Bugs, Breaches, and More! – Application Security Weekly #55

March 28, 2019

XSS Vulnerability in Abandoned Cart Plugin Leads to WordPress Site Takeover, The RedMonk Programming Language Rankings: January 2019, I Deleted Facebook Last Year; Here's What Changed (and What Didn't), CommitStrip: Over-excited, and more!


Bugs, Breaches, and More!

1.) This Spyware Data Leak is So Bad We Can't Even Tell You About It

2.) Facebook Stored Hundreds of Millions of User Passwords in Plain Text for Years

3.) Zero-day in WordPress SMTP plugin abused by two hacker groups

If you build it, they will come

1.) No More Forever Tokens: Changes in Identity Management for Kubernetes

2.) Severe Security Bug found in Popular PHP Library for Creating PDF Files

3.) XSS Vulnerability in Abandoned Cart Plugin Leads to WordPress Site Takeover

Learning & Tools

1.) How Do I Prepare to Join a Red Team?

2.) Azure Services Roadmap

3.) The RedMonk Programming Language Rankings: January 2019

Food for Thought

1.) Human Contact is now a Luxury Good

2.) I Deleted Facebook Last Year. Here's What Changed (and What Didn't)

3.) CommitStrip: Over-excited

Full Show Notes


[caption id="attachment_210" align="alignleft" width="120"]Paul Asadorian Paul Asadorian - CEO, Security Weekly.[/caption]


[caption id="attachment_210" align="alignleft" width="120"]Keith Hoodlet Keith Hoodlet - Application Security Manager, Thermo Fisher Scientific.[/caption]






  • Join us April 1-3, at Disney's Contemporary Resort for InfoSec World 2019 where you can connect and network with like-minded individuals in search of actionable information. Visit and use the registration code OS19-SECWEEK for 15% off the Main Conference or World Pass. If you are interested in booking an interview or briefing with Security Weekly, please go to to submit your request!
  • SecureWorld Boston is hosting their 15th annual conference March 27-28 @ the Hynes Convention Center. Security Weekly Listeners save $100 off a full conference pass by visiting and using the code 'SecurityWeekly'
  • John Strand will be teaching Active Defense and Cyber Deception at Black Hat 2019. Please register here! Register Now @

[audio src="" ]

prestitial ad