Critical WordPress-Plugin Bug Found in ‘Orbit Fox’ Allows Site Takeover

Two security vulnerabilities — one a privilege-escalation problem and the other a stored XSS bug — afflict a WordPress plugin with 40,000 installs. Continue reading Critical WordPress-Plugin Bug Found in ‘Orbit Fox’ Allows Site Takeover

Millions of Unpatched IoT, OT Devices Threaten Critical Infrastructure

Industrial, factory and medical gear remain largely unpatched when it comes to the URGENT/11 and CDPwn groups of vulnerabilities. Continue reading Millions of Unpatched IoT, OT Devices Threaten Critical Infrastructure

Wormable Apple iCloud Bug Allows Automatic Photo Theft

Ethical hackers so far have earned nearly $300K in payouts from the Apple bug-bounty program for discovering 55 bugs, 11 of them critical, during a three-month hack. Continue reading Wormable Apple iCloud Bug Allows Automatic Photo Theft

Thousands of Vulnerable F5 BIG-IP Users Still Open to Takeover

Less than 500 machines have been patched since U.S. Cyber Command issued an alert to patch a critical bug that’s under active exploit. Continue reading Thousands of Vulnerable F5 BIG-IP Users Still Open to Takeover

PayPal Subsidiary TIO Networks Suffers Breach Affecting 1.6 Million Users

Payments processor TIO Networks identified a security breach that potentially has compromised the personally identifiable information of 1.6 million people. PayPal, which acquired TIO in July for more than $230 million, suspended the company’s op… Continue reading PayPal Subsidiary TIO Networks Suffers Breach Affecting 1.6 Million Users