Researchers have released a new fuzzing tool used for finding novel HTTP request smuggling techniques. The tool, dubbed ‘T-Reqs’, was built by a team from Northeastern University, Boston, and Akamai.

Hide My WP, a popular WordPress security plugin, contained a serious SQL injection (SQLi) vulnerability and a security flaw that enabled unauthenticated attackers to deactivate the software.

The personally identifiable information of more than 62,000 U.S. citizens may have been compromised following a cyber-attack against a New Mexico-based healthcare insurer.

With a CVSS rating of 7.5, the most severe is the arbitrary file read bug (CVE-2021-21980), abuse of which could potentially enable a malicious actor to gain access to sensitive information.

Now fixed, the bug, which researcher avid Schütz has documented in a comprehensive video and blog post, could have allowed an attacker to access sensitive resources and possibly run malicious code.

A pair of cross-site scripting (XSS) bugs, which are deemed ‘moderately critical’ by Drupal, could have a far-reaching impact since CKEditor is incorporated into numerous online applications.

The development work will initially involve a collaboration between developers on the Tor Project and Guardian Project, which is known for Orbot, a proxy server that provides anonymity to users.

The bug (CVSS score 6.5) has a low attack complexity, according to Microsoft, which published a security advisory on November 9 indicating that there was no evidence of in-the-wild exploitation.

Multiple security vulnerabilities in a popular open source content management system (CMS) could allow a malicious attacker to gain full control of the underlying web server.

Ransomware and denial-of-service attacks, both rife in line with international trends, accounted for a significant share of post-compromise attacks against New Zealand-based targets.