Popular WordPress plugin has RCE vulnerability allows unauthenticated attackers to perform a local file inclusion attack. Exposes 600,000 sites.

https://www.bleepingcomputer.com/news/security/600k-wordpress-sites-impacted-by-critical-plugin-rce-vulnerability/

US Telcom matters get serious

https://www.bleepingcomputer.com/news/security/us-bans-major-chinese-telecom-over-national-security-risks/

McAfee vulnerability exposes Windows to privilege escalation. Agent patched in 5.7.5.

https://kb.cert.org/vuls/id/287178

Tomorrow could be a bad day for those using Let’s Encrypt certificates

https://www.bleepingcomputer.com/news/security/lets-encrypt-is-revoking-lots-of-ssl-certificates-in-two-days/

Red Cross contractor suffers cyber-attack that leaks personal data on 515,000 “highly vulnerable people”.

https://therecord.media/red-cross-begs-hackers-not-to-leak-data-of-highly-vulnerable-people/

More than 90 WordPress themes give full rights backdoor access in supply chain attack

https://www.bleepingcomputer.com/news/security/over-90-wordpress-themes-plugins-backdoored-in-supply-chain-attack/

CISA warns about data wiping attacks

https://www.bleepingcomputer.com/news/security/cisa-urges-us-orgs-to-prepare-for-data-wiping-cyberattacks/

Whitehouse directs national security agencies to increase their cybersecurity protections

https://therecord.media/biden-directs-national-security-agencies-to-strengthen-their-digital-defenses/

New vulnerability in Zoho Desktop Central and Desktop Central MSP provides authentication bypass vulnerability

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44757

https://pitstop.manageengine.com/portal/en/community/topic/a-critical-security-patch-released-in-desktop-central-and-desktop-central-msp-for-cve-2021-44757-17-1-2022

US law enforcement warns of US companies being targeted with malicious USB drives

https://therecord.media/fbi-fin7-hackers-target-us-companies-with-badusb-devices-to-install-ransomware/