The WordPress User Extra Fields plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_tmp_uploaded_file() function in all versions up to, and including, 16.6. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
#BLOG

Read ThreatLocker's latest blogs. Learn more about business cybersecurity solutions, ransomware protection, endpoint cybersecurity and more!

Sharing Mitiga’s latest threat intelligence and research, cloud IR insights, and company news.

Red Teaming and offensive stuff.

At this site, you can get a lot of free material. Indeed, this site exists primarily to supply you with free samples as a means of encouraging your attention.

Phishing, social engineering, and modern threats.

CBT Nuggets is the best way to learn IT, our blog is the best way to learn about CBT Nuggets.

Cybercrime Diaries offers an incisive exploration of the Russian language cybercriminal ecosystem. It aims to study how these hackers organize, interact, and attack their victims.

Advance your proactive security knowledge by learning from some of the brightest people in cybersecurity. Our executive blog gives perspective on industry trends, while Hack Responsibly dives deep into the latest CVEs and tactical approaches our team takes. Take your pick!

Explore Our Blog for Cutting-Edge Cybersecurity Strategies.

Get regular updates from the world of cloud security. In our blog, the Hornetsecurity team – especially the experts from the Security Lab – regularly report on IT security topics as well as on current innovations and events at Hornetsecurity.

All the latest news and insights about cybersecurity from Hack The Box. Hacking trends, insights, interviews, stories, and much more.

The Vectra blog covers a wide range of cybersecurity topics, including exploits, vulnerabilities, malware, insider attacks, threat actors, artificial intelligence, and more. Start reading to learn more about us, and subscribe to stay current with the newest blog posts.

Keep up with the latest news in cybersecurity with insight from our team of experts.

The TechRepublic team has one simple goal; helping you make great decisions about technology. From breaking IT news to best practices, advice, and how-tos…our global team of tech journalists, industry analysts and real-world IT professionals has the tech market covered like no other site.

Security Bloggers Network has been promoting and distributing Cybersecurity news and blogs from some of the leading experts in the security industry for over 12 years.

Attracting more than a half-million annual readers, this is the security community's go-to destination for technical breakdowns of the latest threats, critical vulnerability disclosures and cutting-edge research.

Read articles covering industry thought leadership, PlexTrac updates, cybersecurity foundations, and much more.

Blog from Red Siege. Red Siege is an information security company focusing on real world threats to you and your organization.

The Legit Security Blog. Our mission is to secure every organization's software factory (code, pipelines, infrastructure and people) for faster and more secure software releases.

Since 2012, Trail of Bits has helped secure some of the world’s most targeted organizations and products. We combine high-­end security research with a real­ world attacker mentality to reduce risk and fortify code.

Check out our latest threat hunting articles, tips and stories.

Visit the Akamai Blog to learn more about what's going on in cybersecurity. Learn about our products and how we provide solutions to our customers.

The Ericom team and guest bloggers share their latest thinking on Zero Trust, SASE and the key cyber issues of the day.

Get to know Windows 11, the Windows that brings you closer to what you love.News and features for people who use and are interested in Windows, including announcements from Microsoft and its partners.News and more about hardware products from Microso.

NEW

Sonar is the home of Clean Code. Our blog showcases our products. SonarLint, SonarQube & SonarCloud - trusted by 400k+ organizations globally.

Explore the Red Canary blog for expert tips on increasing visibility, expanding detection coverage, and improving information security. Security teams need an ally to help defend against adversaries. Check out our blog for breaking research and insights into threat detection, intelligence, and incident response.

With Resolution Intelligence Cloud, our data analytics platform, we turn complex big data into actionable intelligence. Learn more about it from our Blog.

Hey there, I am Gurkirat Singh (aka tbhaxor). This is my secret cave, where I will share my knowledge of computer science, mathematics, and physics.

Sekoia.io Blog sheds light on the state of the Cybersecurity Operations industry, from Threat analyses to highlights on solutions and partnerships as well as foundational contents on XDR, CTI and more.

