Security News

Filter by:

Security plugin flaw in millions of WordPress sites gives admin access

A critical authentication bypass vulnerability has been discovered impacting the WordPress plugin 'Really Simple Security' (formerly 'Really Simple SSL'), including both free and Pro versions. [...]
Bleepingcomputer 17 Nov 2024 1818 Views

CISA warns of more Palo Alto Networks bugs exploited in attacks

CISA warned today that two more critical security vulnerabilities in Palo Alto Networks' Expedition migration tool are now actively exploited in attacks. [...]
Bleepingcomputer 15 Nov 2024 1554 Views

Microsoft Power Pages Leak Millions of Private Records

Less-experienced users of Microsoft's website building platform may not understand all the implications of the access controls in its low- or no-code environment.
Dark Reading 14 Nov 2024 1205 Views

FBI, CISA, and NSA reveal most exploited vulnerabilities of 2023

​The FBI, the NSA, and cybersecurity authorities of the Five Eyes intelligence alliance have released today a list of the top 15 routinely exploited vulnerabilities throughout last year.
Bleeping Computer 13 Nov 2024 1688 Views

Microsoft Exchange adds warning to emails abusing spoofing flaw

Microsoft has disclosed a high-severity Exchange Server vulnerability that allows attackers to forge legitimate senders on incoming emails and make malicious messages a lot more effective.
Bleeping Computer 13 Nov 2024 1643 Views

D-Link won’t fix critical flaw affecting 60,000 older NAS devices

More than 60,000 D-Link network-attached storage devices that have reached end-of-life are vulnerable to a command injection vulnerability with a publicly available exploit. [...]
Bleepingcomputer 9 Nov 2024 1454 Views

Malicious PyPI package with 37,000 downloads steals AWS keys

A malicious Python package named 'fabrice' has been present in the Python Package Index (PyPI) since 2021, stealing Amazon Web Services credentials from unsuspecting developers. [...]
Bleepingcomputer 9 Nov 2024 1412 Views

Palo Alto Networks warns of potential PAN-OS RCE vulnerability

Palo Alto Networks warned customers to restrict access to their next-generation firewalls because of a potential remote code execution vulnerability in the PAN-OS management interface. [...]
Bleepingcomputer 9 Nov 2024 1688 Views

DocuSign's Envelopes API abused to send realistic fake invoices

Threat actors are abusing DocuSign's Envelopes API to create and mass-distribute fake invoices that appear genuine, impersonating well-known brands like Norton and PayPal. [...]
Bleepingcomputer 5 Nov 2024 2127 Views

OWASP Beefs Up GenAI Security Guidance Amid Growing Deepfakes

As businesses worry over deepfake scams and other AI attacks, organizations are adding guidance for cybersecurity teams on how to detect, and respond to, next-generation threats. That includes Exabeam, which was recently targeted by a deepfaked job candidate.
Dark Reading 5 Nov 2024 1906 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY