vulnerable

  • Blog

    Hunk Companion WordPress plugin exploited to install vulnerable plugins

    Hackers are exploiting a critical vulnerability in the “Hunk Companion” plugin to install and activate other plugins with exploitable flaws directly from the WordPress.org repository. By installing outdated plugins with known vulnerabilities with available exploits, the attackers can access a large pool of flaws that lead to remote code execution (RCE), SQL injection, cross-site scripting (XSS) flaws, or create backdoor admin…

    Read More »
  • Blog

    Researchers claim Fortinet’s FortiJump patch was ‘incomplete’ and left users vulnerable

    Fortinet’s patch for FortiJump, a critical missing authentication RCE flaw in FortiManager, left new vulnerabilities on the table for threat actors to exploit, according to new research. A new report from watchTowr Labs described how when trying to recreate the initial FortiJump vulnerability, researchers discovered a series of additional flaws, and one they considered particularly worrying. “[We] stumbled upon a…

    Read More »
  • Blog

    New SteelFox malware hijacks Windows PCs using vulnerable driver

    A new malicious package called ‘SteelFox’ mines for cryptocurrency and steals credit card data by using the “bring your own vulnerable driver” technique to get SYSTEM privileges on Windows machines. The malware bundle dropper is distributed through forums and torrent trackers as a crack tool that activates legitimate versions of various software like Foxit PDF Editor, JetBrains and AutoCAD. Using a vulnerable driver…

    Read More »
  • Blog

    How Are You Vulnerable Online?

    Key Takeaways Weak passwords increase vulnerability, especially if reused, which can lead to breaches across multiple accounts. Tracking by tech companies and ISPs endangers your privacy. Improper storage of documents in the cloud can put your data at risk. You’ve been warned over and over that you’re at risk while online, but what are those risks exactly? Let’s go over…

    Read More »
  • Blog

    New Revival Hijack technique leaves 22,000 PyPi projects vulnerable to attacks

    Up to 22,000 PyPI packages may be at risk of being hijacked in a newly-developed supply chain attack technique, research reveals. Security researchers at devops specialist JFrog published a blog warning developers about a new attack technique that leverages the ability to re-register popular packages once the original owner removes them from PyPI’s index. Dubbed ‘Revival Hijack’, the technique builds…

    Read More »
Back to top button
close