SQLi flaw in Elementor Ally plugin impacts 250k+ WordPress sites

An SQL injection vulnerability in Ally, a WordPress plugin from Elementor for web accessibility and usability with more than 400,000 installations, could be exploited to steal sensitive data without ...
Hackaday

This Week In Security: Plenty Of Patches, Replacing Old Gear, And Phrack Calls For Papers

When Friday the Thirteenth and Patch Tuesday happen on the same week, we’re surely in for a good time. Anyone who maintains any sort of Microsoft ecosystem knows by now to brace for impact ...
GitHub

Penpot's Official MCP Server

Penpot integrates a LLM layer built on the Model Context Protocol (MCP) via Penpot's Plugin API to interact with a Penpot design file. Penpot's MCP server enables LLMs to perfom data queries, ...
winbuzzer.com

Microsoft March 2026 Patch Tuesday: 84 Fixes, Two Zero-Days, and an AI-Found CVSS 9.8

A fully autonomous AI agent has claimed the top of HackerOne’s bug bounty leaderboard – and this month it submitted a CVSS 9.8 remote code execution flaw to Microsoft via HackerOne that the company ...