Hackers exploit Modular DS WordPress plugin flaw for admin access

Hackers are actively exploiting a maximum severity flaw in the Modular DS WordPress plugin that allows them to bypass ...

Exploit code public for critical FortiSIEM command injection flaw

Technical details and a public exploit have been published for a critical vulnerability affecting Fortinet's Security ...
domainersmagazine

Scammers exploit official Google domain to send phishing emails

Cybernews.com published an article about scammers actually using Google’s domain name Google.com to send phishing emails. This is kind of nuts. From the article: Scammers have found a way to send ...
UNESCO

Reporting a Cybersecurity Issue: UNESCO’s Security Vulnerability Disclosure policy

Missing best practices in SSL/TLS configuration. xmlrpc.php with no admin page exposed to the Internet. No automated fuzzing of forms or web scraping type of activities. Any activity that could lead ...
GitHub

danog/php-advanced-json-rpc

Provides basic classes for requests and responses in JSONRPC and a Dispatcher class that can decode a JSONRPC request and call appropriate methods on a target, coercing types of parameters by ...