vulnerability
W3 Total Cache plugin flaw exposes 1 million WordPress sites to attacks
A severe flaw in the W3 Total Cache plugin installed on more than one million WordPress sites could give attackers access to various information, including metadata on cloud-based apps. The W3 Total Cache plugin uses multiple caching techniques to optimize a website’s speed, reduce load times, and generally improve its SEO ranking. The flaw is tracked […]
New UEFI Secure Boot flaw exposes systems to bootkits, patch now
A new UEFI Secure Boot bypass vulnerability tracked as CVE-2024-7344 that affects a Microsoft-signed application could be exploited to deploy bootkits even if Secure Boot protection is active. The vulnerable UEFI application is present in multiple real-time system recovery tools from several third-party software developers. Bootkits represent a critical security threat that is difficult to detect because […]
SAP fixes critical vulnerabilities in NetWeaver application servers
SAP has fixed two critical vulnerabilities affecting NetWeaver web application server that could be exploited to escalate privileges and access restricted information. As part of the January Security Patch Day, the vendor also released updates for other products to patch 12 additional issues rated with medium and high severity. “SAP strongly recommends that the customer […]
Over 660,000 Rsync servers exposed to code execution attacks
Over 660,000 exposed Rsync servers are potentially vulnerable to six new vulnerabilities, including a critical-severity heap-buffer overflow flaw that allows remote code execution on servers. Rsync is an open-source file synchronization and data transferring tool valued for its ability to perform incremental transfers, reducing data transfer times and bandwidth usage. It supports local file systems […]
Microsoft January 2025 Patch Tuesday fixes 8 zero-days, 159 flaws
Today is Microsoft’s January 2025 Patch Tuesday, which includes security updates for 159 flaws, including eight zero-day vulnerabilities, with three actively exploited in attacks. This Patch Tuesday also fixes twelve “Critical” vulnerabilities, including information disclosure, privileges elevation, and remote code execution flaws. The number of bugs in each vulnerability category is listed below: To learn more […]
Microsoft: macOS bug lets hackers install malicious kernel drivers
Apple recently addressed a macOS vulnerability that allows attackers to bypass System Integrity Protection (SIP) and install malicious kernel drivers by loading third-party kernel extensions. System Integrity Protection (SIP), or ‘rootless,’ is a macOS security feature that prevents malicious software from altering specific folders and files by limiting the root user account’s powers in protected […]
Hackers exploit critical Aviatrix Controller RCE flaw in attacks
Threat actors are exploiting a critical remote command execution vulnerability, tracked as CVE-2024-50603, in Aviatrix Controller instances to install backdoors and crypto miners. The Aviatrix Controller, part of the Aviatrix Cloud Networking Platform, enhances networking, security, and operational visibility for multi-cloud environments. It is used by enterprises, DevOps teams, network engineers, cloud architects, and managed […]
UK domain registry Nominet confirms breach via Ivanti zero-day
Nominet, the official .UK domain registry and one of the largest country code registries, has confirmed that its network was breached two weeks ago using an Ivanti VPN zero-day vulnerability. The company manages and operates over 11 million .uk, .co.uk, and .gov .uk domain names and other top-level domains, including .cymru and .wales. It also […]
Unpatched critical flaws impact Fancy Product Designer WordPress plugin
Premium WordPress plugin Fancy Product Designer from Radykal is vulnerable to two critical severity flaws that remain unfixed in the current latest version. With more than 20,000 sales, the plugin allows customization of product designs (e.g. clothing, mugs, phone cases) on WooCommerce sites by changing colors, transforming text, or modifying the size. While examining the […]
Ivanti warns of new Connect Secure flaw used in zero-day attacks
Ivanti is warning that hackers exploited a Connect Secure remote code execution vulnerability tracked as CVE-2025-0282 in zero-day attacks to install malware on appliances. The company says it became aware of the vulnerabilities after the Ivanti Integrity Checker Tool (ICT) detected malicious activity on customers’ appliances. Ivanti launched an investigation and confirmed that threat actors were actively […]