❌

Reading view

Chipmaker Patch Tuesday: Over 80 Vulnerabilities Addressed by Intel and AMD

More than two dozen advisories have been published by the chip giants for vulnerabilities found recently in their products.

The post Chipmaker Patch Tuesday: Over 80 Vulnerabilities Addressed by Intel and AMD appeared first on SecurityWeek.

  •  

Beyond Login Screens: Why Access Control Matters

Beyond Login Screens: Why Access Control Matters

As breach costs go up and attackers focus on common web features like dashboards, admin panels, customer portals, and APIs, weak access control quickly leads to lost data, broken trust, and costly incidents. The worst part is that many failures are not rare technical flaws but simple mistakes, such as missing permission checks, roles with too much power, or predictable IDs in URLs.

This post aims to help you control who can access different parts of your website and explain why it matters.Β 

Continue reading Beyond Login Screens: Why Access Control Matters at Sucuri Blog.

  •  

Vulnerability & Patch Roundup β€” January 2026

Vulnerability & Patch Roundup β€” January 2026

Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises.

To help educate website owners about potential threats to their environments, we’ve compiled a list of important security updates and vulnerability patches for the WordPress ecosystem this past month.

The vulnerabilities listed below are virtually patched by the Sucuri Firewall and existing clients are protected.

Continue reading Vulnerability & Patch Roundup β€” January 2026 at Sucuri Blog.

  •  

Shadow Directories: A Unique Method to Hijack WordPress Permalinks

Shadow Directories: A Unique Method to Hijack WordPress Permalinks

Last month, while working on a WordPress cleanup case, a customer reached out with a strange complaint: their website looked completely normal to them and their visitors, but Google search results were showing something very different.

Instead of normal titles and descriptions, Google was displaying casino and gambling-related content. We have been seeing rising cases of spam on WordPress websites. What made this even more confusing was where the spam was appearing.

Continue reading Shadow Directories: A Unique Method to Hijack WordPress Permalinks at Sucuri Blog.

  •  

AIs Are Getting Better at Finding and Exploiting Security Vulnerabilities

From an Anthropic blog post:

In a recent evaluation of AI models’ cyber capabilities, current Claude models can now succeed at multistage attacks on networks with dozens of hosts using only standard, open-source tools, instead of the custom tools needed by previous generations. This illustrates how barriers to the use of AI in relatively autonomous cyber workflows are rapidly coming down, and highlights the importance of security fundamentals like promptly patching known vulnerabilities.

[…]

A notable development during the testing of Claude Sonnet 4.5 is that the model can now succeed on a minority of the networks without the custom cyber toolkit needed by previous generations. In particular, Sonnet 4.5 can now exfiltrate all of the (simulated) personal information in a high-fidelity simulation of the Equifax data breachβ€”one of the costliest cyber attacks in historyΒ­Β­using only a Bash shell on a widely-available Kali Linux host (standard, open-source tools for penetration testing; not a custom toolkit). Sonnet 4.5 accomplishes this by instantly recognizing a publicized CVE and writing code to exploit it without needing to look it up or iterate on it. Recalling that the original Equifax breach happened by exploiting a publicized CVE that had not yet been patched, the prospect of highly competent and fast AI agents leveraging this approach underscores the pressing need for security best practices like prompt updates and patches.

AI models are getting better at this faster than I expected. This will be a major power shift in cybersecurity.

  •  

Cyber Insights 2026: Offensive Security; Where It Is and Where It’s Going

Malicious attacks are increasing in frequency, sophistication and damage. Defenders need to find and harden system weaknesses before attackers can attack them.

The post Cyber Insights 2026: Offensive Security; Where It Is and Where It’s Going appeared first on SecurityWeek.

  •  
❌