Popular WordPress redirect plugin hid dormant backdoor for years

The Quick Page/Post Redirect plugin, installed on more than 70,000 WordPress sites, had a backdoor added five years ago that ...
CSO Online

Critical GitHub RCE bug exposed millions of repositories

The now‑patched flaw allowed authenticated users to execute arbitrary code via crafted git push requests, affecting ...
The Hacker News

Google Fixes CVSS 10 Gemini CLI CI RCE and Cursor Flaws Enable Code Execution

Gemini CLI CVSS 10.0 flaw in versions below 0.39.1 enabled RCE in CI workflows, forcing Google to mandate explicit workspace ...
The Hacker News

Cohere AI Terrarium Sandbox Flaw Enables Root Code Execution, Container Escape

CVE-2026-5752 CVSS 9.3 flaw in Terrarium enables root code execution via Pyodide prototype traversal, risking container ...
SecurityWeek

EnOcean SmartServer Flaws Expose Buildings to Remote Hacking

Vulnerabilities in EnOcean’s SmartServer IoT platform can be exploited to remotely hack building management systems.

GitHub patches critical 'git push' remote code execution bug

Microsoft-owned open source code hosting platform GitHub has acknowledged and patched a critical vulnerability that allowed ...

Microsoft: Windows 11 KB5083769, KB5083631 block backup apps like Macrium, here's why0 0

Microsoft has confirmed that its latest Windows 11 updates, KB5083769 and KB5083631, are blocking certain third-party backup ...
SecurityWeek

In Other News: Scattered Spider Hacker Arrested, SOC Effectiveness Metrics, NSA Tool Vulnerability

OFAC hits Iranian central bank crypto reserves, ADT suffers major data leak, and CISA guidance for zero trust in OT ...
Hackaday

This Week In Security: State Malware, State Hardware Bans, And Stuxnet Before Stuxnet Was Cool

Making headlines everywhere is the CopyFail Linux kernel vulnerability, which allows local privilege escalation (LPE) from any user to root privileges on most kernels and distributions. Local ...

200,000 MCP servers expose a command execution flaw that Anthropic calls a feature

OX Security confirmed arbitrary command execution on six live platforms and estimates 200,000 MCP servers are exposed. Here's ...
Daily Post Nigeria

SERAP, NGE challenge NBC in court over broadcasting code sanctions

The Socio-Economic Rights and Accountability Project (SERAP) and the Nigerian Guild of Editors (NGE) have taken the National ...