Two critical security flaws impacting the Spam protection, Anti-Spam, and FireWall plugin for WordPress could allow an unauthenticated attacker to install and enable malicious plugins on susceptible sites and potentially achieve remote code execution. The vulnerabilities, tracked as CVE-2024-10542 and CVE-2024-10781, carry a CVSS score of 9.8 out of a maximum of 10.0. They were […]
Cyber News
This is in effect a “throw your turn” game like “snakes and ladders”. You all take one or two steps forwards in turn. In general you both progress, but sometimes you fall back down a lot. There is in effect only three ways to reliably not loose, 1, Cheat any which way you can (timeless […]
Cyber News
When CVEs go viral, separating critical vulnerabilities from the noise is essential to protecting your organization. That’s why Intruder, a leader in attack surface management, built Intel – a free vulnerability intelligence platform designed to help you act fast and prioritize real threats. What is Intel? Intel was created to fill a gap in the […]
Cyber News
The Russia-aligned threat actor known as RomCom has been linked to the zero-day exploitation of two security flaws, one in Mozilla Firefox and the other in Microsoft Windows, as part of attacks designed to deliver the eponymous backdoor on victim systems. “In a successful attack, if a victim browses a web page containing the exploit, […]
Cyber News
The China-linked threat actor known as Earth Estries has been observed using a previously undocumented backdoor called GHOSTSPIDER as part of its attacks targeting Southeast Asian telecommunications companies. Trend Micro, which described the hacking group as an aggressive advanced persistent threat (APT), said the intrusions also involved the use of another cross-platform backdoor dubbed
Cyber News
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a now-patched critical security flaw impacting Array Networks AG and vxAG secure access gateways to its Known Exploited Vulnerabilities (KEV) catalog following reports of active exploitation in the wild. The vulnerability, tracked as CVE-2023-28461 (CVSS score: 9.8), concerns a case of missing authentication that
Cyber News
Graham CLULEY November 25, 2024 Promo Protect all your devices, without slowing them down. Free 30-day trial Flipaclip, an animation creation app that is particularly popular with youngsters, has exposed the details of over 890,000 users. A vulnerability in the frame-by-frame animation app, which is available for iOS and Android, was initially discovered this month […]
Cyber News
Google has introduced a new feature called Restore Credentials to help users restore their account access to third-party apps securely after migrating to a new Android device. Part of Android’s Credential Manager API, the feature aims to reduce the hassle of re-entering the login credentials for every app during the handset replacement. “With Restore Credentials, […]
Cyber News
The administrators of the Python Package Index (PyPI) repository have quarantined the package “aiocpa” following a new update that included malicious code to exfiltrate private keys via Telegram. The package in question is described as a synchronous and asynchronous Crypto Pay API client. The package, originally released in September 2024, has been downloaded 12,100 times […]
Cyber News