Jul 6, 2023 | Podcast
Mitre has recently released their CWE Top 25 Most Dangerous Software Weaknesses list for 2023. CWE stands for Common Weakness Enumeration and this list demonstrates the currently most common and impactful software weaknesses. They are often easy to find and exploit by...
Jul 5, 2023 | Podcast
WordPress Plugin Ultimate Member is vulnerable to a privilege escalation vulnerability that allows attackers to gain administrator access to the wordpress site. The plugin claims that it is the number 1 user profile and membership plugin for wordpress, and it is used...
Jul 4, 2023 | Podcast
A high school in Illinois recently demonstrated how not to do a force password reset. Oak Park and River Forest High School was doing a cybersecurity audit when they mistakenly reset everyone’s password. This prevented the students from being able to log into...
Jul 3, 2023 | Podcast
It’s bad enough when apps you use suffers a data breach, its worse when apps you didn’t know you have gets breached. Android stalkerware app, LetMeSpy had suffered a data breach resulting from a security incident on June 21. The app is used to spy or stalk...
Jun 30, 2023 | Podcast
Everyone deserves privacy by default. That’s Proton’s slogan. Famously known for their encrypted and private email service, proton mail, the company had expanded to other secure and privacy focused services like VPN, calendar and cloud storage. This week,...
Jun 29, 2023 | Podcast
The JavaScript npm registry has a manifest confusion vulnerability which can allow the installation and execution of malicious files without the user’s knowledge. The attackers can do this by including a dependency that won’t show up on the npm website,...