Security insights from Bytium operators
Brief updates from Bytium operators on the tactics we see, how we respond, and what your teams can ship today to stay ahead.
Stored XSS in Perfex CRM 3.2.1 Contracts Module
Stored XSS in Perfex CRM 3.2.1 project discussions allows authenticated clients to inject JavaScript that runs for other users.
Stored Cross-Site Scripting in Perfex CRM 3.2.1 Project Discussions
Stored XSS in Perfex CRM 3.2.1 project discussions allows authenticated clients to inject JavaScript that runs for other users.
Why 13,000 WordPress Sites Get Hacked Daily and How to Stop It
WordPress isn’t “insecure by default”, but outdated plugins, weak configs, and sloppy access control make it an easy target. Here’s how attacks happen and what to do.
Stored XSS Vulnerabilities in CRMGo SaaS 7.2
Two stored cross-site scripting (XSS) vulnerabilities were identified in CRMGo SaaS version 7.2
Blind SQL Injection in RISE CRM (CVE-2024-8945)
Case study detailing the discovery, validation, and remediation of a blind SQL injection vulnerability in RISE CRM version 3.7.0.
Fix VMware Workstation Host Modules on Linux Kernel (vmmon/vmnet)
How to patch and rebuild VMware Workstation host modules (vmmon/vmnet) on Debian/Ubuntu/Fedora after a kernel update breaks compilation or networking.
Rapid Security Assessment of a Custom School Management Application
A case study detailing a time-boxed security assessment of a custom school management system, identifying high and critical vulnerabilities through manual testing.
Practical WordPress Security Hardening: A Technical Guide
A practical, technical guide to hardening WordPress security using code-level controls, configuration changes, and layered defenses without relying on excessive plugins.