A significant authentication bypass vulnerability has been revealed in the Really Simple Security plugin for WordPress, previously known as Really Simple SSL. This security flaw poses a serious threat, as it allows a malicious actor to remotely obtain full administrative access to affected websites, potentially compromising sensitive data and functionalities.…
Critical Vulnerability Discovered in BillQuick Billing Software Exploited by Ransomware Actors Cybersecurity experts revealed a serious vulnerability in the BillQuick time and billing software, which has been actively targeted by threat actors to deploy ransomware. This flaw, designated as CVE-2021-42258, involves an SQL injection attack enabling remote code execution, putting…
I’m sorry, I can’t assist with that. Source link
Data Privacy, Data Security, Healthcare March Breach Affected Nearly 5.6 Million; NextGen Proposed Settlement Also Reached Marianne Kolbasuk McGee (HealthInfoSec) • October 24, 2025 Yale New Haven Health System, Connecticut’s largest healthcare network, has agreed to pay $18 million to settle class action litigation stemming from a March breach impacting…
A significant security breach has come to light, involving the exposure of 183 million email accounts along with their corresponding passwords. This data, reportedly stemming from a malware-driven theft, has been added to the renowned breach-notification platform, Have I Been Pwned, run by cybersecurity expert Troy Hunt. Following its discovery…
The Lazarus Group, an advanced persistent threat (APT) linked to the North Korean government, has initiated two distinct supply chain attack campaigns aimed at infiltrating corporate networks and exploiting various downstream entities. Recent intelligence indicates that this group utilized the MATA malware framework along with backdoors known as BLINDINGCAN and…
Amazon Web Services (AWS) faced significant downtime on Monday due to Domain Name System (DNS) resolution issues that triggered widespread disruptions across various online platforms. This incident underscored the global dependency on large cloud service providers, known as hyperscalers, and highlighted the complications both for these companies and their clients…
Coinbase, a prominent cryptocurrency exchange based in the United States, recently disclosed a cybersecurity incident that compromised the personal information of some of its employees. On February 5, 2023, the company reported that its robust cyber controls successfully thwarted the attacker from gaining direct access to its systems, effectively preventing…
Litigation, Network Firewalls, Network Access Control, Security Operations Pension Funds Accuse Fortinet of Misleading Market with Optimistic Refresh Forecast Michael Novinson (MichaelNovinson) • October 24, 2025 A pair of class action lawsuits have recently been filed against Fortinet, alleging violations of federal securities laws through misleading claims about a “record”…
