Security News

Apple on Monday released security patches for iOS, iPadOS, macOS, tvOS, watchOS, and Safari web browser to address multiple security flaws, in addition to backporting fixes for two recently...

Apache has released a security advisory warning of a critical security flaw in the Struts 2 open-source web application framework that could result in remote code execution. Tracked...

A critical severity vulnerability in a WordPress plugin with more than 90,000 installs can let attackers gain remote code execution to fully compromise vulnerable websites.The security bug was discovered by a team of bug hunters known as Nex Team, who reported it to WordPress security firm Wordfence under a recently launched bug bounty program.

WordPress has released version 6.4.2 with a patch for a critical security flaw that could be exploited by threat actors by combining it with another bug to execute arbitrary PHP code on vulnerable...

Atlassian has published security advisories for four critical remote code execution vulnerabilities impacting Confluence, Jira, and Bitbucket servers, along with a companion app for macOS. All security issues addressed received a critical-severity score of at least 9.0 out of 10, based on Atlassian's internal assessment. Due to the popularity of Atlassian products and their extensive deployment in corporate environments, system administrators should prioritize applying the available updates.

Atlassian has released security updates for four critical vulnerabilities in its various offerings that could be exploited to execute arbitrary code. CVE-2022-1471 is a deserialization flaw in the SnakeYAML library for Java that can lead to remote code execution.

A collection of 21 security flaws have been discovered in Sierra Wireless AirLink cellular routers and open-source software components like TinyXML and OpenNDS. Collectively tracked as Sierra:21,...

Atlassian has released software fixes to address four critical flaws in its software that, if successfully exploited, could result in remote code execution. The list of vulnerabilities is below -...

Atlassian has emailed its customers to warn of four critical vulnerabilities, but the message had flaws of its own - the links it contained weren't live for all readers at the time of despatch. The email, seen by The Register, warns of flaws rated 9.0 or higher on the Common Vulnerability Scoring System scale and offers a link to an advisory.

A set of 21 newly discovered vulnerabilities impact Sierra OT/IoT routers and threaten critical infrastructure with remote code execution, unauthorized access, cross-site scripting, authentication bypass, and denial of service attacks. The flaws discovered by Forescout Vedere Labs affect Sierra Wireless AirLink cellular routers and open-source components like TinyXML and OpenNDS. AirLink routers are highly regarded in the field of industrial and mission-critical applications due to high-performance 3G/4G/5G and WiFi and multi-network connectivity.