security bulletin

CVE-2026-1357: WordPress Plugin RCE Exposes Sites to Full Takeover

AndyC 17 February 2026

A critical vulnerability in the WPvivid Backup & Migration WordPress plugin allows unauthenticated attackers to upload and execute arbitrary PHP files...

CVE-2026-1281 & CVE-2026-1340: Actively Exploited Pre-Authentication RCE in Ivanti EPMM

AndyC 13 February 2026

Approximately 1,600 Ivanti Endpoint Manager Mobile (EPMM) instances are currently exposed globally, creating a significant attack surface for enterprise mobile infrastructure....

RSAC 2026 wrap-up – Week in security with Tony Anscombe

AndyC 28 March 2026

This year, AI agents took the center stage – as a defensive capability, but more pressingly as a risk many organizations haven't caught up with...

A cunning predator: How Silver Fox preys on Japanese firms this tax season

AndyC 28 March 2026

Business Security Silver Fox is back in Japan, spoofing tax and HR emails timed to the one season when no one thinks twice about opening...

Virtual machines, virtually everywhere – and with real security gaps

AndyC 26 March 2026

Twenty years ago, almost to the day, Amazon Web Services (AWS) launched Simple Storage Service (S3). A few months later, the company’s Elastic Compute Cloud (EC2) service opened for public...

Cloud workload security: Mind the gaps

AndyC 25 March 2026

Business Security As IT infrastructure expands, visibility and control often lag behind – until an incident forces a reckoning Tomáš Foltýn 24 Mar 2026 • ...

Move fast and save things: A quick guide to recovering a hacked account

AndyC 21 March 2026

Cybercriminals go after people’s personal information across every kind of online platform, including WhatsApp, Instagram, LinkedIn, Roblox, YouTube and Spotify, not to mention finance apps....

EDR killers explained: Beyond the drivers

AndyC 20 March 2026

In recent years, EDR killers have become one of the most commonly seen tools in modern ransomware intrusions: an attacker acquires high privileges, deploys such...