CMS – TheCyberThrone

Enemybot adds new exploits to its Arsenal

EnemyBot malware botnet expanding its target list with recently-discovered vulnerabilities in F5 hardware and VMware software. Initially discovered in March 2022, EnemyBot’s original target was the wide range of Linux…

PravinKarthik May 31, 2022

Cross Domain Cookie leverage in Guzzle fixed

Developers of Guzzle, have addressed a high severity vulnerability leading to cross-domain cookie leakage. Open source content management system Drupal, is among the applications that use the third-party library and…

PravinKarthik May 28, 2022

WordPress Plugin RCE Bug goes Wild

A RCE flaw tracked as  CVE-2021-25094 in the Tatsu Builder plugin for WordPress, which is deployed on roughly 100,000 websites, is being widely exploited by hackers. Even though a fix…

PravinKarthik May 18, 2022

New WordPress Sites are at risk of takeover

Certificate Transparency (CT) system are abused by attackers to compromise new WordPress sites before Content Management System is been configured CT is a web security standard for monitoring and auditing…

PravinKarthik May 7, 2022

Extensis Portfolio Flaws ! RCE, Zero Days

Researchers from White Oak Security have disclosed critical vulnerabilities including a zero-day flaw that’s yet to be patched in Extensis Portfolio that cumulatively has a user-facing main content management application,…

PravinKarthik February 23, 2022

WordPress Plugin Bug Exposes 20k Sites

Nearly 20,000 WordPress sites are vulnerable to malicious code injection, phishing scams as the result of a severe XSS bug discovered in the WordPress Email Template Designer WP HTML Mail.…

PravinKarthik January 22, 2022

WordPress AccessPress Theme Backdoored

Security researchers that the popular WordPress plugin and theme AccessPress were compromised, and their software replaced with backdoored versions. The compromise appears to have taken place in September of last…

PravinKarthik January 21, 2022