Security
Headlines
HeadlinesLatestCVEs

Tag

#wordpress

CISA's Flags Memory-Unsafe Code in Major Open Source Projects

Despite more than 50% of all open source code being written in memory-unsafe languages like C++, we are unlikely to see a massive overhaul to code bases anytime soon.

DARKReading
Open in Source
#sql#vulnerability#mac#linux#git#java#kubernetes#wordpress#c++#buffer_overflow#auth#chrome
New Credit Card Skimmer Targets WordPress, Magento, and OpenCart Sites

Multiple content management system (CMS) platforms like WordPress, Magento, and OpenCart have been targeted by a new credit card web skimmer called Caesar Cipher Skimmer. A web skimmer refers to malware that is injected into e-commerce sites with the goal of stealing financial and payment information.  According to Sucuri, the latest campaign entails making malicious modifications to the

WordPress Supply Chain Attack Spreads Across Multiple Plug-ins

Injected malicious JavaScript code gives attackers administrator rights on websites, and fills sites with SEO spam.

Multiple WordPress Plugins Compromised: Hackers Create Rogue Admin Accounts

Multiple WordPress plugins have been backdoored to inject malicious code that makes it possible to create rogue administrator accounts with the aim of performing arbitrary actions. "The injected malware attempts to create a new administrative user account and then sends those details back to the attacker-controlled server," Wordfence security researcher Chloe Chamberland said in a Monday alert.

WordPress RFC WordPress 6.0.8 Shell Upload

WordPress RFC WordPress plugin version 6.0.8 suffers from a remote shell upload vulnerability.

Hackers Exploit Legitimate Websites to Deliver BadSpace Windows Backdoor

Legitimate-but-compromised websites are being used as a conduit to deliver a Windows backdoor dubbed BadSpace under the guise of fake browser updates. "The threat actor employs a multi-stage attack chain involving an infected website, a command-and-control (C2) server, in some cases a fake browser update, and a JScript downloader to deploy a backdoor into the victim's system," German

Oracle Database Password Hash Unauthorized Access

Oracle Database versions 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, and 19c allows for unauthorized access to password hashes by an account with the DBA role.

New York Times Internal Data Nabbed From GitHub

The tranche of data, lifted from underprotected GitHub repositories, reportedly includes source code, though the country's paper of record has not yet confirmed the nature of the data accessed.

Popular WordPress Plugins Leave Millions Open to Backdoor Attacks

Fastly researchers discover unauthenticated stored XSS attacks plaguing WordPress Plugins including WP Meta SEO, and the popular WP…

Researchers Uncover Active Exploitation of WordPress Plugin Vulnerabilities

Cybersecurity researchers have warned that multiple high-severity security vulnerabilities in WordPress plugins are being actively exploited by threat actors to create rogue administrator accounts for follow-on exploitation. "These vulnerabilities are found in various WordPress plugins and are prone to unauthenticated stored cross-site scripting (XSS) attacks due to inadequate input sanitization