Update your WordPress

WordPress team was made aware of a cross-site scripting vulnerability, which could enable commenters to compromise a site. The vulnerability was discovered by Jouko Pynnönen. It allows an attacker to inject code into the HTML content received by administrators who maintain the website. Recommended that you update to WordPress 4.2.1.

Mac OS X “Rootpipe” Privilege Escalation

The Admin framework in Apple OS X contains a hidden backdoor API Privilege Escalation to root privileges. It’s been there for several years (at least since 2011). Metasploit has added the POC module to their repo Mac OS X “Rootpipe” Users who aren’t running “yosemite” are shit out of luck so far, Apple had no plans to fix.
More info:truesecdev.wordpress.com

CVE-2014-6271 remote vulnerability in bash

A remotely exploitable vulnerability has been discovered in bash on Linux. The vulnerability affects Debian as well as other Linux distros, patch ASAP.

$ env x='() { :;}; echo vulnerable’ bash -c “echo test”

more info: securityblog.redhat.com

WHMCS 0day

WHMCS, a popular client management, billing and support application for Web hosting providers, released an emergency security update for the 5.2 and 5.1 minor releases, to patch a critical vulnerability that was publicly disclosed. Leaseweb, PureVPN were owned within a few hours.