Critical WordPress Plug-in Flaw Exposes 4M Sites to Takeover
A vulnerability found in the Really Simple Security plug-in allows an attacker to remotely gain access to any account on…
Salt Typhoon Hits T-Mobile as Part of Telecom Attack Spree
The company says no sensitive data was stolen, but federal agencies claim otherwise. CISA and FBI sources said attackers accessed…
Fintech Giant Finastra Investigating Data Breach
The financial technology firm Finastra is investigating the alleged large-scale theft of information from its internal file transfer platform, KrebsOnSecurity…
Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities
Apple has released security updates for iOS, iPadOS, macOS, visionOS, and its Safari web browser to address two zero-day flaws…
High-Severity Flaw in PostgreSQL Allows Hackers to Exploit Environment Variables
Cybersecurity researchers have disclosed a high-severity security flaw in the PostgreSQL open-source database system that could allow unprivileged users to…
Experts Uncover 70,000 Hijacked Domains in Widespread ‘Sitting Ducks’ Attack Scheme
Multiple threat actors have been found taking advantage of an attack technique called Sitting Ducks to hijack legitimate domains for…
Flexible Structure of Zip Archives Exploited to Hide Malware Undetected
Attackers abuse concatenation, a method that involves appending multiple zip archives into a single file, to deliver a variant of…
Microsoft Power Pages Leak Millions of Private Records
Less-experienced users of Microsoft’s website building platform may not understand all the implications of the access controls in its low-…