Paid Promotion
Add your product or open-source project on TechLogHub
Listing is free. Sponsored featured placements are paid and priced in USD — open the pricing dialog to see plan details.
May 15, 2026
Security & Infrastructure Tools
Critical Funnel Builder WordPress Plugin Bug Exploited to Steal Credit Card Data on WooCommerce Checkouts
Security researchers revealed a critical unauthenticated vulnerability in Funnel Builder for WordPress that injects malicious JavaScript into WooCommerce checkout pages, enabling theft of credit card data. The flaw affects all versions prior to 3.15.0.3 and can be triggered through an exposed checkout endpoint to modify the plugin’s External Scripts setting, loading a skimmer that collects card numbers, CVVs, billing addresses, and other customer data. The malicious payload is disguised as a fake Google Tag Manager/Analytics script and communicates with an attacker-controlled server. FunnelKit released version 3.15.0.3 to fix the issue; admins should update immediately and audit External Scripts for rogue entries. The attack was detected by Sansec and reportedly affects more than 40,000 sites.
By TechLogHub
May 15, 2026
Security & Infrastructure Tools
Avada Builder WordPress plugin flaws allow site credential theft
Two flaws in the Avada Builder WordPress plugin (CVE-2026-4782 and CVE-2026-4798) could let attackers read arbitrary files (potentially exposing wp-config.php) and perform a time-based SQL injection, affecting roughly one million installations. Exploitation paths include authenticated subscriber access for file reads and unauthenticated access when WooCommerce is present and later deactivated. Patches were released as 3.15.2 (partial) and 3.15.3 (fully patched) with 3.15.3 released on May 12, 2026; site owners should update immediately.
By TechLogHub
May 15, 2026
Security & Infrastructure Tools
Microsoft to automatically roll back faulty Windows drivers
Microsoft is piloting Cloud-Initiated Driver Recovery to remotely roll back faulty Windows Update drivers to a previous stable version, eliminating the need for partners or users to intervene. The recovery, managed entirely by Microsoft through Windows Update for drivers rejected during shiproom evaluation, will be tested May–August 2026 and roll out starting September 2026 as part of the Driver Quality Initiative and broader resiliency efforts.
By TechLogHub
May 15, 2026
Security & Infrastructure Tools
Microsoft warns of Exchange zero-day flaw exploited in attacks
Microsoft warns of a high-severity Exchange Server zero-day (CVE-2026-42897) exploited via cross-site scripting to run arbitrary code in Outlook on the Web. The flaw affects Exchange 2016, Exchange 2019, and Exchange SE, with no permanent patch available yet. For immediate protection, Microsoft recommends enabling Exchange Emergency Mitigation Service (EEMS); an on-premises mitigation via EEMS is automatic on eligible servers, and the Exchange On-Premises Mitigation Tool (EOMT) remains an option for air-gapped environments. Patches are planned for Exchange SE RTM, Exchange 2016 CU23, and Exchange 2019 CU14/CU15, though updates for 2016/2019 may be limited to customers in the Period 2 ESU program. CISA and NSA have previously issued guidance to harden Exchange servers against such exploits.
By TechLogHub