Explore

Rapid Read Rapid Read
US Cybersecurity Agency Urges Immediate Patch for Mirasvit Vulnerability on Magento Servers

US Cybersecurity Agency Urges Immediate Patch for Mirasvit Vulnerability on Magento Servers

The US Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent directive for federal agencies to patch a critical vulnerability in the Mirasvit Full Page Cache Warmer for Magento 2 extension. This vulnerability, identified as CVE-2026-45247, has been actively exploited for remote code execution (RCE) on Magento and Adobe Commerce servers. The flaw is a PHP object injection vulnerability that allows attackers to execute arbitrary code remotely without authentication. The vulnerability is exploited through crafted serialized PHP objects injected into the CacheWarmer cookie, which are deserialized without class restrictions. Thousands of Magento and Adobe Commerce stores using versions of the extension prior to 1.11.12 are at risk. CISA has added this vulnerability to its Known Exploited Vulnerabilities catalog, urging federal agencies to patch within three days as per Binding Operational Directive 22-01.
Trendline Trendline
Everest Forms Pro Vulnerability Allows Remote Code Execution on WordPress Sites

Everest Forms Pro Vulnerability Allows Remote Code Execution on WordPress Sites

Everest Forms Pro Vulnerability Allows Remote Code Execution on WordPress Sites
Rapid Read Rapid Read
WordPress Plugins Kirki and Burst Statistics Vulnerabilities Expose Websites to Attacks

WordPress Plugins Kirki and Burst Statistics Vulnerabilities Expose Websites to Attacks

Security vulnerabilities in the Kirki and Burst Statistics WordPress plugins have put hundreds of thousands of websites at risk. The Kirki plugin, used for website customization, has a critical flaw in versions 6.0.0 to 6.0.6 that allows unauthenticated attackers to escalate privileges and take over accounts. This vulnerability, tracked as CVE-2026-8206, involves a flaw in the password reset process, enabling attackers to reset passwords for high-privileged accounts. Similarly, the Burst Statistics plugin, which provides analytics for WordPress sites, has an authentication bypass vulnerability in versions 3.4.0 to 3.4.1.1. This flaw allows attackers to gain administrator-level access through the REST API. Users are advised to update to Kirki version 6.0.7 and Burst Statistics version 3.4.2 to mitigate these risks.
Trendline Trendline
WordPress Plugins Kirki and Burst Statistics Vulnerabilities Threaten Website Security

WordPress Plugins Kirki and Burst Statistics Vulnerabilities Threaten Website Security

WordPress Plugins Kirki and Burst Statistics Vulnerabilities Threaten Website Security
Rapid Read Rapid Read
WordPress Plugins Kirki and Burst Statistics Vulnerable to Cyber Attacks

WordPress Plugins Kirki and Burst Statistics Vulnerable to Cyber Attacks

Security vulnerabilities have been identified in the Kirki and Burst Statistics WordPress plugins, potentially exposing hundreds of thousands of websites to cyber attacks. The Kirki plugin, used for website customization, is affected by a privilege escalation bug that allows attackers to reset passwords and take over accounts. The Burst Statistics plugin, which provides analytics, has an authentication bypass flaw that lets attackers gain administrator access. These vulnerabilities have been actively exploited, prompting security firm Defiant to advise users to update to the latest versions of the plugins to mitigate risks.
Trendline Trendline
Windows Netlogon Vulnerability Exploited for Remote Code Execution, Urgent Patching Advised

Windows Netlogon Vulnerability Exploited for Remote Code Execution, Urgent Patching Advised

Windows Netlogon Vulnerability Exploited for Remote Code Execution, Urgent Patching Advised
Rapid Read Rapid Read
Critical Windows Netlogon Vulnerability Actively Exploited by Attackers

Critical Windows Netlogon Vulnerability Actively Exploited by Attackers

A critical vulnerability in Windows Netlogon, identified as CVE-2026-41089, is being actively exploited by threat actors for remote code execution. The vulnerability, a stack-based buffer overflow, was disclosed in May 2026 and affects Windows servers acting as domain controllers. The Centre for Cybersecurity Belgium has issued a warning, urging immediate patching to prevent exploitation. The vulnerability allows attackers to execute arbitrary code with system privileges, posing a significant security risk.
Trendline Trendline
Cisco Warns of Critical Unified CM Vulnerability with Available Exploit Code

Cisco Warns of Critical Unified CM Vulnerability with Available Exploit Code

Cisco Warns of Critical Unified CM Vulnerability with Available Exploit Code
Trendline Trendline
Critical Windows Netlogon Vulnerability Exploited in Active Attacks

Critical Windows Netlogon Vulnerability Exploited in Active Attacks

Critical Windows Netlogon Vulnerability Exploited in Active Attacks
Trendline Trendline
Cyber Espionage Targets Stock Exchange Executive's Email in Prolonged Attack

Cyber Espionage Targets Stock Exchange Executive's Email in Prolonged Attack

Cyber Espionage Targets Stock Exchange Executive's Email in Prolonged Attack
Trendline Trendline
Red Hat Confirms 'Miasma' Worm Compromises npm Packages, No Customer Impact Reported

Red Hat Confirms 'Miasma' Worm Compromises npm Packages, No Customer Impact Reported

Red Hat Confirms 'Miasma' Worm Compromises npm Packages, No Customer Impact Reported
Trendline Trendline
Critical Mirasvit Vulnerability Exploited on Magento Servers

Critical Mirasvit Vulnerability Exploited on Magento Servers

Critical Mirasvit Vulnerability Exploited on Magento Servers