Headline
CVE-2022-2189
The WP Video Lightbox WordPress plugin before 1.9.5 does not escape the $_SERVER[‘REQUEST_URI’] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers
Related news
'Bootkitty' First Bootloader to Take Aim at Linux
Though it's still just a proof of concept, the malware is functional and can evade the Secure Boot process on devices from multiple vendors.