Application security news, updated daily (if there is any news to share).
Content is AI-assisted and reviewed by our team, but issues may be missed and best practices evolve rapidly, send corrections to [email protected]. Always consult official documentation and validate key implementation decisions before making design or security choices.
Wordfence reports a High-severity hardcoded credential issue in the `Text to Speech – TTSWP` WordPress plugin (<=1.9.8) enabling unauthenticated access to the vendor telemetry database.
OpenBao installations using OIDC/JWT auth with `callback_mode=direct` roles can be phished into issuing tokens to an attacker session; fixed in 2.5.2.
An oss-security disclosure says terraform-provider-linode versions before v3.9.0 could log passwords, tokens, scripts, and NodeBalancer TLS private keys when debug logging is enabled.