Security
Headlines
HeadlinesLatestCVEs

Tag

#ios

Critical WPML Plugin Flaw Exposes WordPress Sites to Remote Code Execution

A critical security flaw has been disclosed in the WPML WordPress multilingual plugin that could allow authenticated users to execute arbitrary code remotely under certain circumstances. The vulnerability, tracked as CVE-2024-6386 (CVSS score: 9.9), impacts all versions of the plugin before 4.6.13, which was released on August 20, 2024. Arising due to missing input validation and sanitization,

The Hacker News
#vulnerability#web#ios#wordpress#rce#perl#auth#The Hacker News
GHSA-fmj9-77q8-g6c4: Apollo Query Planner and Apollo Gateway may infinitely loop on sufficiently complex queries

### Impact Instances of @apollo/query-planner >=2.0.0 and <2.8.5 are impacted by a denial-of-service vulnerability. @apollo/gateway versions >=2.0.0 and < 2.8.5 and Apollo Router <1.52.1 are also impacted through their use of @apollo/query-planner. If @apollo/query-planner is asked to plan a sufficiently complex query, it may loop infinitely and never complete. This results in unbounded memory consumption and either a crash or out-of-memory (OOM) termination. This issue can be triggered if you have at least one non-`@key` field that can be resolved by multiple subgraphs. To identify these shared fields, the schema for each subgraph must be reviewed. The mechanism to identify shared fields varies based on the version of Federation your subgraphs are using. You can check if your subgraphs are using Federation 1 or Federation 2 by reviewing their schemas. Federation 2 subgraph schemas will contain a `@link` directive referencing the version of Federation being used while Federation 1 ...

SMS scammers use toll fees as a lure

Scammers are increasingly using toll fees as a lure in smishing attacks with the aim of grabbing victims' personal details and credit card information.

Telegram CEO Pavel Durov’s Arrest Linked to Sweeping Criminal Investigation

French authorities detained Durov to question him as part of a probe into a wide range of alleged violations—including money laundering and CSAM—but it remains unclear if he will face charges.

PSA: These &#8216;Microsoft Support&#8217; ploys may just fool you

We came a cross a clever abuse of Google and Microsoft's services that fooled us for a minute. See if you could have spotted it.

The Facts About Continuous Penetration Testing and Why It’s Important

What is Continuous Attack Surface Penetration Testing or CASPT? Continuous Penetration Testing or Continuous Attack Surface Penetration Testing (CASPT) is an advanced security practice that involves the continuous, automated, and ongoing penetration testing services of an organization's digital assets to identify and mitigate security vulnerabilities. CASPT is designed for enterprises with an