From a backdoor placed in the Webmin utility to vulnerability disclosure drama around zero-days in Valve’s Steam gaming clients, Threatpost breaks down this week’s top stories.
After Valve banned him from its bug bounty program, a researcher has found a second zero-day vulnerability affecting the Steam gaming client.
The phone company has sued the startup for copyright infringement.
Up to 24 Apache Struts Security Advisories listed the wrong versions that were impacted by vulnerabilities, researchers warn.
Threatpost catches up with David Baker, the chief security officer at Bugcrowd, about the future of bug bounty programs.
Icegram is a plugin that helps you collect email addresses for your newsletter. Other features include light-box popup offers, header action bars, toast notifications, and slide-in messengers. Versions 126.96.36.199 and lower are affected by a persistent Cross-Site Scripting in the admin area. This plugin has over 40,000 installations and any attacker with a subscriber account
On May 28th, a critical OS Command Injection vulnerability affecting the WP-Database-Backup plugin was disclosed to the public by the Wordfence team. This is a very nasty bug which made it possible for a bad actor to get full control of affected websites — with over 70,000 reported active installs. Are you Affected? This vulnerability
The WordPress Slimstat plugin, which currently has over 100k installs, allows your website to gather analytics data for your WordPress website. It will track certain information such as the browser and operating system details, plus page visits to optimize the website analytics. Versions below 4.8.1 are affected by an unauthenticated stored XSS on the administrator
During a routine research audits for our Sucuri Firewall, we discovered an Unauthenticated Persistent Cross-Site Scripting (XSS) affecting 60,000+ users of the WP Live Chat Support WordPress plugin. Current State of the Vulnerability Though this security bug has been fixed in the 8.0.27 release, it can be exploited by an attacker without any account in