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

Frontline Mandiant investigations, expert analysis, tools and guidance, and in-depth security research.

Stay up-to-date on the latest in top security news and industry perspectives from the Flare team.

Get up-to-date insights and the scoop on new tools and tricks to help you improve your security program.

Stay up-to-date with industry insights and trends by reading Analyst1's informative blog. Explore our extensive range of topics and stay informed.

NEW

Stay up-to-date on the latest cybersecurity topics and security operations thought leadership from ReliaQuest experts.

Malcore is designed to automate malware analysis and was designed by Internet 2.0’s top malware analysts Thomas Perkins. Malcore’s sandbox powered by AI is designed with speed and scalability. Malcore automates malware analysis, checks files and links.

Global Cybersecurity Threat Analysis and Hunting.

Follow the latest phishing trends by reading articles published by the CanIPhish team.

Get the latest news and views from the leading voices in cloud security and secure digital transformation. Subscribe to the Zscaler blog and stay in the know

The only non-profit, independent & volunteer based publication in the information security space. Cybersecurity articles written by hackers!

Deep Instinct's Deep Learning Blog keeps professionals up to date on news and trends in the sophisticated deep learning, AI and cybersecurity industries. As our experts uncover critical finders, we find it only necessary to keep you informed. From perspective on recent threats to best practices in security we cover it.

Cybersecurity keynote speaker, news and opinion.

Web Application Security Researcher

The home to the largest curation of resources for beginners in AI/ML security, from leading AI/ML threat researchers at Protect AI. Start your journey into AI/ML hacking today.

Gain valuable insights for analysts, threat hunters, and SecOps professionals with our cybersecurity blog! Explore all posts or browse by category.

Thoughts, perspectives, and industry commentary from the Cobalt team. Insights for security leaders, pentesters and developers — all in one place. Learn more about how the world of App- and InfoSec is changing every day.

NEW

Keep up with the latest attack trends, research, and cybersecurity industry updates on the Perception Point blog!

Cyble Research and Intelligence Lab's latest findings and blogs.

The best practices, latest research and breaking news in social media, mobile, digital and collaboration platforms.

Product, Engineering, and Marketing updates from the developers of Sentry.

Read McAfee Labs blogs for the latest threat research, threat intelligence, and thought leadership from the Threat Research team.

Practical and Affordable Cyber Security Training.

News and insights on the cybersecurity industry and trending topics. Regular updates, commentary, and the point of view from Blaze’s world-class cyber experts.

Discover insightful articles and resources on Concentric AI's blog. Stay updated on the latest trends, tips, and best practices in data security and privacy.

Stay updated with SecurityScorecard's latest blog posts, featuring weekly insights on cybersecurity trends and best practices.

Find cybersecurity trends, Dragos product updates, partnerships, emerging industrial cyber threats, OT security best practices, and more.

Everything you need to know about Identity Infrastructure, Access Management, SSO and JWT Authentication.

From cybersecurity and big data to software development, IT Brew delivers the latest news and analysis of trends shaping the IT industry, like only The Brew can.

Stay updated on everything product security with Cybellum`s blog. We cover topics such as SBOM, vulnerabilities, and industry cyber security regulations.

Read the latest blogs on Threat Exposure Management from Hive Pro.

A collection of observations, guidance, information and opinion, on all things cyber, and information security, as well as company updates.

The Barracuda blog brings you the latest news, research, and insights you can’t get anywhere else.

Red Team Lab, Active Directory Lab, Red Team Trainings, Azure Pentesting, Azure Security, Azure Red Team Lab, Enterprise Security and Red Team Certifications (CRTP, CRTE, CRTM, CARTP and more)

We are the leading creator of original DNS threat intelligence. We’re proactive, not just defensive, using our insights to track threat actor infrastructure and disrupt cybercrime where threat actors begin. We also believe in sharing knowledge to support the broader security community by publishing detailed research on select actors and associated indicators.

Welcome to our blog! You’ll find the best opt-out guides, in-depth privacy research, and privacy blog posts here. With the help of our experts, you’ll take the first steps towards taking control of your data privacy.

