Category: Cybersecurity News
-
Vulnerability in Popular Shopify Privacy Plugin Exposed Stores
A widely used Shopify plugin designed to help merchants comply with privacy laws had inadvertently put hundreds of online stores in danger. Recent findings reveal a major security flaw that kept sensitive data exposed for months. Analysis by security researchers at Cybernews found that Consentik, an app launched in 2018 and rated highly on Shopify,…
-
CISA Issues Alert on Critical Security Flaw in Train Control Systems
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a new alert regarding a significant cybersecurity vulnerability affecting certain industrial control systems (ICS), specifically those used in transportation infrastructure. This vulnerability concerns the End-of-Train (EoT) and Head-of-Train (HoT) remote linking protocol, which is crucial for train safety and operation. The vulnerability, labeled as CVE-2025-1727 with…
-
NVIDIA Issues Security Notice on Potential Rowhammer Vulnerability in GPUs
In a recent security update, NVIDIA has addressed concerns raised by researchers about the potential for Rowhammer attacks targeting its GPUs (graphical processing units). The Rowhammer vulnerability has been known for several years, originally identified in CPU memory, but new research indicates that modern graphics cards, such as the NVIDIA A6000 using GDDR6 memory, may…
-
Hundreds of Laravel Apps Exposing Secret Keys
Recent security research by researchers at GitGuardian, in collaboration with Synacktiv, has uncovered a widespread issue affecting thousands of websites built with Laravel, one of the most popular PHP frameworks. Laravel uses a special secret key called the APP_KEY—think of it as a master password—that helps keep data safe. It encrypts cookies, sessions, and other…
-
Researchers Discover Malicious Code in WordPress GravityForms Plugin
Recently, analysis by security researchers at Pathstack had uncovered a serious vulnerability affecting the widely-used WordPress plugin, GravityForms. It’s a popular contact form build plugin powering forms on websites (from small blogs to large enterprise) worldwide A Hidden Threat in a Trusted Plugin According to detailed findings from security analysis, certain versions of GravityForms downloaded…
-
A Critical Bluetooth Vulnerability Affects Millions of Vehicles
Cybersecurity researchers at PCA Cyber Security have identified PerfektBlue, a severe vulnerability targeting the BlueSDK Bluetooth framework developed by OpenSynergy. This flaw is widespread, impacting millions of devices, especially in the automotive industry, where it is used in vehicle infotainment systems. PerfektBlue enables attackers to remotely execute malicious code on affected devices with minimal effort…
-
Fortinet Pushes Out Fix for SQL Vulnerability in FortiWeb
Fortinet has released critical security patches for multiple versions of FortiWeb, addressing a high-severity SQL injection vulnerability found by researches at GMO Cybersecurity that could be exploited if left unpatched. If your organization uses FortiWeb for web application firewalling, now is the time to prioritize patching. The vulnerability could have allowed attackers to send specially…
Categories:
Have any comments or suggestions? Feel free to let us know!
