Two high severity vulnerabilities found in the Page Builder WordPress plugin installed on more than 1,000,000 sites can let hackers create new admin accounts, plant backdoors, and ultimately take over the compromised websites.

Attackers exploited a zeroday vulnerability in Apple’s iTunes and iCloud programs to infect Windows computers with ransomware without triggering antivirus protections, researchers from Morphisec reported on Thursday. Apple patched the vulnerability earlier this week.

Microsoft has released two unscheduled security updates, one of which patches a critical Internet Explorer vulnerability that attackers are actively exploiting in the wild.

Over the years, many websites and services have been hacked from groups of black hat hackers. Stemming from these hacks are lists containing compromised emails and their accompanying passwords, all of which are frequently used by these groups as bargaining chips to extort their victims for money.

The world’s most popular web server, Apache HTTP Server, had a critical vulnerability that could give an attacker a way to gain ‘root’ control on systems.