The Proofpoint cybersecurity blog provides you with advanced cybersecurity intelligence and insights, threat research, and breaking cyber attack news. Get the latest news about advanced threats.

Your leading source of information about Offensive and Cyber Security news.

Stay updated about the latest in the application security industry with news, tips and best practices from the security research team at Beagle Security.

NEW

The latest research, reports and releases from the minds at Permiso Security.

Awesome write-ups from the world’s best hackers intopics ranging from bug bounties, CTFs, Hack the box walkthroughs, hardware challenges, and real-life encounters.

NEW

Menlo Labs provides insights, expertise, context and tools to aid customers on their journey to connect, communicate and collaborate securely without compromise. The collective is made up of elite security researchers that put a spotlight on the threats you know and don’t know about.

All the recent articles and news delivered by your experts from Hunt & Hackett.

The latest updates on cybersecurity from today’s experts. Read about ransomware, vulnerabilities, and threat intelligence impacting businesses.

Thoughts, research, reports, and more from Truffle Security Co.

Node.js Secure Coding blog and educational training content. Master hands-on Node.js security with Node.js Secure Coding education and learn how to defend against JavaScript Command Injection vulnerabilities and gain backend development skills to exploit and prevent Path Traversal attacks by reviewing real-world vulnerable npm packages and insecure code.

Blog from ThreatMon. ThreatMon is a technology company that specializes in delivering comprehensive cybersecurity solutions tailored to the specific needs of businesses. ThreatMon delivers an intelligence-driven cybersecurity solution. Established in 2018, our company is devoted to safeguarding digital assets from external threats. Our cutting-edge cybersecurity solutions, meticulously crafted by experienced professionals, seamlessly integrate Threat Intelligence, External Attack Surface Management, and Dark Web Intelligencen. By leveraging these technologies, we proactively identify vulnerabilities and provide tailored security solutions to our clients.

Blog from cocomelonc, a cybersec enthusiast, CTF player.

The Binarly REsearch team leads the industry in firmware vulnerability disclosure and advisories. Binarly is the world's most advanced automated firmware supply chain security platform. Using cutting-edge machine-learning techniques, Binarly identifies both known and unknown vulnerabilities, misconfigurations, and malicious code in firmware and hardware components.

Expert insight, best practices and advice on cloud native security, trends, threat intelligence and compliance.

Explore our latest articles and stay updated with the latest insights, guides, and best practices for LLM and AI cybersecurity.

The Digital Forensic Research Lab (DFRLab) has expertise on disinformation, connective technologies, democracy, and digital rights.

Cybersecurity from the trenches, written by Kevin Beaumont. Opinions are of the author alone, not their employer.

Read our blog posts to learn about cybersecurity concepts, approaches, trends, news, techniques and more.

Learn how our open source technology and browser fingerprinting API help prevent online fraud on our blog.

Informative, solution-oriented content for security practitioners — from breaking news, expert analysis, and thought leadership to essential guides, articles, videos, blogs, and more.

NEW

IT Security expertise - Penetration tests, Security audits, Code review, Training, Consulting, Vulnerability research

Read the latest news and insights from our industry experts. Stay up-to-date on the latest cyber security news, emerging cyber threats and security industry best practices. Whether you’re a small business owner or a seasoned IT professional, the Binary Defense team offers insights to help protect your data.

Get insights from Truesec cyber professionals.

TeamT5 was established in 2017 by 5 security professionals who firmly believe that Taiwan has world-class security talents. TeamT5 consists of world-class cyber threat analysts with more than 20-year experience. Leveraging our geographic and cultural advantages, we have the best understanding of cyber attackers in Asia Pacific. Based on our research in malware & Advanced Persistent Threat (APT), we provide cyber threat intelligence reports and anti-ransomware solutions to clients in the USA, Japan, and Taiwan. Clients include government agencies, financial business, telecom operators, high-tech enterprises, electronic manufacturing service companies, and managed security service providers(MSSP).

