Security
Headlines
HeadlinesLatestCVEs

Tag

#wordpress

You’re going to start seeing more tax-related spam, but remember, that doesn’t actually mean there’s more spam

It’s important to be vigilant about tax-related scams any time these deadlines roll around, regardless of what country you’re in, but it’s not like you need to be particularly more skeptical in March and April.

TALOS
Open in Source
#vulnerability#web#android#amazon#cisco#git#wordpress#botnet#auth
Hacked WordPress Sites Abusing Visitors' Browsers for Distributed Brute-Force Attacks

Threat actors are conducting brute-force attacks against WordPress sites by leveraging malicious JavaScript injections, new findings from Sucuri reveal. The attacks, which take the form of distributed brute-force attacks, “target WordPress websites from the browsers of completely innocent and unsuspecting site visitors,” security researcher Denis Sinegubko said. The activity is part of a&

WordPress Neon Text 1.1 Cross Site Scripting

WordPress Neon Text plugin versions 1.1 and below suffer from a persistent cross site scripting vulnerability.

KK Star Ratings Race Condition

KK Star Ratings versions prior to 5.4.6 suffer from rate tampering via a race condition vulnerability.

GhostSec’s joint ransomware operation and evolution of their arsenal

Cisco Talos observed a surge in GhostSec, a hacking group’s malicious activities since this past year. GhostSec has evolved with a new GhostLocker 2.0 ransomware, a Golang variant of the GhostLocker ransomware.

WordPress IDonate Blood Request Management System 1.8.1 Cross Site Scripting

WordPress IDonate Blood Request Management System plugin versions 1.8.1 and below suffer from a persistent cross site scripting vulnerability.

WordPress WP Fastest Cache 1.2.2 SQL Injection

WordPress WP Fastest Cache plugin version 1.2.2 suffers from an unauthenticated remote SQL injection vulnerability.

WordPress LiteSpeed Plugin Vulnerability Puts 5 Million Sites at Risk

A security vulnerability has been disclosed in the LiteSpeed Cache plugin for WordPress that could enable unauthenticated users to escalate their privileges. Tracked as CVE-2023-40000, the vulnerability was addressed in October 2023 in version 5.7.0.1. "This plugin suffers from unauthenticated site-wide stored [cross-site scripting] vulnerability and could allow any unauthenticated user

WordPress Plugin Alert - Critical SQLi Vulnerability Threatens 200K+ Websites

A critical security flaw has been disclosed in a popular WordPress plugin called Ultimate Member that has more than 200,000 active installations. The vulnerability, tracked as CVE-2024-1071, carries a CVSS score of 9.8 out of a maximum of 10. Security researcher Christiaan Swiers has been credited with discovering and reporting the flaw. In an advisory published last week, WordPress

TinyTurla-NG in-depth tooling and command and control analysis

Cisco Talos, in cooperation with CERT.NGO, has discovered new malicious components used by the Turla APT. New findings from Talos illustrate the inner workings of the command and control (C2) scripts deployed on the compromised WordPress servers utilized in the compromise we previously disclosed.