A newly disclosed a pre-authentication remote code execution (RCE) vulnerability in WordPress Core, dubbed “wp2shell,” that requires no authentication and affects stock WordPress installations with zero plugins installed. Given that WordPress powers an estimated 500 million websites globally. The flaw…
Tag: EN
Prompt Injection Attacks Are Thwarting AI Hacking Agents
“Context bombing” tricks malicious AI agents into shutting down before they can do harm. This article has been indexed from Security Latest Read the original article: Prompt Injection Attacks Are Thwarting AI Hacking Agents
EY Data Breach – Hackers Access Third-Party IT Support Platform and Steal Client Tax Documents
Ernst & Young LLP (EY) has confirmed a data security incident in which an unauthorized third party breached a third-party IT service management platform used by its tax practice, exfiltrating documents containing client personal and financial information. The Big Four…
OpenSSL DoS Vulnerability Lets Remote Attackers Exhaust Server Memory With an 11-Byte Payload
A newly disclosed vulnerability reminds us how deeply our digital infrastructure relies on foundational libraries. The Okta Red Team recently discovered “HollowByte,” a Denial of Service (DoS) flaw in OpenSSL that allows a remote, unauthenticated attacker to force a server…
Citrix Secure Access Client Flaw Lets Low-Privileged Windows Users Gain SYSTEM Privileges
Cloud Software Group has issued a High-severity security bulletin (CTX696734) disclosing two vulnerabilities in the Citrix Secure Access Client for Windows and the Citrix Endpoint Analysis Client for Windows. The more serious of the two, tracked as CVE-2026-53565, allows a…
AI Is Supercharging Cyberattacks | Cybersecurity Today On The Weekend | July 18, 2026
Artificial intelligence is changing cybersecurity on both sides of the battle. While defenders are adopting AI to improve detection and response, attackers are using it to discover vulnerabilities, automate exploitation, and dramatically accelerate the pace of attacks. In this episode…
Why Operational Resilience and Digital Sovereignty Top the CIO Agenda – by Martin Lentle
For CIOs across the Middle East Africa, keeping systems online is the foundation of customer trust. As public sector institutions and private enterprises accelerate their digital transformation, maintaining this operational uptime is the top priority. In a complex business landscape,…
Agentic AI, Red Hat OpenShift, and NVIDIA: Shifting to precision security
Red Hat is pioneering the use of agentic AI to shift vulnerability management from volume to precision. By combining the security-hardened foundation of Red Hat OpenShift with advanced AI frameworks from NVIDIA, we’re delivering actionable security intelligence that provides genuine…
New wp2shell RCE Vulnerability Hits Millions of WordPress Sites, Emergency Patch Released
A critical pre-authentication remote code execution (RCE) vulnerability dubbed “wp2shell” has been discovered in WordPress Core, putting an estimated 500 million+ websites at risk of full takeover by unauthenticated attackers. Security researcher Adam Kues of Searchlight Cyber’s Assetnote research team…
PSA: WordPress Core Patched Unauthenticated Remote Code Execution Vulnerability Chain
On July 17, 2026, the WordPress Security Team released updates to WordPress core addressing two security vulnerabilities. The first is an unauthenticated SQL injection vulnerability identified as CVE-2026-60137, while the second can be chained with the SQL injection to increase…
Apple Sued Over Hide My Email Privacy Claims
Apple faces a proposed class action alleging a Hide My Email flaw could expose users’ real addresses despite the company’s privacy claims. The post Apple Sued Over Hide My Email Privacy Claims appeared first on TechRepublic. This article has been…
New FCC Proposal Pits Phone Privacy Against Fraud Prevention
The FCC has proposed requiring identity verification for phone activation, a move supporters say will fight fraud while critics warn it threatens privacy. The post New FCC Proposal Pits Phone Privacy Against Fraud Prevention appeared first on TechRepublic. This article…
Critical Zoom Flaw Could Let Attackers Take Over Windows Accounts
Zoom patched a critical Windows flaw that could enable remote account takeover, along with three high-severity privilege-escalation vulnerabilities. The post Critical Zoom Flaw Could Let Attackers Take Over Windows Accounts appeared first on TechRepublic. This article has been indexed from…
Microsoft’s ‘Project Perception’ Could Challenge Anthropic’s Mythos in AI Security
Microsoft is reportedly developing Project Perception, a lower-cost AI security tool that would use multiple models to identify enterprise vulnerabilities. The post Microsoft’s ‘Project Perception’ Could Challenge Anthropic’s Mythos in AI Security appeared first on TechRepublic. This article has been…
23andMe Agrees to $18M Settlement With 43 States Over 2023 Data Breach
23andMe will pay $18 million to settle claims from 43 states over its 2023 data breach, which exposed genetic information tied to nearly 7 million people. The post 23andMe Agrees to $18M Settlement With 43 States Over 2023 Data Breach…
Million Email Phishing Campaign Uses Text Salting
Barracuda researchers identified more than one million phishing emails using text salting to manipulate AI-powered email security. The post Million Email Phishing Campaign Uses Text Salting appeared first on eSecurity Planet. This article has been indexed from eSecurity Planet Read…
Ernst & Young (EY) Investigates Data Breach Involving Third-Party Support Tickets
Ernst & Young (EY) disclosed a data breach after attackers compromised a third-party IT support system containing client documents and tax information. Ernst & Young (EY) is disclosed a data breach linked to a compromised third-party support ticket system used…
New wp2shell WordPress Core Flaw Lets Unauthenticated Attackers Run Code
An anonymous HTTP request can run code on a WordPress site. The bug is in core, so a bare install with zero plugins is exploitable. Every 6.9 and 7.0 site was in range until Friday, when WordPress shipped 6.9.5 and…
The Zoom hack that says, ‘Don’t record me’
If every meeting, watercooler conversation, and date gets transcribed and summarized, who’s actually reading any of it? This article has been indexed from Security News | TechCrunch Read the original article: The Zoom hack that says, ‘Don’t record me’
Friday Squid Blogging: Squid Washing Up on Cape Cod Beach
Lots of articles about this. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Blog moderation policy. This article has been indexed from Schneier on Security Read…