Jan 25, 2023 | Podcast
A popular wordpress learning management system, called LearnPress, was vulnerable to multiple critical severity vulnerabilities. This includes SQL injection and local file inclusion. The vulnerability was patched on December 20, 2022 with the release of version 4.2.0....
Jan 24, 2023 | Podcast
Researchers from Trend Micro recently demonstrate how GitHub Codespaces can easily be configured to act as a web server for distributing malware. Launched in November 2022, GitHub Codespaces allows developers to deploy cloud-hosted platforms in virtualised containers...
Jan 23, 2023 | Podcast
There’s been a rise of attackers using Microsoft OneNote attachments to spread malware and infect victim’s computers. Previously attackers would use Microsoft word and excel attachments for distributing their malware. Those attachments would contain macros...
Jan 20, 2023 | Podcast
Proof of concept exploits for critical vulnerabilities in three popular wordpress plugins have been made publicly available. The plugins are “Paid Memberships Pro’, ‘Easy Digital Downloads’ and ‘Survey Marker’. These plugins are...
Jan 19, 2023 | Podcast
CircleCI has released a new security incident report providing more information on the attack they suffered earlier this month. They first learned about the attack from a customer reporting that their GitHub token has being compromised. Internal investigations...
Jan 18, 2023 | Podcast
Malicious python packages designed to steal information from developers’ systems have been recently discovered by Fortinet. The packages were uploaded to the Python Package Index between January 7 and 12 this year by an author named lolipop. The names of the...
