The Discovery of a Polygon Vulnerability Rewarded with a Prize to the Tune of $2 Million

A bug bounty reward worth $2 Million went to researcher Gerhard Wagner based on his discovery of a critical flaw located in Polygon’s Plasma Bridge. If successfully exploited, this Polygon…

Site Deletion Vulnerability in Hashthemes Plugin

WordFence –  WordFence –  Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List. On August 25, 2021,…

Admins Urged by CISA to Patch Critical RCE Bug Found in Discourse

A critical RCE flaw discovered in the open-source Internet forum Discourse tracked as CVE-2021-41163, has been addressed in an urgent update on Friday. What Is Discourse? Discourse, which was founded in…

Nobelium APT Group: A New Supply Chain Attack where Tech Resellers Are Targeted

Nobelium APT group, the one behind the famous SolarWinds attack and also associated with Russia’s spy agency, seems to reenter the threat landscape scene. This time its targets are tech resellers,…

Nearly all US execs have experienced a cybersecurity threat, but some say there's still no plan

A new survey suggests the majority of US executives have encountered a cybersecurity incident but this has not translated into the creation of incident response plans. On Tuesday, Deloitte published…

SolarWinds hackers, Nobelium, hit cloud providers and resellers

So far, Microsoft has informed 140 companies about the new attack campaign being carried out by Nobelium 14 of which were compromised by the group. The IT security researchers at…

BQE Web Suite Billing App Rigged to Inflict Ransomware

An SQL-injection bug in the BQE Web Suite billing app has not only leaked sensitive information, it’s also let malicious actors execute code and deploy ransomware. Threat actors have been…

BillQuick Billing App Rigged to Inflict Ransomware

A SQL injection bug in the BillQuick billing app has not only leaked sensitive information, it’s also let malicious actors remotely execute code and deploy ransomware. Threat actors are picking…

BillQuick says patch coming after Huntress report identifies vulnerabilities used in ransomware attack

BillQuick has said a short-term patch will be released addressing some of the vulnerabilities identified this weekend by cybersecurity firm Huntress.  In a blog post on Friday, Huntress security researcher…

SolarWinds APT Targets Tech Resellers in Latest Supply-Chain Cyberattacks

The Nobelium group, linked to Russia’s spy agency, is looking to use resellers as a path to infiltrate their valuable downstream customers – and it’s working. The SolarWinds attackers –…