lystn

Attacks on unpatched SolarWinds systems continue. We're now learning of a supply chain attack that started in late January 2021 affecting 29,000 customers of Codecov, as well as a zero-day under active attack affecting customers of PulseSecure VPN. Customers of these three services are well known enterprise and government organizations. In the WordPress space, there are two add-on plugins experiencing active attacks: Kaswara Modern WPBakery Page Builder Addons and The Plus Addons for Elementor. Vulnerabilities discovered by our threat intel team in Redirection for Contact Form 7 were patched. We also take a look at updates coming in WordPress 5.8 to prepare the way for WordPress full-site editing.