Flaws in social login mechanisms are leaving thousands of websites and a billion of their users vulnerable to account takeovers, API security company Salt Security warns. The latest research by Salt Security identified flaws in the access token verification step of the social sign-in process, part of the OAuth implementation on these websites.

Cisco has identified a critical security issue affecting its IOS XE software, specifically a zero-day vulnerability tracked as CVE-2023-20273 with a CVSS score of 7.2. This flaw is actively exploited by unknown threat actors to deploy a malicious Lua-based implant on vulnerable devices. Additionally, this zero-day was utilized in conjunction with CVE-2023-20198 (CVSS score: 10.0) to create an exploit chain.

In today’s digital age, our smartphones have become an essential part of our lives. They store sensitive information, offer access to personal accounts, and play a vital role in communication. As a result, it is crucial to stay updated on the latest security advisories, especially for mobile devices.

The world of cybersecurity is constantly evolving, and so are the threats to websites and online platforms. In a recent discovery, a dangerous new malware has emerged, camouflaging itself as a legitimate caching plugin, specifically targeting WordPress websites. This insidious backdoor has the potential to wreak havoc by creating rogue administrators, taking control of websites, and undermining both user privacy and SEO rankings. This blog post will delve into the details of this new threat, its disguise, and its capabilities.

In a world where our smartphones have become an essential part of our lives, it is crucial to ensure their security. Recently, the Indian government issued a critical warning for Android users, particularly those using Android versions 13 and older. This warning is significant, given the large number of Android users in India.

Cybersecurity is a top priority for organizations of all sizes, as cyber threats continue to evolve at an unprecedented pace. In response to this ever-changing landscape, the National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have released a joint cybersecurity advisory (CSA) highlighting the top ten cybersecurity misconfigurations that leave organizations vulnerable to attack.

Apple has released an emergency security update to address two newly discovered zero-day vulnerabilities that have been actively exploited to attack iPhones and iPads.Apple has not confirmed any in-the-wild exploitation of the libvpx bug, but it is worth noting that Google and Microsoft have previously patched it as a zero-day in their products.The latest security update is available for all devices running iOS 17.0.3 and iPadOS 17.0.3 or later. Apple urges all users to install the update as soon as possible.

In the ever-evolving cybersecurity landscape, zero-day vulnerabilities have become prized commodities, fetching jaw-dropping sums of money on the black market. These zero-day exploits, which can be used to compromise popular instant messaging apps like WhatsApp, have recently reached a staggering valuation in the millions of dollars. The surge in demand for such exploits poses a grave threat to the security of the millions of users who rely on these platforms for communication.

In today’s digital landscape, where technology plays an increasingly vital role, security is paramount. The importance of safeguarding your systems against vulnerabilities cannot be overstated. In this context, we bring to your attention a critical security advisory regarding Supermicro baseboard management controllers (BMCs). Recent discoveries have unearthed a series of vulnerabilities in the Intelligent Platform Management Interface (IPMI) firmware used by Supermicro BMCs. These vulnerabilities have the potential to compromise system security and demand immediate attention from all stakeholders. Let’s delve into the details to understand the nature of the threat and how to protect your systems effectively.