Vulnerabilities
Millions of attacks exploit old WordPress vulnerabilities
WordPress websites worldwide are facing millions of attacks exploiting three outdated vulnerabilities. Security experts warn users to take immediate steps to protect their sites. The issue highlights ongoing risks in popular content management systems.
BIND and Unbound DNS resolvers disclose cache poisoning vulnerabilities
Developers of the widely used BIND DNS software have warned of two high-severity vulnerabilities that could enable cache poisoning attacks, similar to those revealed in 2008. Unbound, another DNS resolver, faces a related flaw reported by the same researchers. Patches for all issues became available on October 22, 2025.
CISA adds Oracle and other flaws to exploited vulnerabilities catalog
AI에 의해 보고됨
The U.S. Cybersecurity and Infrastructure Security Agency has added vulnerabilities from Oracle, Mozilla, Microsoft Windows, Linux Kernel, and Microsoft Internet Explorer to its Known Exploited Vulnerabilities catalog. This action requires federal agencies to address these flaws by October 27, 2025, to mitigate risks from ongoing exploits. Among the additions is a critical Oracle vulnerability recently patched after exploitation by ransomware actors.
Canonical issues Ubuntu security updates for MuPDF, Redis, Samba, and more
Canonical has released several Ubuntu Security Notices addressing critical vulnerabilities in key open-source packages such as MuPDF, Redis, Samba, and Apache Subversion. These updates fix issues that could lead to denial-of-service attacks, data leaks, and remote code execution across multiple long-term support releases. The patches reinforce Ubuntu's commitment to system stability and security.