The ????? (Keydatas) plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the keydatas_downloadImages function in all versions up to, and including, 2.5.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.

ALL

1
NEW

The Barracuda blog brings you the latest news, research, and insights you can’t get anywhere else.

NEW

Gain valuable insights for analysts, threat hunters, and SecOps professionals with our cybersecurity blog! Explore all posts or browse by category.

NEW

Blog from Bedrock. Bedrock Security is at the forefront of revolutionizing data security in the cloud and GenAI era.

NEW

CheckMates is the Cyber Security Community that brings Check Point users, experts, and R&D together for freewheeling discussions about Check Point.

NEW

Rapid7's cybersecurity experts break down the latest vulnerabilities, exploits, and attacks. Detect threats faster with trusted news, insights & threat intel.

NEW

Get the latest dark web intelligence & cybersecurity insights from our experts - from industry trends to tips on new attack techniques. Find out more.

NEW

Blog from ThreatMon. ThreatMon is a technology company that specializes in delivering comprehensive cybersecurity solutions tailored to the specific needs of businesses. ThreatMon delivers an intelligence-driven cybersecurity solution. Established in 2018, our company is devoted to safeguarding digital assets from external threats. Our cutting-edge cybersecurity solutions, meticulously crafted by experienced professionals, seamlessly integrate Threat Intelligence, External Attack Surface Management, and Dark Web Intelligencen. By leveraging these technologies, we proactively identify vulnerabilities and provide tailored security solutions to our clients.

NEW

Get the intelligence you need to detect, prevent & respond to cyber threats. Read the Intel 471 cyber threat intelligence blog.

NEW

Discover RTT, the leading resource for Red Team Tools, Techniques, and Commands. Stay ahead of advanced persistent threats (by MITRE) with insights and guidance from seasoned security professionals. Explore now at rtt.secdu.de.

NEW

Frontline Mandiant investigations, expert analysis, tools and guidance, and in-depth security research.

NEW

Learn how to protect your ML advantage. Check out HiddenLayer’s recent releases, announcements, and musings on protecting your algorithms.

NEW

HijackLibs provides an curated list of DLL Hijacking candidates, mappings between DLLs and vulnerable executables, with additional metadata for more context. For defenders, this project can provide valuable information when trying to detect DLL Hijacking attempts; for red teamers, this project can help identify DLLs that can be used to achieve DLL Hijacking.

NEW

The latest ISC2 updates, along with member views on global cybersecurity trends and issues, public policy, technology innovation and more.

NEW

Read about the latest DevOps trends, news on JFrog products, launches, announcements and more.

NEW

Since 2012, Trail of Bits has helped secure some of the world’s most targeted organizations and products. We combine high-­end security research with a real­ world attacker mentality to reduce risk and fortify code.

NEW

Hacktoria creates CTF Games for OSINT and Digital Forensics enthusiasts. Overlaying fictional events and organizations over our real world, we create immersive games that make learning fun.

NEW

Internet threats and cybersecurity are constantly evolving. To protect yourself and your systems, make sure you know the latest threats and solutions. Learn more from our internet security blog.

NEW

PeeringDB is a freely available, user-maintained, database of networks, and the go-to location for interconnection data. The database facilitates the global interconnection of networks at Internet Exchange Points (IXPs), data centers, and other interconnection facilities, and is the first stop in making interconnection decisions.

NEW

Understandable online privacy & cybersecurity information to keep you and your data safe. Latest cybersecurity research & trends.

NEW

Explore cybersecurity courses and certificates. Many organizations have been victims of cybersecurity breaches. Cybersecurity specialists play a critical role in protecting against these attacks. Learn how to become a cybersecurity specialist with online cybersecurity courses offered through edX.

NEW

Check if your email address is in a data breach. Have I Been Pwned allows you to search across multiple data breaches to see if your email address or phone number has been compromised.

NEW

Quickly check if your email has been sold. Report the GDPR-violator, then learn how to prevent this from happening again by scrolling down.

NEW

Explore the latest news and expert commentary on IT Infrastructure brought to you by the editors of ITPro Today.

NEW

With a massive growth in new malware and infections, macOS security awareness is now more important than ever. Yet many people believe that if they are using macOS they are safe and should not be concerned about getting infected. Even though malware for macOS is years behind Windows malware in the sense of sophistication, complexity and number of infections, macOS malware is becoming more sophisticated as time goes by. Furthermore, it uses more ways to infect, evade and abuse the macOS architecture to deliver malware, for example - using applications signed with legitimate Apple developer certificates to avoid detection.

NEW

At Objective-See our goal is simple, create free open-source security tools for macOS!

NEW

Global Cybersecurity Threat Analysis and Hunting.

NEW

Keep up to date with Halcyon's announcements and research here.

NEW

The RRA (Recent Ransomware Attacks) site acts as a watchtower, providing near real-time ransomware tracking of attacks, groups and their victims. Given threat actors' overarching. lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

NEW

Catch up on the latest security news from Promon. We cover relevant topics from the security space such as application security, iOS and android malware, code obfuscation, compliance, API protection and more.

NEW

A subreddit dedicated to hacking and hackers. Constructive collaboration and learning about exploits, industry standards, grey and white hat hacking, new hardware and software hacking technology, sharing ideas and suggestions for small business and personal security.

NEW

A place to ask questions and share advice about the security clearance process.

NEW

Blog from Red Siege. Red Siege is an information security company focusing on real world threats to you and your organization.

NEW

Get regular updates from the world of cloud security. In our blog, the Hornetsecurity team – especially the experts from the Security Lab – regularly report on IT security topics as well as on current innovations and events at Hornetsecurity.

NEW

The Vectra blog covers a wide range of cybersecurity topics, including exploits, vulnerabilities, malware, insider attacks, threat actors, artificial intelligence, and more. Start reading to learn more about us, and subscribe to stay current with the newest blog posts.

NEW

WhiteIntel Dark-Web Intelligence Services. Detect your leaked passwords in dark-web and info stealer leaks.

NEW

ProPublica is an independent, non-profit newsroom that produces investigative journalism in the public interest.

NEW

Read ThreatLocker's latest blogs. Learn more about business cybersecurity solutions, ransomware protection, endpoint cybersecurity and more!

NEW

ThreatMiner is a threat intelligence portal that provides information on indicators of compromise (IOC) such as domains, IP address, malware samples (MD5, SHA1 and SHA256), SSL certificates, WHOIS information and malicious URLs such as phishing and malware links.

1