Sitecore patched a critical zero-day deserialization flaw affecting legacy deployments Threat actors exploited the vulnerability to deploy malware like WeepSteel Mandiant intervened mid-attack, ...

Attackers are leveraging a sample machine key in Sitecore products for initial access before ViewState code injections lead to escalated privileges and lateral movement across the network. A sample ...

ASP.NET Core offers a simplified hosting model, called minimal APIs, that allows us to build lightweight APIs with minimal dependencies. We’ve discussed minimal APIs in several earlier posts here.

jQuery File Upload Plugin 6.4.4 contains an unrestricted file upload caused by lack of validation in server/php/UploadHandler.php, letting remote attackers execute arbitrary PHP code by uploading PHP ...

The notorious cybercrime group known as Scattered Spider is targeting VMware ESXi hypervisors in attacks targeting retail, airline, and transportation sectors in North America. "The group's core ...

The Forminator plugin for WordPress is vulnerable to an unauthenticated arbitrary file deletion flaw that could enable full site takeover attacks. The security issue is tracked as CVE-2025-6463 and ...

Cybersecurity researchers have disclosed a critical unpatched security flaw impacting TI WooCommerce Wishlist plugin for WordPress that could be exploited by unauthenticated attackers to upload ...

In AutoCAD, entities such as circles, lines, and other objects are stored in the AutoCAD database. The AcDbHelper class in our plugin facilitates the creation and manipulation of AutoCAD entities. We ...

We have exciting news for you! Files of sizes up to 10GB can now be uploaded for form attachments in Power Pages sites. That’s right, no more small file attachment size limits. With this new feature, ...

Hackers are trying to exploit a vulnerability in the Modern Events Calendar WordPress plugin that is present on more than 150,000 websites to upload arbitrary files to a vulnerable site and execute ...

A trojanized version of jQuery has been spreading on the npm JavaScript package manager, GitHub and elsewhere, for use in a jQuery attack, security researchers have discovered. Phylum researchers said ...