A pair of popular WordPress plugins used to help sites cache content have fixed serious vulnerabilities that attackers could exploit simply by including special HTML code in a comment. Both WP Super ...

Unknown attackers have deployed a newly discovered backdoor dubbed Msupedge on a university's Windows systems in Taiwan, likely by exploiting a recently patched PHP remote code execution vulnerability ...

Threat intelligence company GreyNoise warns that a critical PHP remote code execution vulnerability that impacts Windows systems is now under mass exploitation. Tracked as CVE-2024-4577, this PHP-CGI ...

Cenzic, a provider of Web application security vulnerability assessment and risk management solutions, has released their Web Application Security Trends Report – Q1-Q2, 2009. Among the findings of ...

Security researchers have warned users of a popular WordPress plugin that they need to patch urgently or risk their site being remotely hijacked. Security vendor Wordfence has revealed a new PHP code ...

The Federal Bureau of Investigations (FBI) is warning that someone is scraping credit card data from the checkout pages of US businesses' websites. "As of January 2022, unidentified cyber actors ...

Security holes in the Apache Geronimo Application Server and SAP cFolders headline a list of five serious Web app vulnerabilities that demand immediate attention. According to Mark Painter from the HP ...

A hacker compromised the server used to distribute the PHP programming language and added a backdoor to source code that would have made websites vulnerable to complete takeover, members of the open ...

If your eyes glazed over at the recent announcement of an “SQL injection” vulnerability in WordPress, take heart. You’re not alone. SQL injection attacks are a common kind of security flaw, but are ...