News

WordPress plugin disguised as a security tool injects backdoor
A new malware campaign targeting WordPress sites employs a malicious plugin disguised as a security tool to trick users into ...
WordPress Robots.txt: What Should You Include?
Slash unnecessary crawl activity and index bloat by upgrading your WordPress robots.txt file. Here’s what to include, exclude ...
SecurityWeek2d
Craft CMS Zero-Day Exploited to Compromise Hundreds of Websites
Threat actors have exploited a zero-day vulnerability in Craft CMS to execute PHP code on hundreds of websites.
WooCommerce admins targeted by fake security patches that hijack sites
A large-scale phishing campaign targets WooCommerce users with a fake security alert urging them to download a "critical ...
GitHub22d
Insecure File Upload Leads to Remote Code Execution
9.0.0 - 10.0.2 This score calculates overall vulnerability severity from 0 to 10 and is based on the Common Vulnerability Scoring System (CVSS). Attack vector: More severe the more the remote ...
GitHub23d
Monolog-based logging package for WordPress
PHP's exceptions and errors is something that is very likely worth logging. Wonolog ships with a default logger that is used for all the default channels. This logger has a single handler that write ...
The Hacker News27d
Critical Flaw in Apache Parquet Allows Remote Attackers to Execute Arbitrary Code
According to Endor Labs, successful exploitation of the flaw requires tricking a vulnerable system into reading a specially crafted Parquet file to obtain code execution. "This vulnerability can ...