Oracle fixed 253 vulnerabilities across 76 different products with its quarterly Critical Patch Update.

WordPress is strongly encouraging users of the content management system to update to the most recent version, 4.6.1, released on Wednesday. WordPress 4.6.1 Security and Maintenance Release https://t.co/NzOLsywTri — WordPress (@WordPress) September 7, 2016 The update addresses two separate security issues, a cross-site scripting vulnerability and a path traversal vulnerability. The XSS vulnerability, discovered by Cengiz...

Domain registrar GoDaddy fixed a vulnerability affecting systems used by its customer support agents that could have been abused to take over, modify or delete accounts. Researcher Matthew Bryant said that a riff on a cross-site scripting attack called a blind XSS was to blame. A GoDaddy customer, Bryant wrote on Sunday on his blog...

Thousands of serial servers connected to the internet aren’t password protected and lack encryption, leaving data that transfers between them and devices they’re connected to open to snooping, experts warn. To make matters worse, the servers, manufactured by Taiwan-based networking device company Moxa, have had shoddy security for a while, according to researchers at Rapid7. Joakim...

VMware patched two cross-site scripting vulnerabilities in its products this week that if exploited, could lead to the compromise of a user’s client workstation. The bugs, stored XSS vulnerabilities and rated important, exist in the company’s vRealize Automation and vRealize Business Advanced and Enterprise platforms. Linux users running 6.x of vRealize Automation, a cloud automation...

Magento patched 20 vulnerabilities last week, including a stored cross-site scripting (XSS) flaw in the e-commerce platform that could have let an attacker take over a site and create new admin accounts. Researchers at Sucuri dug up the XSS vulnerability while combing through research audits last November. It took a while for Magento to get back to...

A critical vulnerability in Yahoo Mail that could give attackers complete control of an account was patched two weeks ago. The flaw was privately disclosed Dec. 26 by Finnish researcher Jouko Pynnonen and patched Jan. 6. Pynnonen earned himself a $10,000 bounty, one of the highest paid out by Yahoo through its HackerOne program. Pynnonen...

Developers at WordPress are encouraging users of the content management system to download and apply the most recent update, pushed yesterday, to address a cross-site scripting (XSS) vulnerability. According to WordPress the bug exists in all versions before 4.4 and if exploited, could allow a hacker to take control of an affected website. An independent security researcher based...

Four leading network management system providers are busying patching and preparing fixes for a half-dozen critical cross-site scripting and SQL injection vulnerabilities disclosed Wednesday by Rapid7. Two of the affected vendors, Spiceworks and Opsview, have already patched their respective products, while Ipswitch had promised to patch two bugs in its NMS product yesterday, and Castle...

Cisco is warning users this week that several of its products — routers, gateways, and data center platforms — suffer from vulnerabilities. The company published five advisories across Monday and Tuesday warning of the issues — all which are being marked “medium” severity. While they all sound pressing, the most concerning vulnerability, at least as...