A popular version of the Magento ecommerce platform is vulnerable to a remote code execution bug, putting as many as 200,000 online retailers at risk.

Siemens line RUGGEDCOM NMS products suffers from vulnerabilities that could allow an attacker to perform administrative actions.

A new WordPress update, pushed this week, resolves eight security issues, including a handful of XSS and CSRF bugs.

Obihai Technology recently patched vulnerabilities in its ObiPhone IP phones that could have led to memory corruption, buffer overflow, and denial of service conditions, among other outcomes. The California-based company manufactures IP-enabled phones and VOIP telephone adapters it calls OBi devices. David Tomaschik, a member of Google’s security team, discovered the issues in ObiPhone during a black...

PayPal recently fixed a vulnerability on its PayPal.me site that could have let an attacker change a user’s profile without permission. The issue stemmed from a cross-site request forgery (CSRF) vulnerability that existed in PayPal.me, a site the company launched last year to let its users request money; similar to what Venmo, another property it...

Magento patched 20 vulnerabilities last week, including a stored cross-site scripting (XSS) flaw in the e-commerce platform that could have let an attacker take over a site and create new admin accounts. Researchers at Sucuri dug up the XSS vulnerability while combing through research audits last November. It took a while for Magento to get back to...

Thousands of cable modems manufactured by the Georgia-based telecom Arris suffer from a series of issues: XSS and CSRF vulnerabilities, hard-coded passwords, and what a researcher is calling a backdoor in a backdoor. Brazilian researcher Bernardo Rodrigues stumbled upon the issues several months ago while researching cable modem security for a conference and disclosed them...