On July 17, 2026, the WordPress Security Team released updates to WordPress core addressing two security vulnerabilities. The first is an unauthenticated SQL injection vulnerability identified as CVE-2026-60137, while the second can be chained with the SQL injection to increase…
Tag: EN
Apple Sued Over Hide My Email Privacy Claims
Apple faces a proposed class action alleging a Hide My Email flaw could expose users’ real addresses despite the company’s privacy claims. The post Apple Sued Over Hide My Email Privacy Claims appeared first on TechRepublic. This article has been…
New FCC Proposal Pits Phone Privacy Against Fraud Prevention
The FCC has proposed requiring identity verification for phone activation, a move supporters say will fight fraud while critics warn it threatens privacy. The post New FCC Proposal Pits Phone Privacy Against Fraud Prevention appeared first on TechRepublic. This article…
Critical Zoom Flaw Could Let Attackers Take Over Windows Accounts
Zoom patched a critical Windows flaw that could enable remote account takeover, along with three high-severity privilege-escalation vulnerabilities. The post Critical Zoom Flaw Could Let Attackers Take Over Windows Accounts appeared first on TechRepublic. This article has been indexed from…
Microsoft’s ‘Project Perception’ Could Challenge Anthropic’s Mythos in AI Security
Microsoft is reportedly developing Project Perception, a lower-cost AI security tool that would use multiple models to identify enterprise vulnerabilities. The post Microsoft’s ‘Project Perception’ Could Challenge Anthropic’s Mythos in AI Security appeared first on TechRepublic. This article has been…
23andMe Agrees to $18M Settlement With 43 States Over 2023 Data Breach
23andMe will pay $18 million to settle claims from 43 states over its 2023 data breach, which exposed genetic information tied to nearly 7 million people. The post 23andMe Agrees to $18M Settlement With 43 States Over 2023 Data Breach…
Million Email Phishing Campaign Uses Text Salting
Barracuda researchers identified more than one million phishing emails using text salting to manipulate AI-powered email security. The post Million Email Phishing Campaign Uses Text Salting appeared first on eSecurity Planet. This article has been indexed from eSecurity Planet Read…
Ernst & Young (EY) Investigates Data Breach Involving Third-Party Support Tickets
Ernst & Young (EY) disclosed a data breach after attackers compromised a third-party IT support system containing client documents and tax information. Ernst & Young (EY) is disclosed a data breach linked to a compromised third-party support ticket system used…
New wp2shell WordPress Core Flaw Lets Unauthenticated Attackers Run Code
An anonymous HTTP request can run code on a WordPress site. The bug is in core, so a bare install with zero plugins is exploitable. Every 6.9 and 7.0 site was in range until Friday, when WordPress shipped 6.9.5 and…
The Zoom hack that says, ‘Don’t record me’
If every meeting, watercooler conversation, and date gets transcribed and summarized, who’s actually reading any of it? This article has been indexed from Security News | TechCrunch Read the original article: The Zoom hack that says, ‘Don’t record me’
Friday Squid Blogging: Squid Washing Up on Cape Cod Beach
Lots of articles about this. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Blog moderation policy. This article has been indexed from Schneier on Security Read…
The Department of Know: CMMC suspended, ShareFile shutdown, Context Bombing strikes back
“Context Bombing” flips the script on prompt injections Pentagon suspends CMMC Phase II requirements Old tech, new problems Get the show notes here: https://cisoseries.com/the-department-of-know-cmmc-suspended-sharefile-shutdown-context-bombing-strikes-back/ This week’s Department of Know is hosted by Rich Stroffolino, with guests Tom Hollingsworth, networking technology…
OpenSSL HollowByte Flaw Could Freeze Server Memory with 11-Byte TLS Requests
Eleven bytes will make an unpatched OpenSSL server set aside up to 131 KB of memory for a message that never arrives. On the glibc systems Okta tested, that memory is gone until the process restarts. OpenSSL shipped the HollowByte…
From Recon to Free Flights: Precision Prompt Attacks on AI Agents
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from Blog Read the original article: From Recon to Free Flights: Precision Prompt Attacks on AI Agents
OpenSSL “HollowByte” Vulnerability Lets Hackers Crash Servers With Just 11 Bytes
A newly disclosed vulnerability in OpenSSL, dubbed “HollowByte,” allows a remote, unauthenticated attacker to trigger a denial-of-service (DoS) condition using a malicious payload as small as 11 bytes. Discovered by the Okta Red Team, the flaw exploits how OpenSSL pre-allocates…
Seven Malicious Vite npm Packages Use Blockchain C2 to Deliver a RAT
Cybersecurity researchers have discovered a cluster of seven malicious npm packages targeting the Vite frontend tooling ecosystem as part of a software supply chain attack. The malicious package campaign, codenamed ViteVenom by Checkmarx, marks an expansion of ChainVeil, which was…
Attackers are Exploiting Trust in 2026, not Just Technology
Attackers are exploiting trust, not just technology, making continuous identity verification more critical than ever. The post Attackers are Exploiting Trust in 2026, not Just Technology appeared first on eSecurity Planet. This article has been indexed from eSecurity Planet Read…
Top 25 Cybersecurity Companies in 2026
Learn about the top 25 cybersecurity companies in 2026 and what each does best. The post Top 25 Cybersecurity Companies in 2026 appeared first on eSecurity Planet. This article has been indexed from eSecurity Planet Read the original article: Top…
Industry reacts to Gold Eagle vulnerability management plan
<p>The tech industry is cautiously optimistic about the U.S. government’s announcement this week to create a centralized clearinghouse for AI-discovered vulnerabilities. The key, executives and analysts said, will be how well the new initiative executes on its mission to collect…
A cyberattack hit Nichirei, one of Japan’s largest food companies
A cyberattack hit one of Japan’s largest food companies, Nichirei, disrupting logistics and shipments. The company is gradually restoring operations. Nichirei is one of Japan’s largest food companies, best known for its frozen food business. Founded in 1942 and headquartered…