Avada Builder WordPress plugin flaws allow site credential theft
… The issue exists because user-controlled input from the product order parameter was inserted into an SQL ORDER BY clause without proper query preparation. …
Search
Ubiquiti patches three max severity UniFi OS vulnerabilities
… Ubiquiti products have been targeted by both state-backed hacking groups and cybercriminals in recent years, in campaigns that hijacked them to build botnets that concealed the threat actors' malicious activity. …
New Fragnesia Linux flaw lets attackers gain root privileges
… "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable." In April, Linux distros patched another root-privilege escalation vulnerability dubbed Pack2TheRoot in the PackageKit daemon that h… …
New critical Exim mailer flaw allows remote code execution
… To mitigate the risk, users of Ubuntu and Debian-based Linux distributions should apply the available Exim updates v4.99.3 through their package managers. …
Max severity Cisco Secure Workload flaw gives Site Admin privileges
… 3.10 3.10.8.3 4.0 4.0.3.17 The company also added that its Product Security Incident Response Team PSIRT has not found evidence that the vulnerability has been exploited in the wild before publishing this week's advisory. …
New Linux 'Dirty Frag' zero-day gives root on all major distros
… "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable." In April, Linux distros patched another root-privilege escalation vulnerability dubbed Pack2TheRoot that had been found after a dec… …
Inside the REMUS Infostealer: Session Theft, MaaS, and Rapid Evolution
… The analyzed posts show a threat actor aggressively building a commercial cybercrime product around the malware. …
Microsoft plans to improve Windows 11 driver quality in 2026
… While the lack of an event doesn’t necessarily mean poor drivers, users have observed a decrease in quality, as monthly driver updates would frequently cause BSODs or artifacts in games. …
Inside a Crypto Drainer: How to Spot it Before it Empties Your Wallet
… In one promotional post, the actor explains that affiliates provide “traffic through phishing links, fake websites, and similar methods,” while the service manages “signatures, approvals, and token transfers.” The same post describes the service as commission-based and presents Lucifer Drainer as a… …
Trend Micro warns of Apex One zero-day exploited in the wild
… "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable." On Thursday, Trend Micro also released security updates to address seven local privilege escalation vulnerabilities in the Apex One… …