Wordfence Research and News

Blog icon
Category: Podcasts
Episode 125 Think Like a Hacker
Newest

Episode 125: Critical SQL Injection Vulnerability Patched in WooCommerce

A critical SQL injection vulnerability was discovered in WooCommerce, the most popular e-Commerce plugin used by over 5 million WordPress sites. The WordPress.org team pushed a forced security update ensuring that over 90 versions of WooCommerce were patched. The REvil ransomware gang targeted a zero-day vulnerability in Kaseya, used by many in the banking industry, …
Read More

Think Like a Hacker Episode 124

Episode 124: PrintNightmare 0Day Exploit Accidentally Leaked Online

Security researchers accidentally leaked zero-day exploit code for a new Windows bug, now called PrintNightmare, while easily exploitable vulnerabilities in the ProfilePress plugin, previously called WP User Avatar, were patched quickly.

Episode 123: Over 30 Million Dell Devices at Risk for Remote BIOS Attacks

Over 30 million Dell devices are at risk for remote BIOS attacks due to four separate security bugs, which can have far reaching effects for enterprise organizations heavily invested in Dell devices.

Episode 122: Largest Password Dump in History Fuels Credential Stuffing Extravaganza

Sites running Jetpack are being infected via compromised WordPress.com credentials. The largest password dump ever with 8.4 billion passwords is used in credential stuffing attacks.
Episode 121: Wordfence is Now a CVE Numbering Authority

Episode 121: Wordfence is Now a CVE Numbering Authority (CNA)

Wordfence is now a CVE Numbering Authority, or a CNA. As a CNA, Wordfence can now assign CVE IDs for new vulnerabilities in WordPress Core, WordPress Plugins and WordPress Themes.
Think Like a Hacker Ep 120

Episode 120: Jetpack Autoupdate Security Patch Bypasses Local Settings

A security fix for an information leak vulnerability was pushed out to WordPress sites using Jetpack that bypassed local settings preventing autoupdates.
Multiple rack-mounted network routers with hand grasping ethernet cable

Episode 119: Critical VMWare Vulnerability Threatens Data Centers

A Critical Vulnerability in VMWare’s vCenter Server threatens some of the largest data centers in the world.
Think Like a Hacker Episode 118

Episode 118: Four Android Vulnerabilities Under Active Attack

Four memory corruption vulnerabilities are being actively exploited on Android devices and nearly 2 dozen popular Android apps exposed over 100 Million users’ sensitive information in cloud databases.
Think Like a Hacker Episode 117

Podcast 117: Cyber Attack on Colonial Pipeline Affects Fuel Availability in 17 States

A ransomware attack on Colonial Pipeline affected fuel availability in 17 southeastern US states, and Bloomberg reported that Colonial Pipeline paid $5 million to DarkSide, a Russian ransomware service provider.
Swooshy lines representing a network

Episode 116: Packagist Patch Shows How Supply Chain Threats Could Impact WordPress

A vulnerability discovered in Packagist, which is used by Composer to manage PHP package requests, could have allowed attackers to trick Composer into downloading backdoored source code, potentially affecting all WordPress sites.
  • Ask Wordfence
  • General Security
  • Holiday
  • Learning
  • Long Read
  • Miscellaneous
  • Monthly Attack Activity Report
  • Podcasts
  • PSA
  • Research
  • SEO
  • Threat Research
  • Uncategorized
  • Videos
  • Vulnerabilities
  • Wordfence
  • Wordfence CLI
  • Wordfence Intelligence
  • WordPress Security

    • Breaking WordPress Security Research in your inbox as it happens.

    Example of a news story

    This site uses cookies in accordance with our Privacy Policy.