The IQ Testimonials plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'process_image_upload' function in versions up to, and including, 2.2.7. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. This can only be exploited if the 'gd' php extension is not loaded on the server.
#BLOG

Get the latest from VMware's security business including strategy, implementation, best practices, and updates from members of our staff.

Get up-to-date hot takes on the state of cybersecurity today, from responses to US-CERT alerts, to using the MITRE ATT&CK framework.

The Legit Security Blog. Our mission is to secure every organization's software factory (code, pipelines, infrastructure and people) for faster and more secure software releases.

A blog about vulnerabilities and attacks affecting VoIP and WebRTC applications and infrastructure by Enable Security.

The only non-profit, independent & volunteer based publication in the information security space. Cybersecurity articles written by hackers!

Security Joes is a multi-layered Incident Response company that specializes in IR, MDR & Red Teaming. The company was established by security researchers to first and foremost generate resilience against highly complex cyberwarfare incidents, extract vital evidence and attribute TTPs to threat actors and state-sponsored hacking groups. Based out of Israel, the company is constructed from a best-of-breed agnostic team of threat hunters, responders & security researchers, hand-picked from all over the world, to provide 24x7x365 “follow-the-sun” coverage.

Check out the latest news & insights from cybersecurity world. Stay ahead in the digital realm with our latest blogs. Explore insightful updates, practical tips, and expert tricks on cybersecurity. Enhance your online security knowledge today!

Stay up to date with the latest cybersecurity news and expert insights.

Learn more about the latest trends in fuzzing and software security testing in the new Code Intelligence blog.

Cybercrime Diaries offers an incisive exploration of the Russian language cybercriminal ecosystem. It aims to study how these hackers organize, interact, and attack their victims.

I'm a software developer, penetration tester and IT consultant.

Visit the Akamai Blog to learn more about what's going on in cybersecurity. Learn about our products and how we provide solutions to our customers.

Read the latest news, research and insights on GenAI Security from the team at Prompt Security.

Thoughts, research, reports, and more from Truffle Security Co.

NEW

Rapid7's cybersecurity experts break down the latest vulnerabilities, exploits, and attacks. Detect threats faster with trusted news, insights & threat intel.

Get the latest news and views from the leading voices in cloud security and secure digital transformation. Subscribe to the Zscaler blog and stay in the know

All the latest news and insights about cybersecurity from Hack The Box. Hacking trends, insights, interviews, stories, and much more.

The home to the largest curation of resources for beginners in AI/ML security, from leading AI/ML threat researchers at Protect AI. Start your journey into AI/ML hacking today.

Null Byte is a white hat hacker world for anyone interested in hacking, science, networking, social engineering, security, pen-testing, getting root, zero days, etc.

Get the latest news on how products at Cloudflare are built, technologies used, and join the teams helping to build a better Internet.

Everything you need to know about Identity Infrastructure, Access Management, SSO and JWT Authentication.

Stay up to date on the latest industry trends, company news and research.

Gain insider insights on next-gen cybersecurity, cloud security, & vulnerabilities from our experts. Subscribe today & stay up-to-date on cybersecurity news.

In-depth security news and investigation.

NEW

The Vectra blog covers a wide range of cybersecurity topics, including exploits, vulnerabilities, malware, insider attacks, threat actors, artificial intelligence, and more. Start reading to learn more about us, and subscribe to stay current with the newest blog posts.

NEW

Internet threats and cybersecurity are constantly evolving. To protect yourself and your systems, make sure you know the latest threats and solutions. Learn more from our internet security blog.

Informative, solution-oriented content for security practitioners — from breaking news, expert analysis, and thought leadership to essential guides, articles, videos, blogs, and more.

Read the latest news and insights from our industry experts. Stay up-to-date on the latest cyber security news, emerging cyber threats and security industry best practices. Whether you’re a small business owner or a seasoned IT professional, the Binary Defense team offers insights to help protect your data.

Our latest stories, media coverage, and opinions of security leaders.

