that patch multiple high-severity vulnerabilities in Junos OS, Junos OS Evolved, and Junos Space. The…
Apple Re-Releases Urgent Zero-Day Patches With Fix for Website Access Issue
Apple has re-released its latest Rapid Security Response updates for iOS and macOS after fixing a website access issue caused by the original patches. On…
SonicWall Patches Critical Vulnerabilities in GMS, Analytics Products
SonicWall on Wednesday announced patches for 15 vulnerabilities in its Global Management System (GMS) and Analytics products, including four critical-severity issues. GMS is a web-based…
APT Exploit Targeting Rockwell Automation Flaws Could Threaten Critical Infrastructure
An unnamed advanced persistent threat (APT) group has set its sights on two Rockwell Automation product vulnerabilities that they could use to cause disruption or…
Orca Sues Wiz Over Alleged Cloud Security Patent Violations
The simmering rivalry between Israeli cloud security unicorns Orca and Wiz erupted in the open Wednesday with Orca filing a dramatic lawsuit claiming patent infringements,…
Hardcoded Accounts Allow Full Takeover of Technicolor Routers
Multiple hardcoded credentials found on the Technicolor TG670 DSL gateway router allow attackers to completely take over devices, the CERT Coordination Center (CERT/CC) warns. A…
Inside the Mind of the Hacker: Report Shows Speed and Efficiency of Hackers in Adopting New Technologies
The application of artificial intelligence is still in its infancy, but we are already seeing one major effect: the democratization of hacking. The annual Bugcrowd…
Chinese Cyberspies Used Forged Authentication Tokens to Hack Government Emails
Microsoft reported on Tuesday that a Chinese cyberespionage group it tracks as Storm-0558 was recently spotted using forged authentication tokens to hack government email accounts.…
MOVEit: Testing the Limits of Supply Chain Security
Since late last month, a Russian cyber-extortion gang has been exploiting a flaw in a widely used software known as MOVEit. The program is used…
Citrix Patches Critical Vulnerability in Secure Access Client for Ubuntu
Citrix on Tuesday announced the release of patches for a critical-severity vulnerability in the Secure Access client for Ubuntu that could be exploited to achieve…