April 27, Softpedia – (International) Wordpress 4.2 affected by zero-day stored XSS, PoC available. A security researcher from Klikki Oy discovered a stored cross-site scripting (XSS) vulnerability in WordPress 4.2 and earlier versions in which unauthenticated parties can exploit a flaw in comment text truncation to run arbitrary code on affected servers. Source
April 25, Softpedia – (International) Over 25,000 iOS apps affected by bug breaking HTTPS. Security researchers at SourceDNA discovered a vulnerability in version 2.5.3 of the AFNetworking library for Apple iOS and OS X products in which attackers could carry out man-in-the-middle (MitM) attacks and access encrypted information by exploiting the library’s failure to check the domain name secure sockets layer (SSL) certificates were issued for. More than 25,000 apps are affected by the flaw. Source