Quarterly WordPress Threat Intelligence Report – Q1 2026

As the leader in WordPress security, Wordfence provides unparalleled security coverage that fully encompasses protection, active monitoring, detection, and response all built around our threat intelligence, demonstrating a strong commitment to security. Our mission is to ensure comprehensive...

CVE-2025-42883 Insecure File Operations vulnerability in SAP NetWeaver Application Server for ABAP (Migration Workbench)

Migration Workbench DX Workbench in SAP NetWeaver Application Server for ABAP fails to trigger a malware scan when an attacker with administrative privileges uploads files to the application server. An attacker could leverage this and upload a malicious file into the system. This results in a low...

SAP NetWeaver Application Server for ABAP 代码问题漏洞

SAP NetWeaver Application Server for ABAP is a core application server platform from SAP, Germany. A code issue vulnerability exists in SAP NetWeaver Application Server for ABAP that stems from an administrator uploading a file without triggering a malware scan, which could result in the upload o...

Lynis Auditing Tool 3.1.6

Lynis is an auditing tool for Unix specialists. It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated...

EUVD-2023-41792

Malicious code in bioql PyPI...

Lynis Auditing Tool 3.1.5

Lynis is an auditing tool for Unix specialists. It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated...

Introducing New Pricing For Wordfence CLI!

We have an exciting announcement today about the Wordfence CLI project. We launched Wordfence CLI at WordCamp US back in August of 2023 with the goal of bringing malware and vulnerability scanning to the command line. Weve been working closely with our customers since the launch to better...

Demystifying a Common Cybersecurity Myth

One of the most common misconceptions in file upload cybersecurity is that certain tools are "enough" on their own—this is simply not the case. In our latest whitepaper OPSWAT CEO and Founder, Benny Czarny, takes a comprehensive look at what it takes to prevent malware threats in today's...

Omron CS/CJ Series Missing Authentication For Critical Function (CVE-2022-45794)

Omron CS/CJ series programmable logic controllers are missing authentication for the file system. This could allow an attacker to access the file system via memory card or EM file memory and obtain all available sensitive information. This plugin only works with Tenable.ot. Please visit...

CVE-2023-37939

An exposure of sensitive information to an unauthorized actor vulnerability CWE-200 in FortiClient for Windows 7.2.0, 7.0 all versions, 6.4 all versions, 6.2 all versions, Linux 7.2.0, 7.0 all versions, 6.4 all versions, 6.2 all versions and Mac 7.2.0 through 7.2.1, 7.0 all versions, 6.4 all...

CVE-2023-37939

An exposure of sensitive information to an unauthorized actor vulnerability CWE-200 in FortiClient for Windows 7.2.0, 7.0 all versions, 6.4 all versions, 6.2 all versions, Linux 7.2.0, 7.0 all versions, 6.4 all versions, 6.2 all versions and Mac 7.2.0 through 7.2.1, 7.0 all versions, 6.4 all...

VirusTotal Data Leak Exposes Some Registered Customers' Details

Data associated with a subset of registered customers of VirusTotal, including their names and email addresses, were exposed after an employee inadvertently uploaded the information to the malware scanning platform. The security incident, which comprises a database of 5,600 names in a 313KB file,...

ESTsoft Alyac 安全漏洞

ESTsoft Alyac is a low-priced comprehensive security software from the Korean company ESTsoft. A security vulnerability exists in ESTsoft Alyac version 2.5.8.645, which originates from a denial-of-service vulnerability in the malware scanning function, which can be exploited by an attacker to sen...

Researchers Takeover Unpatched 3rd-Party Antivirus Sandboxes via VirusTotal

Security researchers have disclosed a security issue that could have allowed attackers to weaponize the VirusTotal platform as a conduit to achieve remote code execution RCE on unpatched third-party sandboxing machines employed antivirus engines. The flaw, now patched, made it possible to "execut...

Trend Micro Portable Security权限提升漏洞

Trend Micro Portable Security is a malware scanning and cleaning tool from Trend Micro, Inc. Trend Micro Portable Security has an elevation of privilege vulnerability that can be exploited by attackers to cause local elevation of privilege...

Microsoft Issues Fix for Exchange Y2K22 Bug That Crippled Email Delivery Service

Microsoft, over the weekend, rolled out a fix to address an issue that caused email messages to get stuck on its Exchange Server platforms due to what it blamed on a date validation error at around the turn of the year. "The problem relates to a date check failure with the change of the new year...

Improve kernel security with the new Microsoft Vulnerable and Malicious Driver Reporting Center

Windows 10 and Windows 11 have continued to raise the security bar for drivers running in the kernel. Kernel-mode driver publishers must pass the Hardware Lab Kit HLK compatibility tests, malware scanning, and prove their identity through extended validation EV certificates. This has significantl...

Workshop: AWS S3 Bucket for Malware Scanning

In this workshop, you will learn how to scan your objects that are being uploaded to Amazon S3 buckets for malware and integrate into your custom workflows, by automating with your current resources, directly in your AWS environment...

Workshop: AWS S3 Bucket for Malware Scanning

In this workshop, you will learn how to scan your objects that are being uploaded to Amazon S3 buckets for malware and integrate into your custom workflows, by automating with your current resources, directly in your AWS environment...

Total Defense Anti-virus Competitive Conditions Issue Vulnerability

Total Defense Anti-virus is a suite of antivirus software from the American company Total Defense. A competitive condition issue vulnerability exists in the malware scanning feature in Total Defense Anti-virus version 11.5.2.28, which can be exploited by attackers to remove privileged files...