A critical security flaw in a widely used WordPress membership plugin has made it trivially simple for unauthenticated attackers to create administrator accounts and seize control of affected sites. The vulnerability, tracked as CVE-2026-1492, exposes a systemic weakness in how the plugin handled role assignment during user registration. This post summarizes what happened, who discovered it, the immediate risks, and
Category: Microsoft
Windows, Windows Server, Microsoft 365, Word, Excel, PowerPoint, Outlook, OneNote, Teams, SharePoint, OneDrive, Edge, Bing, SQL Server, Visual Studio, Active Directory, Dynamics 365, Power BI, Power Apps, Xbox, Game Pass, Surface, Intune, Defender, Exchange, Hyper-V, .NET, Dataverse,
90 Zero‑Days in 2025: Google’s Snapshot of an Evolving Exploit Economy
Google’s Threat Intelligence Group reported 90 zero‑day vulnerabilities actively exploited in the wild across 2025. That total sits above 2024’s 78 but below the record 100 observed in 2023. Beyond the raw count, the GTIG data reveals a notable shift in where and how these flaws were used, who is using them, and which technical weaknesses continue to drive high‑impact
VoidLink Malware Framework: Key Points on How It Targets Kubernetes and AI Workloads
Title: VoidLink Malware Framework: Key Points on How It Targets Kubernetes and AI Workloads Overview VoidLink is a modular malware framework observed targeting cloud-native environments, with emphasis on Kubernetes clusters and AI infrastructure. Goal: persistence, lateral movement, data exfiltration, and abuse of compute (e.g., model theft, crypto-mining, or training/serving misuse). Modularity enables plugins for container escape, kubeconfig harvesting, and targeted
Laser Highways: Taara’s Free‑Space Optics Bring Fiber Speeds Without the Dig
Open-air laser links are no longer a laboratory curiosity. Taara, a spinout from an experimental research lab, is shipping systems that aim to deliver fiberlike throughput across streets, between buildings, and even over urban kilometers—without the expense and delay of trenching fiber. The appeal is simple: where fiber exists nearby but legal, financial, or logistical barriers prevent a direct connection,
Bitwarden Adds Passkey Login Support for Windows 11
Bitwarden now supports using passkeys stored in its vault to sign into Windows 11 devices, enabling passwordless, phishing-resistant authentication. The feature is available to all Bitwarden plans, including the free tier. How it works On the Windows sign-in screen, users choose the security key sign-in option and scan a QR code with a mobile device. The passkey stored in the
Enhanced Storage Resiliency with Azure NetApp Files Elastic Zone‑Redundant Service
Data resiliency is a baseline requirement for modern enterprise applications. Short interruptions or data loss can cascade into regulatory, financial, and reputational consequences. Azure NetApp Files (ANF) Elastic zone‑redundant storage (ANF Elastic ZRS) is a managed, multi‑AZ file storage option built on Azure’s ZRS architecture that aims to deliver synchronous multi‑zone replication, automatic failover, and enterprise ONTAP data management features