SecurityWeek

Ally WordPress Plugin Flaw Exposes Over 200,000 Websites to Attacks

A vulnerability in the Ally WordPress plugin exposes over 200,000 websites to sensitive information disclosure via SQL queries.

LexisNexis Hack Exposes 3.9M Records Through Unpatched React Vulnerability

LexisNexis confirmed a data breach after hackers leaked stolen files, with attackers claiming they exploited the React2Shell ...
TechRepublic

Security Flaw in WordPress Plugin Puts 400,000 Websites at Risk

Security Flaw in WordPress Plugin Puts 400,000 Websites at Risk Your email has been sent A vulnerability in a widely used WordPress accessibility plugin could allow ...

Microsoft Confirms SQL Zero-Day Security Vulnerability—Here’s The Fix

Microsoft has confirmed that a hacker who successfully exploits a zero-day SQL vulnerability could gain system administrator privileges. Here’s how to fix it.

Another worrying WordPress plugin security flaw could put 250,000 websites at risk

Ally was carrying an SQL injection flaw that allowed data exfiltration.
The Hacker News

⚡ Weekly Recap: Qualcomm 0-Day, iOS Exploit Chains, AirSnitch Attack & Vibe-Coded Malware

Your weekly cybersecurity roundup covering the latest threats, exploits, vulnerabilities, and security news you need to know.

Supply-chain attack using invisible code hits GitHub and other repositories

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible code, a technique that’s flummoxing traditional defenses designed to ...

Hackers hijack WordPress sites to spread malware using fake CAPTCHA

A ClickFix attack can come in all shapes and sizes, including through compromised WordPress websites.
CNET

Tired of Your Full Inbox? Here's How to Get Back 15GB of Free Gmail Storage Now

Jason Chun is a CNET writer covering a range of topics in tech, home, wellness, finance and streaming services. He is passionate about language and technology, and has been an avid writer/reader of ...