AmbiguousProps

The latest count of public EV chargers has swelled to 192,000. According to the U.S. Department of Energy, this number has doubled since the Biden administration took office and is continuing to grow at a rapid rate of 1,000 new chargers every week.

Along with the announcement comes the awarding of $521 million in grants to further expand charging access across the U.S. highway system. This includes 29 states, the District of Columbia, and two Federally Recognized Tribes—a total of 9,200 new EV charging ports.

"The Biden-Harris Administration has been clear about America leading the EV revolution, and thanks to the historic infrastructure package, we’re building a nationwide EV charger network to make sure all drivers have an accessible, reliable, and convenient way to charge their vehicles," said U.S. Secretary of Transportation Pete Buttigieg. "The awards that we’re announcing today will build on this important work and will help ensure that the cost savings, health and climate benefits, and jobs of the EV future are secured for Americans across the country."

The growth rate is rather impressive, actually. In mid-January, the U.S. government reported more than 169,000 chargers were deployed and online, meaning a 14% growth in just seven months. The number of chargers deployed weekly has also grown by 11%—from 900 to 1,000—during the same period.

A critical security flaw has been disclosed in the WPML WordPress multilingual plugin that could allow authenticated users to execute arbitrary code remotely under certain circumstances.

The vulnerability, tracked as CVE-2024-6386 (CVSS score: 9.9), impacts all versions of the plugin before 4.6.13, which was released on August 20, 2024.

Arising due to missing input validation and sanitization, the issue makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server.

WPML is a popular plugin used for building multilingual WordPress sites. It has over one million active installations.

Polestar, the electric car manufacturer owned by Chinese-based giant Geely, will have a new chief operating officer starting next month. On October 1, Thomas Ingenlath, who served as CEO since the company’s inception as a standalone automaker in 2017, will step down.

Michael Lohscheller will take his place and try to transform Polestar from an EV startup into a bigger player in the automotive industry. Lohscheller was CEO at several other automotive companies in the last decade. Between 2017 and 2021 he spearheaded Opel, then moved to the position of Global CEO at VinFast. After just seven months, he jumped ship to Nikola, the maker of battery- and hydrogen-powered big rigs, where he acted as both president and CEO until September 2023, according to his LinkedIn profile.

Thousands of Fred Meyer workers in the Portland area plan to walk off the job early Wednesday, striking over alleged breaches of labor relations laws and amid contentious contract negotiations.

The United Food and Commercial Workers Local 555, which represents roughly 4,500 Fred Meyer workers across the Portland area, told The Oregonian/OregonLive on Tuesday that the strike would begin at 6 a.m. Wednesday and continue nearly a week, until 8 a.m. next Tuesday.

The Port of Seattle continues to deal with an ongoing cyberattack that began Saturday and was still affecting various operations through Sunday, including at Seattle-Tacoma International Airport.

The Port detected “unauthorized activity” on its systems Saturday morning in what it believes was a cyberattack, said Lance Lyttle, managing director of aviation for Sea-Tac Airport.

“We can’t yet say when this will be resolved,” Lyttle said at a media press conference Sunday.

I do some freelance on the side and it's getting kind of difficult to properly track my billable hours. Is there an invoice system that I can track them with, along with generating invoices?

Thanks!

Cybersecurity researchers have unpacked a new malware strain dubbed PG_MEM that's designed to mine cryptocurrency after brute-forcing their way into PostgreSQL database instances.

"Brute-force attacks on Postgres involve repeatedly attempting to guess the database credentials until access is gained, exploiting weak passwords," Aqua security researcher Assaf Morag said in a technical report.

"Once accessed, attackers can leverage the COPY ... FROM PROGRAM SQL command to execute arbitrary shell commands on the host, allowing them to perform malicious activities such as data theft or deploying malware."

The attack chain observed by the cloud security firm entails targeting misconfigured PostgreSQL databases to create an administrator role in Postgres and exploiting a feature called PROGRAM to run shell commands.

Cybersecurity researchers have disclosed a critical security flaw in the LiteSpeed Cache plugin for WordPress that could permit unauthenticated users to gain administrator privileges.

"The plugin suffers from an unauthenticated privilege escalation vulnerability which allows any unauthenticated visitor to gain Administrator level access after which malicious plugins could be uploaded and installed," Patchstack's Rafie Muhammad said in a Wednesday report.

The vulnerability, tracked as CVE-2024-28000 (CVSS score: 9.8), has been patched in version 6.4 of the plugin released on August 13, 2024. It impacts all versions of the plugin, including and prior to 6.3.0.1.

LiteSpeed Cache is one of the most widely used caching plugins in WordPress with over five million active installations.