A security researcher recently detected a zero-day CSRF vulnerability CVE-2019-12922 in phpMyAdmin 4.9.0.1, which allows the deletion of any server in the Setup page.
phpMyAdmin zero-day vulnerability (CVE-2019-12922) Read More »
UK’s cybersecurity organization NCSC issued a warning that Python 2 is fast approaching its end-of-life (EOL) on January 1, 2020. After that time, organizations will no longer be able to get bug fixes or security patches.
Python 2 fast approaching EOL, poses future security risks Read More »
First American Financial Corp., one of the world’s largest real estate title insurance companies, exposed hundreds of millions of title insurance customer financial records.
First American Financial Corp. leaks hundreds of millions of customer records Read More »
Multiple vulnerabilities have been discovered in Jenkins plugins that could lead to information disclosure. The three affected plugins are Swarm, Ansible and GitLab.
Multiple Jenkins plugin vulnerabilities Read More »
Security researchers from Trend Micro have uncovered a Magecart skimming attack that targeted 201 online campus stores in the United States and Canada.
Magecart skimming attack targets online campus stores Read More »
Facebook provided an update to a previously disclosed incident involving insecurely storing “tens of thousands” of Instagram users’ passwords on internal servers in clear text. Facebook now says that “millions” of Instagram accounts are now impacted.
Facebook says Millions of Instagram passwords stored in clear text Read More »
The Apache Software Foundation has released new Apache Tomcat versions and mitigations to address a remote code execution (RCE) vulnerability.
Apache patches Tomcat RCE vulnerability Read More »
Multiple VPN applications are vulnerable to not properly encrypting sensitive data and insecurely storing session cookies.
VPN applications exposed to critical vulnerability Read More »
A newly discovered botnet dubbed Xwo has been scanning the internet for exposed web services and default passwords. The malware was discovered by AT&T’s Alien Labs back in March and is related to malware families MongoLock and Xbash.
Xwo botnet scans for exposed web services and default passwords Read More »
Cyber attackers have compromised hundreds of CMS sites running WordPress or Joomla to serve up Shade ransomware and phishing pages in the wild.
Compromised WordPress, Joomla sites used to spread Shade ransomware Read More »
