Vulnerabilities & Exploits

A WordPress GDPR plugin for managing cookies exposed sites to a vulnerability that allowed privilege escalation.

Complex and persistent threats riddled the cybersecurity landscape of 2019. Ransomware attacks found a niche in high-profile targets, while phishing scams came up with novel subterfuges.

The ThemeGrill Demo Importer plugin was found to leave nearly 100,000 WordPress websites vulnerable to threats.

On January 17, Microsoft published an advisory (ADV200001) warning users about CVE-2020-0674, a remote code execution (RCE) vulnerability involving Microsoft’s Internet Explorer (IE) web browser.

Security researchers have released PoCs for critical vulnerability CurveBall (CVE-2020-0601).

Researchers uncovered an information disclosure vulnerability (designated as CVE-2019-1463) affecting Microsoft Access, which occurs when the software fails to properly handle objects in memory.

What is the current state of SCADA vulnerabilities? Staying informed is essential in the fight against exploits and cyberattacks with real-world consequences.

Researchers discovered a vulnerability in Android devices that allows malware to hijack legitimate apps. Using this vulnerability, cybercriminals could trick users into granting permissions to their malicious apps and provide openings for phishing pages.

Cybersecurity in 2020 will be viewed through many lenses — from differing attacker motivations and cybercriminal arsenal to technological developments and global threat intelligence — only so defenders can keep up with the broad range of threats.