Alerts

WordPress Urges Users to Uninstall Yuzo Plugin After Flaw Exploited

A vulnerability in the Yuzo Related Posts WordPress plugin, used by 60,000 websites, is being exploited in the wild.


WordPress Yellow Pencil Plugin Flaws Actively Exploited

Yet another WordPress plugin, Yellow Pencil Visual Theme Customizer, is being exploited in the wild after two software vulnerabilities were discovered.


Vulnerability in Multiple VPN Applications

Original release date: April 12, 2019 The CERT Coordination Center (CERT/CC) has released information on a vulnerability affecting multiple Virtual Private Network (VPN) applications. An attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review CERT/CC’s Vulnerability Note VU#192371 for more information and refer to vendors for appropriate updates, when available. This product is provided subject to this Notification and this Privacy & Use policy.


Verizon Router Command Injection Flaw Impacts Millions

A high-severity flaw in the Verizon Fios Quantum Gateway, used in millions of U.S. homes, could allow for command injection.


Adobe Fixes 24 Critical Flaws in Acrobat Reader, Flash, Shockwave Player

During its regularly scheduled April security update, Adobe overall issued 43 patches, including ones for 24 critical vulnerabilities in eight of its products.


Intel Patches High-Severity Flaws in Media SDK, Mini PC

Overall Intel patched four vulnerabilities, including high-severity flaws in its Media SDK and Intel NUC mini PC.


Microsoft Releases April 2019 Security Updates

Original release date: April 09, 2019 Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Microsoft’s April 2019 Security Update Summary and Deployment Information and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.


TP-Link Routers Vulnerable to Zero-Day Buffer Overflow Attack

Consumer router models allowed authenticated users to take unrestricted remote control over TL-WR940N and TL-WR941ND routers.


SB19-098: Vulnerability Summary for the Week of April 1, 2019

Original release date: April 08, 2019 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information. The vulnerabilities …
Read More »


Cisco Finally Patches Router Bugs As New Unpatched Flaws Surface

Cisco repatched its RV320 and RV325 routers against two high-severity vulnerabilities, but at the same time reported two new medium-severity bugs with no fixes.