Null Byte is a white hat hacker world for anyone interested in hacking, science, networking, social engineering, security, pen-testing, getting root, zero days, etc.

Level up your open source & cloud native application security knowledge. Stay up to date with news & happenings in cloud, container, serverless security & more!

The Official Blog from Kaspersky covers information to help protect you against viruses, spyware, hackers, spam & other forms of malware.

Learn more about the latest trends in fuzzing and software security testing in the new Code Intelligence blog.

Cybersecurity, red team, blue team, hacking.

Get the latest news on how products at Cloudflare are built, technologies used, and join the teams helping to build a better Internet.

Get unique perspectives on the latest issues, threats, techniques, and technologies facing the cybersecurity industry from our global experts.

The Netwrix blog is a free source of best practices, trends and expert advice for cybersecurity and IT pros.

Hacker, red teamer, researcher. Likes to write infosec-focussed Python tools. This is my personal blog containing research on topics I find interesting, such as (Azure) Active Directory internals, protocols and vulnerabilities.

Explore our articles about ML & AI. We cover such topics as LLMs, AI governance, AI safety & security, and many more!

Arm yourself with up-to-date information & insights into building a successful cybersecurity strategy, w/ inputs from the StickmanCyber team & industry experts

Explore GreyNoise Intelligence with industry-leading analysis, product tips, and emerging research in our ongoing Cybersecurity Blog.

It provides a platform for the cybersecurity community to share news, commentary and resources—all in one place. We’re extremely proud to offer a highly visible platform to those who work within cybersecurity or aspire to do so. We work with IT security professionals from around the globe, maintaining The State of Security as a platform for them to share their voice.

Blog about reverse-engineering, hacking and breaking your software in every way imaginable.

The latest news and articles about cybersecurity, critical event management, asset tracking, and secure Internet of Things including automotive from BlackBerry.

Learn more about Zafran solution, read recent blogs, articles and repors.

Think out of the box. This blog talks about computer security. Tutorials about buffer overflow, Active Directory, everything is explained with examples.

Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.

Get the intelligence you need to detect, prevent & respond to cyber threats. Read the Intel 471 cyber threat intelligence blog.

NEW

Get the latest information, insights, and news from Microsoft.

Useful online security tips and articles. True cyber security combines advanced technology and best practice. Get tips and read articles on how to take your online security even further.

Stay up to date with the latest cybersecurity news and expert insights.

A mix of in-depth nuanced takes on current events and highly technical original research by Marcus Hutchins. I cover a wide array of topics such as vulnerability research, threat intelligence, national security, reverse engineering, and Windows internals.

We keep you posted on the latest cyber threats. Learn more about what is new in the world of IT security. Knowledge is the best protection.

NEW

Read more about how Netskope is enabling security and networking transformation through secure access service edge (SASE).

Stay up to date Cyber Security insights & trends. Our experts share their knowledge on the latest threats, security solutions & best practices to keep your business safe.

A blog about vulnerabilities and attacks affecting VoIP and WebRTC applications and infrastructure by Enable Security.

Vaadata is a company specialized in pentest.We are passionate about security, both for its technical challenges and societal issues.

Discover the latest news and updates in secure coding and application security with SecureFlag.

Stay informed on the latest in cyber threats, threat research, cyber risk and strategy. Read eSentire blog to learn how to become cyber resilient.

Discover the latest trends in data loss prevention and information security. Gain insights from thought leaders and industry experts.

Listing of Bishop Fox Security Research in the form of technical, security advisories, and industry blog posts.

The Radware Blog shares vital knowledge with IT decision makers on application delivery, virtualization/cloud, security and specialized service provider needs.

Stay Ahead in Data Security, Gavernance, Privacy and Compliance. Explore expert insights on governance and data privacy at our blog. Stay informed with our thought-provoking articles, news, and industry updates.

Cyber Security Awareness and Vulnerabilities Blog.

Penetration Testing and Red Teaming blogs, webcasts, and podcasts created by the pen testers and security analysts of Black Hills Information Security.

