CSO Online

Critical jsPDF vulnerability enables arbitrary file read in Node.js deployments

The path traversal bug allows attackers to include arbitrary filesystem content in generated PDFs when file paths are not ...
Bleeping Computer

Hackers exploiting zero-day in Gladinet file sharing software

Threat actors are exploiting a zero-day vulnerability (CVE-2025-11371) in Gladinet CentreStack and Triofox products, which allows a local attacker to access system files without authentication. At ...
Searchenginejournal.com

15 Vulnerabilities In 11 Elementor Addons Hit +3M WordPress Sites

Researchers have issued advisories for eleven separate Elementor add-on plugins with 15 vulnerabilities that can make it possible for hackers to upload malicious files. One of them is rated as a high ...
Computerworld

Using darkjumper to test for remote file inclusion

File inclusion is a real threat in the wild today. We are seeing newly vulnerable and compromised hosts on a regular basis from the HITME data, and seeing that Apache ships with a default ...
Bleeping Computer

600K WordPress sites impacted by critical plugin RCE vulnerability

Essential Addons for Elementor, a popular WordPress plugin used in over a million sites, has been found to have a critical remote code execution (RCE) vulnerability in version 5.0.4 and older. The ...