Read our expert tips and advice to help protect yourself from identity theft. Learn about data breaches, fraud, credit, and internet security from the pros at LifeLock by Norton.

Vaadata is a company specialized in pentest.We are passionate about security, both for its technical challenges and societal issues.

Malcore is designed to automate malware analysis and was designed by Internet 2.0’s top malware analysts Thomas Perkins. Malcore’s sandbox powered by AI is designed with speed and scalability. Malcore automates malware analysis, checks files and links.

Keeping You Informed. Keeping You Aware. Stay on top of the latest in security including social engineering, ransomware and phishing attacks.

Explore our latest articles and stay updated with the latest insights, guides, and best practices for LLM and AI cybersecurity.

Blog about reverse-engineering, hacking and breaking your software in every way imaginable.

Read Imperva’s news, articles, and insights about the latest trends and updates on data security, application security, and much more. Explore the Imperva blog.

Industry news, insights from cybersecurity experts, and new product, feature, and company announcements.

Hacker, red teamer, researcher. Likes to write infosec-focussed Python tools. This is my personal blog containing research on topics I find interesting, such as (Azure) Active Directory internals, protocols and vulnerabilities.

Node.js Secure Coding blog and educational training content. Master hands-on Node.js security with Node.js Secure Coding education and learn how to defend against JavaScript Command Injection vulnerabilities and gain backend development skills to exploit and prevent Path Traversal attacks by reviewing real-world vulnerable npm packages and insecure code.

It provides a platform for the cybersecurity community to share news, commentary and resources—all in one place. We’re extremely proud to offer a highly visible platform to those who work within cybersecurity or aspire to do so. We work with IT security professionals from around the globe, maintaining The State of Security as a platform for them to share their voice.

Level up your open source & cloud native application security knowledge. Stay up to date with news & happenings in cloud, container, serverless security & more!

Read the latest blogs on Threat Exposure Management from Hive Pro.

Cyber Security Blogs, News and Articles. Keep up-to-date with the latest news, articles, surveys, research on cyber security. Visit our cyber security blogs and find the latest cyber security trends.

Explore the latest cybersecurity trends and innovations, leading edge threat intelligence from FortiGuard Labs, Fortinet executive insights, and customer perspectives.

Attracting more than a half-million annual readers, this is the security community's go-to destination for technical breakdowns of the latest threats, critical vulnerability disclosures and cutting-edge research.

Get the latest insights and analysis on global email threats, plus tips and tools from our experts on how to protect your business from attacks.

Practical and Affordable Cyber Security Training.

Useful online security tips and articles. True cyber security combines advanced technology and best practice. Get tips and read articles on how to take your online security even further.

NEW

Global Cybersecurity Threat Analysis and Hunting.

Cybersecurity is dynamic and ever-changing. Stay up-to-date with the latest threats, vulnerabilities and news on the Huntress blog.

NEW

Blog from AhnLab Security Emergency response Center.

Awesome write-ups from the world’s best hackers intopics ranging from bug bounties, CTFs, Hack the box walkthroughs, hardware challenges, and real-life encounters.

The latest updates on cybersecurity from today’s experts. Read about ransomware, vulnerabilities, and threat intelligence impacting businesses.

Well-documented, relevant, reliably discovered vulnerabilities and dedicated tools for pentesters by our IT security experts. TL;DR - we break things.

My name is Brandon Marshall (aka Marsh) I am currently working as an Offensive Security Researcher. A majority of my time is spent developing internal Red Team tooling, reverse engineering, and exploit creation.

Cyber security insights and guidance from the frontlines. Read expert perspectives and get all the latest cyber security industry news at the Mandiant blog.

How hackers start their afternoon. HackerNoon is a free platform with 25k+ contributing writers. 100M+ humans have visited HackerNoon to learn about technology.

NEW

Get the intelligence you need to detect, prevent & respond to cyber threats. Read the Intel 471 cyber threat intelligence blog.