Learn about what is cyber security, computer security, cyberfraud, cybercrime and more.

Expert insight, best practices, and advice on Secure DevOps, security for containers, Kubernetes, and cloud services. Review Sysdig blog posts today!

Explore thought leadership, industry insights, and other resources related to cybercrime detection, disruption, and takedowns.

Latest articles from SOCRadar. SOCRadar is a cloud-based autonomous early warning tool against cyber threats. Read our blog for the latest news about recent threats.

Read about the latest DevOps trends, news on JFrog products, launches, announcements and more.

Educating people on the use and abuse of AI.

Stay informed and empowered with Forcepoint Security Insights. Gain valuable knowledge and insights into the ever-evolving world of cybersecurity.

Extremely passionate about Windows exploit development, internals, C, Assembly, or anything low-level.

Rapid7's cybersecurity experts break down the latest vulnerabilities, exploits, and attacks. Detect threats faster with trusted news, insights & threat intel.

Check out the official Hunter's blog to get the latest insights on cold email outreach, sales, marketing, growth, company news, and product updates.

Hi, I'm Troy Hunt, I write this blog, run "Have I Been Pwned" and am a Microsoft Regional Director and MVP who travels the world speaking at events and training technology professionals.

The cybersecurity & digital trust blog by Wavestone's consultants.

Exponentiate your cybersecurity expertise and stay up to date with the latest cyber threat trends covered in our blog.

The latest Security news, analysis, and insight from VentureBeat, the most authoritative source on transformative technology.

The Software Engineering Institute is leading and advancing software and cybersecurity to solve the nation's toughest problems.

Blog from AhnLab Security Emergency response Center.

The latest cybersecurity industry news, tips, and trends.

Cyber Security Blogs, News and Articles. Keep up-to-date with the latest news, articles, surveys, research on cyber security. Visit our cyber security blogs and find the latest cyber security trends.

29 year old cybersecurity specialist, speaker, and ex-hacker. Best known for stopping the global WannaCry ransomware attack. Background in programming & threat intelligence.

Get the latest news, insights and updates from bot experts from the Netacea blog.

AT&T Cybersecurity blogs offer news on emerging threats and practical advice to simplify threat detection, incident response, and compliance management.

Read the latest news, research and insights on GenAI Security from the team at Prompt Security.

Keep up to date with Halcyon's announcements and research here.

Read the Forescout blog for insights into cybersecurity automation and research about vulnerabilities, threats and risks across IT, OT, IoT and IoMT devices.

The official Bitdefender blogs. News, views and insights from Bitdefender cybersecurity experts for a safer digital experience.

The StationX Cyber Security Blog is the ultimate resource for those interested in a career in cyber security. Here you’ll find tips, articles & tutorials to help you grow your cyber security skills and advance your career.

Get the latest insights and analysis on global email threats, plus tips and tools from our experts on how to protect your business from attacks.

Latest web security & vulnerabilities, product releases, product docs and faq blogs.

Well-documented, relevant, reliably discovered vulnerabilities and dedicated tools for pentesters by our IT security experts. TL;DR - we break things.

Stay up to date on the latest industry trends, company news and research.

Get the latest dark web intelligence & cybersecurity insights from our experts - from industry trends to tips on new attack techniques. Find out more.

Security Joes is a multi-layered Incident Response company that specializes in IR, MDR & Red Teaming. The company was established by security researchers to first and foremost generate resilience against highly complex cyberwarfare incidents, extract vital evidence and attribute TTPs to threat actors and state-sponsored hacking groups. Based out of Israel, the company is constructed from a best-of-breed agnostic team of threat hunters, responders & security researchers, hand-picked from all over the world, to provide 24x7x365 “follow-the-sun” coverage.

The best internet privacy and online security blog. Regular news, opinion, and product updates from the world’s leading ultra-fast VPN service.

Explore the latest cybersecurity trends and innovations, leading edge threat intelligence from FortiGuard Labs, Fortinet executive insights, and customer perspectives.

