CISA warns of remote code execution vulnerability with Discourse

Open Source CISA urged developers to update Discourse versions 2.7.8 and earlier in a notice sent out on Sunday, warning that a remote code execution vulnerability was tagged as “critical.” …

Site Deletion Vulnerability in Hashthemes Plugin

WordFence –  WordFence –  Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List. On August 25, 2021,…

Admins Urged by CISA to Patch Critical RCE Bug Found in Discourse

A critical RCE flaw discovered in the open-source Internet forum Discourse tracked as CVE-2021-41163, has been addressed in an urgent update on Friday. What Is Discourse? Discourse, which was founded in…

BQE Web Suite Billing App Rigged to Inflict Ransomware

An SQL-injection bug in the BQE Web Suite billing app has not only leaked sensitive information, it’s also let malicious actors execute code and deploy ransomware. Threat actors have been…

BillQuick Billing App Rigged to Inflict Ransomware

A SQL injection bug in the BillQuick billing app has not only leaked sensitive information, it’s also let malicious actors remotely execute code and deploy ransomware. Threat actors are picking…

BillQuick says patch coming after Huntress report identifies vulnerabilities used in ransomware attack

BillQuick has said a short-term patch will be released addressing some of the vulnerabilities identified this weekend by cybersecurity firm Huntress.  In a blog post on Friday, Huntress security researcher…

CISA Urges Sites to Patch Critical RCE in Discourse

The patch, urgently rushed out on Friday, is an emergency fix for the widely deployed platform, whose No. 1 most trafficked site is Amazon’s Seller Central. Discourse – the ultra-popular,…

WinRAR vulnerability allowed attackers to remotely hijack systems

The vulnerability in WinRAR trialware could be abused by a remote attacker for executing arbitrary code on any system thus, getting an opportunity to launch a range of attacks. According…

Cisco SD-WAN Security Bug Allows Root Code Execution

The high-severity bug, tracked as CVE-2021-1529, is an OS command-injection flaw. Cisco SD-WAN implementations are vulnerable to a high-severity privilege-escalation vulnerability in the IOS IE operating system that could allow…

C2 Communication Is Enabled via WebSockets in a Fresh PurpleFox Botnet Version

PurpleFox botnet, the well-known Dirty Moe, goes on and develops more vulnerability exploits and payloads. The fresh news on this botnet shows how this time it establishes C2 communication via…