Critical WooCommerce Payments Plugin Flaw Patched for 500,000+ WordPress Sites WooCommerce, an e-commerce plugin for WordPress, has released patches for a critical security flaw affecting versions 4.8.0 through 5.6.1 of its Payments plugin, which is installed on over 500,000 websites. The vulnerability could allow an unauthenticated attacker to gain unauthorised access to impacted stores and…
This week, Veeam announced a patch for a severe vulnerability in its Backup & Replication solution, which could lead to the exposure of credentials. The vulnerability, tracked as CVE-2023-27532, was given a CVSS score of 7.5 and allows attackers to access the encrypted credentials stored in the configuration database. The patch was included in the…
According to ESET’s analysis, the BlackLotus bootkit is able to circumvent security measures on Windows 11 systems that have been completely updated. Furthermore, it can continuously infect these systems. BlackLotus was first spotted in October 2022, and is offered for $5,000 on underground forums. Its capabilities are on par with those of nation-state actors, and…
Two critical vulnerabilities affecting several industrial IoT (IIoT) software products made by PTC have been discovered by Chris Anastasio and Steven Seeley of Incite Team. The flaws, CVE-2023-0754 and CVE-2023-0755, can be exploited for denial-of-service (DoS) attacks and remote code execution, and have been reported to PTC in late March 2022. Products impacted by the…