SQLi flaw in Elementor Ally plugin impacts 250k+ WordPress sites

An SQL injection vulnerability in Ally, a WordPress plugin from Elementor for web accessibility and usability with more than 400,000 installations, could be exploited to steal sensitive data without ...

CISA: Recently patched Ivanti EPM flaw now actively exploited

CISA flagged a high-severity Ivanti Endpoint Manager (EPM) vulnerability as actively exploited in attacks and ordered U.S. federal agencies to patch systems within three weeks.

Microsoft Confirms SQL Zero-Day Security Vulnerability—Here’s The Fix

Microsoft has confirmed that a hacker who successfully exploits a zero-day SQL vulnerability could gain system administrator privileges. Here’s how to fix it.

Critical 0-Click Microsoft Excel Security Bug Lets Copilot Steal Data

Excel users are warned to update now, as a critical vulnerability has been confirmed that can lead to “zero-click information ...
The Hacker News

New "LeakyLooker" Flaws in Google Looker Studio Could Enable Cross-Tenant SQL Queries

Nine “LeakyLooker” flaws in Google Looker Studio allowed cross-tenant SQL access across GCP services before being patched.
The Hacker News

UNC6426 Exploits nx npm Supply-Chain Attack to Gain AWS Admin Access in 72 Hours

UNC6426 used stolen GitHub tokens from the 2025 nx npm breach to gain AWS admin access in under 72 hours, enabling data theft and cloud destruction.
CNET

Fast Tricks to Spot Hidden Cameras in Your Vacation Airbnb

Don't let your spring break plans derail because of spy cameras. Here's how to find them in vacation rentals. Tyler has worked on, lived with and tested all types of smart home and security technology ...