Hey there, I am Gurkirat Singh (aka tbhaxor). This is my secret cave, where I will share my knowledge of computer science, mathematics, and physics.

Cyble Research and Intelligence Lab's latest findings and blogs.

At this site, you can get a lot of free material. Indeed, this site exists primarily to supply you with free samples as a means of encouraging your attention.

A collection of observations, guidance, information and opinion, on all things cyber, and information security, as well as company updates.

Peace of mind for you and your customers.

The Official Blog from Kaspersky covers information to help protect you against viruses, spyware, hackers, spam & other forms of malware.

NEW

Cybersecurity trends and news, with info about Morphisec, breach prevention, and zero trust endpoint, server, and workload security.

Blog from cocomelonc, a cybersec enthusiast, CTF player.

Advance your proactive security knowledge by learning from some of the brightest people in cybersecurity. Our executive blog gives perspective on industry trends, while Hack Responsibly dives deep into the latest CVEs and tactical approaches our team takes. Take your pick!

The Binarly REsearch team leads the industry in firmware vulnerability disclosure and advisories. Binarly is the world's most advanced automated firmware supply chain security platform. Using cutting-edge machine-learning techniques, Binarly identifies both known and unknown vulnerabilities, misconfigurations, and malicious code in firmware and hardware components.

Get unique perspectives on the latest issues, threats, techniques, and technologies facing the cybersecurity industry from our global experts.

NEW

All the recent articles and news delivered by your experts from Hunt & Hackett.

The best practices, latest research and breaking news in social media, mobile, digital and collaboration platforms.

All the latest VulnCheck news, straight from the team.

Blog from Adam Chester, Hacker and InfoSec Researcher.

NEW

Gain valuable insights for analysts, threat hunters, and SecOps professionals with our cybersecurity blog! Explore all posts or browse by category.

Arm yourself with up-to-date information & insights into building a successful cybersecurity strategy, w/ inputs from the StickmanCyber team & industry experts

The best internet privacy and online security blog. Regular news, opinion, and product updates from the world’s leading ultra-fast VPN service.

Learn more about Zafran solution, read recent blogs, articles and repors.

Dark Vortex provides various cybersecurity trainings, products and other services.

Stay informed on the latest in cyber threats, threat research, cyber risk and strategy. Read eSentire blog to learn how to become cyber resilient.

NEW

Frontline Mandiant investigations, expert analysis, tools and guidance, and in-depth security research.

AT&T Cybersecurity blogs offer news on emerging threats and practical advice to simplify threat detection, incident response, and compliance management.

Sekoia.io Blog sheds light on the state of the Cybersecurity Operations industry, from Threat analyses to highlights on solutions and partnerships as well as foundational contents on XDR, CTI and more.

The Ericom team and guest bloggers share their latest thinking on Zero Trust, SASE and the key cyber issues of the day.

We are the leading creator of original DNS threat intelligence. We’re proactive, not just defensive, using our insights to track threat actor infrastructure and disrupt cybercrime where threat actors begin. We also believe in sharing knowledge to support the broader security community by publishing detailed research on select actors and associated indicators.

NEW

Read ThreatLocker's latest blogs. Learn more about business cybersecurity solutions, ransomware protection, endpoint cybersecurity and more!

Phishing, social engineering, and modern threats.

From cybersecurity and big data to software development, IT Brew delivers the latest news and analysis of trends shaping the IT industry, like only The Brew can.

The official Bitdefender blogs. News, views and insights from Bitdefender cybersecurity experts for a safer digital experience.

Read our blog posts to learn about cybersecurity concepts, approaches, trends, news, techniques and more.

NEW

Get the latest dark web intelligence & cybersecurity insights from our experts - from industry trends to tips on new attack techniques. Find out more.

29 year old cybersecurity specialist, speaker, and ex-hacker. Best known for stopping the global WannaCry ransomware attack. Background in programming & threat intelligence.

NEW

Get regular updates from the world of cloud security. In our blog, the Hornetsecurity team – especially the experts from the Security Lab – regularly report on IT security topics as well as on current innovations and events at Hornetsecurity.

