6 matches found
Hackers Exploiting LiteSpeed Cache Bug to Gain Full Control of WordPress Sites
A high-severity flaw impacting the LiteSpeed Cache plugin for WordPress is being actively exploited by threat actors to create rogue admin accounts on susceptible websites. The findings come from WPScan, which said that the vulnerability CVE-2023-40000, CVSS score: 8.3 has been leveraged to set u...
CVE-2022-32894
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively...
Apple Patches Critical iOS Bugs; One Under Attack
Apple lovers who haven’t yet updated to iOS 15, you may want to pop into Settings to freshen up your iPhone now: Apple has released several critical security updates that might light a fire under your britches. On Monday and Tuesday, Apple released iOS 14.8.1, iPadOS 14.8.1, watchOS 8.1 and tvOS...
Facebook Debuts Third-Party Vulnerability Disclosure Policy
Facebook has implemented a fresh security vulnerability disclosure policy VDP this week – in an effort to explain how it decides when and how to roll out details on various bugs that its team finds in third-party software and open-source projects. Generally speaking, companies will have 21 days t...
Cybercriminals Have a Heyday with WinRAR Bug in Fresh Campaigns
A recently discovered vulnerability in the WinRAR file archival utility has been exploited in a slew of new campaigns, including one with a never-before-seen payload. The flurry of activity shows no sign of waning as cybercriminals continue to find success exploiting the bug. The campaigns take...
Microsoft Patches Critical IE Vulnerabilities
Internet Explorer continues to dominate Microsoft’s 2013 security updates. Among the 12 bulletins and 57 vulnerabilities patched in today’s release was a cumulative update for the maligned browser and another fix for a bug being exploited in the wild. Last month, an out-of-band fix for IE 6-8...