Searchenginejournal.com

WP Statistics WordPress Plugin Patches CSRF Vulnerability

The United States Government National Vulnerability Database (NVD) published an advisory about a vulnerability discovered in the WP Statistics WordPress plugin that affects up to 600,000 active ...
Searchenginejournal.com

WordPress Vulnerability In Shortcodes Ultimate Impacts 700,000 Sites

The United States government National Vulnerability Database (NVD) published an advisory about Shortcodes Ultimate WordPress plugin, warning that it was discovered to contain a Cross Site Request ...
Cyber Daily

US cyber agency adds 5 known exploited vulnerabilities to its KEV catalogue

Cisco IOS, Fortra GoAnywhere, and open-source database manager Adminer all make the cut in the latest CISA KEV update.
CSOonline

MLflow vulnerability enables remote machine learning model theft and poisoning

Patched in the latest version of MLflow, the flaw allows attackers to steal or poison sensitive training data when a developer visits a random website on the internet. This has been a pivotal year for ...
SecurityWeek

Organizations Warned of Exploited Sudo Vulnerability

CISA warned that a recently patched local privilege escalation vulnerability in Sudo has been exploited in the wild.
WPRI 12

Xeris Threat Lab Uncovers Metadata Forgery Vulnerability in MCP Servers

Silent metadata manipulation allows malicious MCP Servers to access unauthorized LLM data, exposing a new layer of AI infrastructure risk This isn’t a prompt injection or jailbreak; it’s a silent ...
Bleeping Computer

Hackers exploit Ivanti SSRF flaw to deploy new DSLog backdoor

Hackers are exploiting a server-side request forgery (SSRF) vulnerability in Ivanti Connect Secure, Policy Secure, and ZTA gateways to deploy the new DSLog backdoor on vulnerable devices. The ...