#windows

WordPress Bricks Builder Theme version 1.9.6 suffers from a PHP code injection vulnerability.

WordPress Hash Form plugin version 1.1.0 suffers from a PHP code injection vulnerability.

WordPress GiveWP Donation Fundraising Platform version 3.14.1 suffers from a PHP code injection vulnerability.

ViciDial version 2.0.5 suffers from a cross site request forgery vulnerability.

Vehicle Service Management System version 1.0 suffers from a cross site request forgery vulnerability.

Transport Management System version 1.0 suffers from an insecure direct object reference vulnerability.

Printing Business Records Management System version 1.0 suffers from an ignored default credential vulnerability.

Online Eyewear Shop version 1.0 suffers from an ignored default credential vulnerability.

AVideo version 12.4 suffers from a PHP code injection vulnerability.

Threat actors with ties to North Korea have been observed delivering a previously undocumented backdoor and remote access trojan (RAT) called VeilShell as part of a campaign targeting Cambodia and likely other Southeast Asian countries. The activity, dubbed SHROUDED#SLEEP by Securonix, is believed to be the handiwork of APT37, which is also known as InkySquid, Reaper, RedEyes, Ricochet Chollima,