NEW

Read about the latest DevOps trends, news on JFrog products, launches, announcements and more.

Read articles covering industry thought leadership, PlexTrac updates, cybersecurity foundations, and much more.

Deep Instinct's Deep Learning Blog keeps professionals up to date on news and trends in the sophisticated deep learning, AI and cybersecurity industries. As our experts uncover critical finders, we find it only necessary to keep you informed. From perspective on recent threats to best practices in security we cover it.

NEW

Explore the Red Canary blog for expert tips on increasing visibility, expanding detection coverage, and improving information security. Security teams need an ally to help defend against adversaries. Check out our blog for breaking research and insights into threat detection, intelligence, and incident response.

Welcome to the Social Links OSINT blog! Get handpicked news stories, authentic case studies, and OSINT insights.

The latest news, tutorials, deep-dives, and more from Kolide.

Educating people on the use and abuse of AI.

Blog from K7 Security Labs.

The latest news and articles about cybersecurity, critical event management, asset tracking, and secure Internet of Things including automotive from BlackBerry.

NEW

Keep up to date with Halcyon's announcements and research here.

Learn about our latest cybersecurity threat research and coverage, product enhancements, insights, tips, and more.

Hi, I'm Troy Hunt, I write this blog, run "Have I Been Pwned" and am a Microsoft Regional Director and MVP who travels the world speaking at events and training technology professionals.

NEW

The Barracuda blog brings you the latest news, research, and insights you can’t get anywhere else.

NEW

Blog from Bedrock. Bedrock Security is at the forefront of revolutionizing data security in the cloud and GenAI era.

TeamT5 was established in 2017 by 5 security professionals who firmly believe that Taiwan has world-class security talents. TeamT5 consists of world-class cyber threat analysts with more than 20-year experience. Leveraging our geographic and cultural advantages, we have the best understanding of cyber attackers in Asia Pacific. Based on our research in malware & Advanced Persistent Threat (APT), we provide cyber threat intelligence reports and anti-ransomware solutions to clients in the USA, Japan, and Taiwan. Clients include government agencies, financial business, telecom operators, high-tech enterprises, electronic manufacturing service companies, and managed security service providers(MSSP).

Talos intelligence and world-class threat research team better protects you and your organization against known and emerging cybersecurity threats.

Get to know Windows 11, the Windows that brings you closer to what you love.News and features for people who use and are interested in Windows, including announcements from Microsoft and its partners.News and more about hardware products from Microso.

The latest Security news, analysis, and insight from VentureBeat, the most authoritative source on transformative technology.

Expert insight, best practices, and advice on Secure DevOps, security for containers, Kubernetes, and cloud services. Review Sysdig blog posts today!

Blackwing Intelligence provides high-end security engineering, analysis, and research services for engineering focused organizations.

The Software Engineering Institute is leading and advancing software and cybersecurity to solve the nation's toughest problems.

Latest articles from SOCRadar. SOCRadar is a cloud-based autonomous early warning tool against cyber threats. Read our blog for the latest news about recent threats.

Thoughts, perspectives, and industry commentary from the Cobalt team. Insights for security leaders, pentesters and developers — all in one place. Learn more about how the world of App- and InfoSec is changing every day.

Latest web security & vulnerabilities, product releases, product docs and faq blogs.

Explore Our Blog for Cutting-Edge Cybersecurity Strategies.

Discover insightful articles and resources on Concentric AI's blog. Stay updated on the latest trends, tips, and best practices in data security and privacy.

Blog posts from Center for Internet Security.

The Proofpoint cybersecurity blog provides you with advanced cybersecurity intelligence and insights, threat research, and breaking cyber attack news. Get the latest news about advanced threats.

Extremely passionate about Windows exploit development, internals, C, Assembly, or anything low-level.

Red Teaming and offensive stuff.

Stay Ahead in Data Security, Gavernance, Privacy and Compliance. Explore expert insights on governance and data privacy at our blog. Stay informed with our thought-provoking articles, news, and industry updates.