Cybersecurity knowledge and tools from the Praetorian team. Read the latest insights and security techniques on the Praetorian blog, your source for cybersecurity expertise.

We discuss hot topics, malware behavior, techniques, practices for analyzing malicious files, and of course, we will talk more about our online interactive sandbox.

Industry news, insights from cybersecurity experts, and new product, feature, and company announcements.

Stay up to date with the latest cybersecurity insights, practical advice, articles and news from the Veriti Experts.

Blog from Adam Chester, Hacker and InfoSec Researcher.

Learn about popular cybersecurity topics and stay up-to-date with the latest cybersecurity news and insights, as well as product updates and announcements.

My name is Brandon Marshall (aka Marsh) I am currently working as an Offensive Security Researcher. A majority of my time is spent developing internal Red Team tooling, reverse engineering, and exploit creation.

Learn about our latest cybersecurity threat research and coverage, product enhancements, insights, tips, and more.

The latest news, tutorials, deep-dives, and more from Kolide.

View the latest Salt blog posts on API security and subscribe to our education series.

Cybersecurity is dynamic and ever-changing. Stay up-to-date with the latest threats, vulnerabilities and news on the Huntress blog.

Welcome to the Arkose Labs blog. Read informative articles on fraud prevention, account security, authentication, digital authenticity, and more.

Gain insider insights on next-gen cybersecurity, cloud security, & vulnerabilities from our experts. Subscribe today & stay up-to-date on cybersecurity news.

HAWKEYE Managed SOC Dubai powered by DTS Solution helps your organization strategize, develop, build and manage a Managed Security Operations Center – SOC 2.0 As A Service. Managed Security Services Dubai, Managed SOC Provider in Dubai.

Check out the latest news & insights from cybersecurity world. Stay ahead in the digital realm with our latest blogs. Explore insightful updates, practical tips, and expert tricks on cybersecurity. Enhance your online security knowledge today!

Talos intelligence and world-class threat research team better protects you and your organization against known and emerging cybersecurity threats.

Explore security resources, trends and updates, media, podcast episodes, and more.

Read our expert tips and advice to help protect yourself from identity theft. Learn about data breaches, fraud, credit, and internet security from the pros at LifeLock by Norton.

How hackers start their afternoon. HackerNoon is a free platform with 25k+ contributing writers. 100M+ humans have visited HackerNoon to learn about technology.

I'm a software developer, penetration tester and IT consultant.

Blog from Bedrock. Bedrock Security is at the forefront of revolutionizing data security in the cloud and GenAI era.

The latest news and insights from Google on security and safety on the Internet

In-depth security news and investigation.

Visit often to get the latest data protection news and information you can use in your fight against ransomware, malware, and other threats.

Cybersecurity trends and news, with info about Morphisec, breach prevention, and zero trust endpoint, server, and workload security.

Internet threats and cybersecurity are constantly evolving. To protect yourself and your systems, make sure you know the latest threats and solutions. Learn more from our internet security blog.

Read Imperva’s news, articles, and insights about the latest trends and updates on data security, application security, and much more. Explore the Imperva blog.

Welcome to the Social Links OSINT blog! Get handpicked news stories, authentic case studies, and OSINT insights.

Keeping You Informed. Keeping You Aware. Stay on top of the latest in security including social engineering, ransomware and phishing attacks.

Peace of mind for you and your customers.

GuidePoint Security The Guiding Point. Trusted cybersecurity expertise, solutions and services that help organizations make better decisions and minimize risk.

Trusted cybersecurity news, research, and threat intelligence by our experts.

Weekly notes and thoughts from Monke/Ciarán

Get the latest from VMware's security business including strategy, implementation, best practices, and updates from members of our staff.

Get up-to-date hot takes on the state of cybersecurity today, from responses to US-CERT alerts, to using the MITRE ATT&CK framework.

Cyber security insights and guidance from the frontlines. Read expert perspectives and get all the latest cyber security industry news at the Mandiant blog.