80K Retail WooCommerce Sites Exposed by Plugin XSS Bug

The Variation Swatches plugin security flaw lets attackers with low-level permissions tweak important settings on e-commerce sites to inject malicious scripts. The plugin “Variation Swatches for WooCommerce,” installed across 80,000…

XSS Vulnerability Patched in Plugin Designed to Enhance WooCommerce

WordFence –  WordFence –  Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List. On November 11, 2021…

Russian language hacking forums warming up to Chinese hackers

Russian cybercrime and hacking forums are opening doors to Chinese and English-speaking threat actors, which so far had been a relatively restricted domain for them. Researchers at threat intelligence firm…

Russian Ransomware Gangs Might be Collaborating with Chinese Hackers

RAMP is a Russian-language forum that debuted in July 2021 and has drawn a lot of interest from researchers and cybercriminals alike.The forum was created on the same domain that…

Russian Cybercrime Forums Open Doors to Chinese-Speakers

Russian Cybercrime Forums Open Doors to Chinese-Speakers Security researchers have started to see a thawing of relations between Russian and Chinese and English-speaking threat actors. The Russian-speaking cybercrime world has…

WooCommerce Extension – Reflected XSS Vulnerability

WordFence –  WordFence –  Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List. On November 1, 2021…

Learn Subscriptions: Course Structure and New Courses

With the Offsec Training Library (OTL) being a growing platform for continuous cybersecurity workforce development, we remain committed to delivering new content and expanding into new areas (dare we say,…

Over 1 Million Sites Impacted by Vulnerability in Starter Templates Plugin

WordFence –  WordFence –  On October 4, 2021, the Wordfence Threat Intelligence team initiated the responsible disclosure process for the Starter Templates plugin, which is installed on over 1 Million…

Is a Consolidated Approach Better for WAAP Security?

Most organizations and industries are shifting to a digital environment as it is where the future is headed. It seems the environment is in a frenzy, but if you look…

SSL certificate research highlights pitfalls for company data, competition

Research into how the enterprise handles and deploys security certificates has revealed risks to data that may be overlooked.  On Thursday, the Detectify Labs team published a report based on…