Welcome to the Arkose Labs blog. Read informative articles on fraud prevention, account security, authentication, digital authenticity, and more.

The latest news and insights from Google on security and safety on the Internet

Explore our articles about ML & AI. We cover such topics as LLMs, AI governance, AI safety & security, and many more!

NEW

We discuss hot topics, malware behavior, techniques, practices for analyzing malicious files, and of course, we will talk more about our online interactive sandbox.

Learn about what is cyber security, computer security, cyberfraud, cybercrime and more.

Web Application Security Researcher

Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.

Stay updated about the latest in the application security industry with news, tips and best practices from the security research team at Beagle Security.

Think out of the box. This blog talks about computer security. Tutorials about buffer overflow, Active Directory, everything is explained with examples.

NEW

Stay ahead with insightful articles on content marketing for revenue growth, technical content, and community growth strategies. Subscribe to receive them bi-weekly in your inbox.

NEW

Since 2012, Trail of Bits has helped secure some of the world’s most targeted organizations and products. We combine high-­end security research with a real­ world attacker mentality to reduce risk and fortify code.

Cybersecurity knowledge and tools from the Praetorian team. Read the latest insights and security techniques on the Praetorian blog, your source for cybersecurity expertise.

Explore thought leadership, industry insights, and other resources related to cybercrime detection, disruption, and takedowns.

Hackxpert Labs The Cheese Shop Our Courses.

Cybersecurity from the trenches, written by Kevin Beaumont. Opinions are of the author alone, not their employer.

The cybersecurity & digital trust blog by Wavestone's consultants.

Read the Forescout blog for insights into cybersecurity automation and research about vulnerabilities, threats and risks across IT, OT, IoT and IoMT devices.

Check out the official Hunter's blog to get the latest insights on cold email outreach, sales, marketing, growth, company news, and product updates.

A mix of in-depth nuanced takes on current events and highly technical original research by Marcus Hutchins. I cover a wide array of topics such as vulnerability research, threat intelligence, national security, reverse engineering, and Windows internals.

NEW

Blog from Red Siege. Red Siege is an information security company focusing on real world threats to you and your organization.

Cybersecurity, red team, blue team, hacking.

Get up-to-date insights and the scoop on new tools and tricks to help you improve your security program.

The TechRepublic team has one simple goal; helping you make great decisions about technology. From breaking IT news to best practices, advice, and how-tos…our global team of tech journalists, industry analysts and real-world IT professionals has the tech market covered like no other site.

Stay up-to-date on the latest in top security news and industry perspectives from the Flare team.

View the latest Salt blog posts on API security and subscribe to our education series.

Security Bloggers Network has been promoting and distributing Cybersecurity news and blogs from some of the leading experts in the security industry for over 12 years.

Sharing Mitiga’s latest threat intelligence and research, cloud IR insights, and company news.

Find cybersecurity trends, Dragos product updates, partnerships, emerging industrial cyber threats, OT security best practices, and more.

Cybersecurity keynote speaker, news and opinion.

Product, Engineering, and Marketing updates from the developers of Sentry.

NEW

Blog from ThreatMon. ThreatMon is a technology company that specializes in delivering comprehensive cybersecurity solutions tailored to the specific needs of businesses. ThreatMon delivers an intelligence-driven cybersecurity solution. Established in 2018, our company is devoted to safeguarding digital assets from external threats. Our cutting-edge cybersecurity solutions, meticulously crafted by experienced professionals, seamlessly integrate Threat Intelligence, External Attack Surface Management, and Dark Web Intelligencen. By leveraging these technologies, we proactively identify vulnerabilities and provide tailored security solutions to our clients.

Cyber Security Awareness and Vulnerabilities Blog.

Information security guidance, regulatory agency releases, association and industry memos, research and more from BankInfoSecurity.

News and insights on the cybersecurity industry and trending topics. Regular updates, commentary, and the point of view from Blaze’s world-class cyber experts.