A serious security flaw has been found in the Eventin plugin for WordPress, potentially exposing over 10,000 sites to cyberattacks. The flaw allowed any unauthenticated user administrative access to a site. Patchstack Alliance community member, Denver Jackson, discovered the flaw, which resided in the plugin’s REST API and was due to a lack of permission checks. Eventin has since addressed the vulnerability in Version 4.0.27.
New FrigidStealer Malware Attacking macOS Users to Steal Login Credentials
FrigidStealer, a potent new malware, targets macOS users by exploiting trust in routine software updates, tricking users into granting it system privileges. Identified by Wazuh
