WordPress
9271 crucial vulnerabilities found in 185 firmware images of embedded devices
A study into the security of the Internet of Things has confirmed that the web interfaces for user administration of commercial, off-the-shelf embedded devices – …
The automation and industrialization of cyber attacks
A new Imperva report highlights cyber criminals’ use of automation to increase both the magnitude and velocity of attacks designed to compromise users and steal sensitive …
Persistent XSS flaw in SharePoint 2013 revealed, patched
Among the vulnerabilities patched earlier this month by Microsoft is an important one that endangers users of Microsoft SharePoint 2013, a web application platform in the …
PayPal stored XSS vulnerability exposed
Bitdefender researchers have located a stored XSS vulnerability in PayPal that leaves the e-payment service open for hackers to upload maliciously crafted files, capable of …
Open source Sleepy Puppy tool finds XSS bugs in target apps and beyond
Since Monday, security pros can add another XSS-finding tool to their arsenal, as Netflix has open sourced their cross-site scripting payload management framework dubbed …
How to get better at web application security
Robert Hansen, Vice President of WhiteHat Security Labs, has more than 20 years of web application and browser security experience. In this interview he discusses the …
5,000+ e-commerce sites at risk due to buggy WordPress plugin
A popular WordPress e-commerce plugin that is actively used on over 5,000 websites contains high-risk vulnerabilities that can be exploited to compromise customers’ …
WordPress vulnerable to yet another, still to be patched XSS flaw
The latest WordPress version (4.2, released on Thursday) and several earlier ones are vulnerable to a stored cross-site scripting (XSS) vulnerability that can be exploited to …
WordPress issues critical security release
WordPress users should update as soon as possible, as the latest release (4.1.2) plugs a critical cross-site scripting vulnerability that could allow anonymous users to …
Popular WordPress plugins vulnerable to XSS
At least 17 WordPress plugins – and likely even more of them – have been found vulnerable to cross-site scripting (XSS) flaws that could allow attackers to inject …
WordPress sites compromised to redirect to Pirate Bay clone, exploit kit
Malwarebytes researchers have spotted another malware delivery campaign that uses compromised WordPress sites to redirect users to a page hosting an exploit kit. The total …
WordPress plugin used by millions sports critical site-hijacking flaw
Another popular Yoast WordPress plugin has been found sporting a critical vulnerability that can be exploited by attackers to take over control of the site. A week ago it was …
Featured news
Sponsored
Don't miss
- How much does cloud-based identity expand your attack surface?
- Finding software flaws early in the development process provides ROI
- Zero-day exploitation surged in 2023, Google finds
- NHS Scotland confirms ransomware attackers leaked patients’ data
- Patch actively exploited Microsoft SharePoint bug, CISA orders federal agencies (CVE-2023-24955)