Vulnerabilities

WordPress Bricks Theme Under Active Attack: Critical Flaw Impacts 25,000+ Sites

Leave a Comment / Vulnerabilities /

Threat actors are actively using a serious security vulnerability in the WordPress Bricks theme to force arbitrary PHP code to run on vulnerable installations. The vulnerability, identified as CVE-2024-25600 (CVSS score: 9.8), allows remote code execution to be accomplished by unauthorised attackers. It affects every Bricks version up to and including 1.9.6. Only a few […]

WordPress Bricks Theme Under Active Attack: Critical Flaw Impacts 25,000+ Sites Read More »

WordPress Websites Getting Hacked Through This Plugin

Leave a Comment / Vulnerabilities /

Unknown threat actors are actively exploiting a recently patched security vulnerability in the Elementor Pro website builder plugin for WordPress. The flaw, described as a case of broken access control, impacts versions 3.11.6 and earlier. It was addressed by the plugin maintainers in version 3.11.7 released on March 22. “Improved code security enforcement in WooCommerce

WordPress Websites Getting Hacked Through This Plugin Read More »

Potential Wiretapping Bugs Found in Google Home Smart Speakers by Researchers

Leave a Comment / Vulnerabilities /

For identifying security flaws in Google Home smart speakers that could be used to install backdoors and convert them into wiretapping devices, a security researcher was given a bug prize of $107,500. The researcher, who goes by the name Matt Kunze, revealed the flaws in a technical write-up released this week. The flaws “allowed an

Potential Wiretapping Bugs Found in Google Home Smart Speakers by Researchers Read More »

French Electricity Provider Fined for Using Weak MD5 Algorithm to Store User Passwords

Leave a Comment / Vulnerabilities /

The French data protection authority penalized Électricité de France €600,000 on Tuesday for failing to comply with the General Data Protection Regulation (GDPR) of the European Union. The electric utility was accused of violating European law by retaining the passwords for more than 25,800 accounts and hashing them using the MD5 technique as recently as

French Electricity Provider Fined for Using Weak MD5 Algorithm to Store User Passwords Read More »

Critical WhatsApp Bugs Might Have Allowed Hackers Take Over Devices Remotely

Leave a Comment / Vulnerabilities /

Two vulnerabilities in WhatsApp’s messaging software for Android and iOS that might allow remote code execution on weak devices have been fixed with security updates. One of these involves WhatsApp’s serious integer overflow vulnerability CVE-2022-36934 (CVSS score: 9.8), which allows arbitrary code to be executed only by starting a video conversation. Prior to version 2.22.16.12,

Critical WhatsApp Bugs Might Have Allowed Hackers Take Over Devices Remotely Read More »

Over 280,000 WordPress Sites Attacked Using WPGateway Plugin Zero-Day Vulnerability

Leave a Comment / Vulnerabilities /

WPGateway, a premium WordPress plugin, has a zero-day vulnerability that is already being aggressively abused in the wild, giving bad actors the capability to entirely take over vulnerable websites. According to WordPress security firm Wordfence, the vulnerability, identified as CVE-2022-3180 (CVSS score: 9.8), is being exploited to install a malicious administrator user to websites using

Over 280,000 WordPress Sites Attacked Using WPGateway Plugin Zero-Day Vulnerability Read More »

New SolarMarker Malware Variant Employing Updated Techniques to Avoid Detection

Leave a Comment / Vulnerabilities /

Researchers have revealed an improved version of the SolarMarker virus that includes new features aimed at improving its defensive evasion skills and remaining undetected. “The newest version indicated an advancement from dealing with Windows Portable Executables (EXE files) to working with Windows installation package files (MSI files,” according to a report issued this month by

New SolarMarker Malware Variant Employing Updated Techniques to Avoid Detection Read More »

Vulnerabilities in Lenovo’s UEFI Firmware Affect Millions of Laptops

Leave a Comment / Vulnerabilities /

Three high-impact UEFI security vulnerabilities have been discovered in multiple Lenovo consumer laptop models, allowing malicious actors to deploy and execute firmware implants on the afflicted devices. According to ESET researcher Martin Smolár, the CVE-2021-3970, CVE-2021-3971, and CVE-2021-3972 vulnerabilities “affect firmware drivers originally supposed to be utilised solely during the production process of Lenovo consumer

Vulnerabilities in Lenovo’s UEFI Firmware Affect Millions of Laptops Read More »

Secret Backdoors Discovered In WordPress Plugins and Themes

Leave a Comment / Vulnerabilities /

In another software supply chain attack, dozens of WordPress themes and plugins hosted on a developer’s website were backdoored with malicious code in September 2021 with the goal of infecting further sites. This gave attackers full administrative control over websites that used 40 themes and 53 plugins belonging to AccessPress Themes, a Nepal-based company that

Secret Backdoors Discovered In WordPress Plugins and Themes Read More »