Cybersecurity firm Trustwave has uncovered a vulnerability in the website CMS, Umbraco. The organization posted about the bug, which is a privilege escalation issue, on their website earlier this week. The flaw allows for low privileged users to elevate themselves to the status of admin and reap associated benefits and

Security researchers have discovered critical vulnerabilities in the official Facebook for WordPress plugin, finding that they can be abused to upload arbitrary files which would likely lead to remote code execution. Wordfence researchers recently released a warning advising users to exercise caution and to implement Facebook’s patch as soon as

Attackers are currently targeting WordPress users who have not implemented patches to their plugins. Thrive Themes, a company that offers various products connected to WordPress, recently released patches for vulnerabilities within its services. However, researchers found that users who have failed to implement the fixes are being actively targeted by

The US Cybersecurity and Infrastructure Security Agency has warned of critical severity flaws that lie within General Electric’s Universal Relay power management devices. The flaws could allow for denial-of-service attacks, allow an attacker to access unauthorized sensitive information, reboot the Universal Relay, and gain privileged access. The CISA stated that

Cisco has allegedly fixed a critical security flaw affecting its Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches. The vulnerability could allow for a remote attacker to bypass authentication, according to the company. The bug is one of three critical flaws patched by Cisco this past week. The

An open-source cryptographic library service called Libgcrypt is in hot water after a critical vulnerability was reported in their software. The vulnerability lies in the GNU Privacy Gaurd (GnuPG) module, relying on the ‘libgpg-error’ message. However, researchers have reported that the code can be used independently through more complicated means.

A new flaw discovered in Cisco’s web-based management interface of the Cisco DNA Center opens up organizations to cross-site request forgery (CSRF) attacks. This can lead to remote attack and takeover, Cisco says. The high severity vulnerability is tracked as CVE-2021-1257 and boasts a severity score of 7.1 on the

Amazon has distributed an $18,000 bug bounty to a researcher who discovered an exploit that allowed an attacker to take complete control over a Kindle e-reader device, just by knowing the targeted user’s email address. The attack is referred to as KindleDrip and was first identified in October of 2020

Security researchers have discovered a hardcoded admin-level backdoor account on more than 100,000 Zyxel firewalls, VPN gateways, and access point controllers. These backdoor accounts can grant attackers root access via the web administration panel or the SSH interface, making the situation a critical threat to consumers. The backdoor account was

Google has issued an update for its Chrome web browser, fixing several vulnerabilities that could allow a threat actor to conduct computer compromise through a browser hack. The bug affects desktop versions of the browser, and the update fixed a total of eight bugs present within the current version with