WordPress 5.8.3, a security release that became available last week, patches four injection-related vulnerabilities.
Two of the flaws are SQL injections — one affects WP_Meta_Query (discovered by Ben Bidner of the WordPress security team) and one affects WP_Query (discovered by ngocnb and khuyenn of GiaoHangTietKiem JSC).
Taiwan-based QNAP Systems on Friday warned users of an increase in attacks targeting network-attached storage (NAS) appliances, urging them to secure their devices as soon as possible.
The aggressive Zloader banking malware campaign is exploiting Microsoft’s digital signature verification method to inject code into a signed system DLL, according to researchers at Check Point.
VMware this week shipped security updates for its Workstation, Fusion and ESXi product lines, warning that a heap-overflow vulnerability could expose users to code execution attacks.
With eyes firmly set on the booming attack surface management space, threat intel powerhouse Recorded Future is shelling out $65 million to purchase SecurityTrails, a startup that helps organizations keep track of internet-facing assets.
Researchers at mobile security firm ZecOps have shown how a piece of iOS malware can achieve “persistence” on a device by faking its shutdown process.
Threat hunters in the U.K.’s National Health Service have raised an alarm for an unknown threat actor hitting vulnerable VMWare Horizon servers with exploits for the ubiquitous Log4j security flaw.
A critical, unauthenticated remote code execution vulnerability has been impacting the H2 database console since 2008.
An open-source Java SQL database, H2 is an in-memory solution that eliminates the need to store data on disk, and is one of the most popular Maven packages, having roughly 7,000 artifact dependencies,
A large-scale, long-term phishing experiment conducted in a 56,000-employee organization has come to a startling conclusion: Those simulated phishing tests commonly seen in corporate user-education campaigns are actually making things much worse.
