Three popular WordPress plugins with tens of thousands of active installations are vulnerable to high-severity or critical SQL injection vulnerabilities, with proof-of-concept exploits now publicly available.
Housing, mental health: Oregon lawmakers face linked crises
Homelessness, mental health and addiction treatment will be among the top issues for Oregon lawmakers when the legislative session starts on Tuesday.
Pro-Russian Group DDoS-ing Governments, Critical Infrastructure in Ukraine, NATO Countries
A Pro-Russian cybercrime group named NoName057(16) is actively launching distributed denial-of-service (DDoS) attacks against organizations in Ukraine and NATO countries.
Three ex-employees say SoundHound laid off ~200 people, or ~50% of staff, with two weeks of severance that will only be paid if the company can raise more money (Mack DeGeurin/Gizmodo)
Mack DeGeurin / Gizmodo:
Three ex-employees say SoundHound laid off ~200 people, or ~50% of staff, with two weeks of severance that will only be paid if the company can raise more money — The massive restructuring comes just one yea…
British-Iranian national Alireza Akbari ‘executed’ in Iran – report
British-Iranian national Alireza Akbari, a former senior defence official in Iran accused of working for British intelligence, has been executed, according to Iran’s state media.
People are selling compromised credentials from organisations everywhere. How do they get them in the first place?
Seems like alot of notorious ransomware groups are essentially buying access through stolen credentials.
How are people obtaining creds though?
I’m assuming things like dictionary attacks against public facing servers are a very unlikely method. But maybe I’m wrong.
haveibeenpwned databases with cracking maybe?
Anyone with actual experience with Blackhat care to share some light?
submitted by /u/thehunter699
[link] [comments]
Most Cacti Installations Unpatched Against Exploited Vulnerability
In December 2022, the tool’s maintainers announced patches for CVE-2022-46169, a critical-severity command injection flaw that could allow unauthenticated attackers to execute code on the server running Cacti, if a specific data source was used.
Brazil’s Supreme Court agrees to probe Bolsonaro for riot
Brazil’s Supreme Court has agreed to investigate whether former president Jair Bolsonaro incited the far-right mob that ransacked the country’s Congress, top court and presidential offices, a swift escalation in the probe that shows the ex-leader could…
Biden welcomed back to Georgia after laying low in midterms
During the 2022 midterm campaign, President Joe Biden steered clear of Georgia as Sen. Raphael Warnock, like other battleground-state Democrats, sought to distance himself from the White House amid an inflationary economy and the president’s lagging ap…