This Month in Cybersecurity - October Edition

JetPack Plugin Patches After Affecting 27 Million Sites

The Jetpack WordPress plugin, used on millions of sites, has released a critical security update to fix a vulnerability that allowed logged-in users to view others' submitted forms. This issue was discovered during an internal audit and has existed since 2016. Jetpack, part of Automattic, collaborated with the WordPress.org Security Team to ensure that users receive the update automatically, addressing the flaw in numerous versions of the plugin.

Read More

This Month in Cybersecurity - September Edition

Windows Vulnerability Exploited as Zero-Day

Microsoft has recently highlighted a significant security vulnerability in Windows, known as CVE-2024-43461, which affects the retired Internet Explorer browser. Although Internet Explorer is no longer actively used, the underlying platform it utilized remains part of Windows and can still pose risks. This vulnerability allows attackers to run malicious code if a user inadvertently visits a harmful webpage or opens a tainted file. The flaw, which can mislead users about the true nature of a downloaded file, was exploited in the wild prior to its patching in September 2024.

Read More