%20(1).webp)
Cyber Security News
Earth Hundun Hacker Group Employs Advanced Tactics to Evade Detection
Earth Hundun, a notable Asia-Pacific malware organization, uses Waterbear and Deuterbear, first encountered Deuterbear.
Trend Micro
Tracking the Progression of Earth Hundun's Cyberespionage Campaign in 2024
This report describes how Waterbear and Deuterbear — two of the tools in Earth Hundun's arsenal — operate, based on a campaign from 2024.
Security Affairs
Security Affairs newsletter Round 471 by Pierluigi Paganini – INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
.png)
Cyber Security News
Cyber Security News Weekly Round-Up (Vulnerabilities, Cyber Attacks, Threats & New Stories)
Staying informed is the key in this dynamic battle of cybersecurity, and due to this, the weekly news recap provides you with the newest trends, weaknesses, infringements found, and some possible defense mechanisms.
HACKRead
LiteSpeed Cache Plugin XSS Vulnerability Affects 1.8M WordPress Sites
WordPress websites are under attack with a surge of malicious JavaScript being injected using vulnerable versions of the LiteSpeed Cache plugin.
Security Affairs
LiteSpeed Cache WordPress plugin actively exploited in the wild
Threat actors are exploiting a high-severity vulnerability in the LiteSpeed Cache plugin for WordPress to take over web sites
Cyber Security News
Hackers Exploit Litespeed Plugin Flaw To Create Rogue Admin Accounts
WordPress plugins make WordPress more useful, but most of these have flaws that hackers may try to take advantage of to get unauthorized
The Hacker News
Hackers Exploiting LiteSpeed Cache Bug to Gain Full Control of WordPress Sites
A critical flaw in the hugely popular LiteSpeed Cache plugin for WordPress is being exploited in the wild to create rogue admin accounts, granting att
Bleeping Computer
Hackers exploit LiteSpeed Cache flaw to create WordPress admins
Hackers have been targeting WordPress sites with an outdated version of the LiteSpeed Cache plugin to create administrator users and gain control of the websites.
%20(1).webp)
Cyber Security News
Yoast SEO Plugin XSS Flaw Exposes 5 Million+ WordPress Websites to Attack
A critical XSS vulnerability has discovered in the popular Yoast SEO WordPress plugin, potentially putting over 5m websites at risk.
.webp)
Cyber Security News
Critical OpenVPN Zero-Day Flaws Affecting Millions of Endpoints Across the Globe
Security researchers have uncovered four zero-day vulnerabilities within OpenVPN, the world's leading VPN solution.
SecurityWeek
1,400 GitLab Servers Impacted by Exploited Vulnerability
CISA says a critical GitLab password reset flaw is being exploited in attacks and roughly 1,400 servers have not been patched.
Cyber Security News
Investigating Two TeamCity Authentication Bypass Vulnerabilities
Reviewing the “getJspFromRequest” method details we can see that it pulls the HTTP parameter “jsp” from the web request.
Security Affairs
Security Affairs newsletter Round 469 by Pierluigi Paganini – INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
Cyber Security News
Cyber Security News Weekly Round-Up (Vulnerabilities, Cyber Attacks, Threats & New Stories)
Welcome to this week's edition of the Cyber Security News Weekly Round-Up. This issue covers the latest vulnerabilities, cyber attacks, and emerging threats that have been making headlines. Stay informed and stay secure!
The Cyber Express
Hackers Exploit WP-Automatic Plugin Vulnerability, Threatening WordPress Site Security
Hackers have honed in on a critical WP-Automatic plugin vulnerability, aiming to infiltrate WordPress websites by creating unauthorized admin accounts, according
Ars Technica
Hackers try to exploit WordPress plugin vulnerability that’s as severe as it gets
WP Automatic plugin patched, but release notes don't mention the critical fix.
SecurityWeek
Over 1,400 CrushFTP Instances Vulnerable to Exploited Zero-Day
More than 1,400 CrushFTP servers remain vulnerable to an actively exploited zero-day for which PoC has been published.
Security Affairs
Experts warn of malware campaign targeting WP-Automatic plugin
A critical vulnerability in the WordPress Automatic plugin is being exploited to inject backdoors and web shells into websites
SecurityWeek
Critical WordPress Automatic Plugin Vulnerability Exploited to Inject Backdoors
A vulnerability in the WordPress Automatic plugin is being exploited to inject backdoors and web shells into websites.
Cyber Security News
Hackers Actively Exploiting WP Automatic Updates Plugin Vulnerability
WordPress plugins are often targeted by hackers as they have security loopholes that can be exploited by them to hack into sites without
The Hacker News
Hackers Exploiting WP-Automatic Plugin Bug to Create Admin Accounts on WordPress Sites
A critical vulnerability (CVE-2024-27956) in the WP-Automatic plugin is being actively exploited. This flaw could allow attackers to take complete con
Bleeping Computer
WP Automatic WordPress plugin hit by millions of SQL injection attacks
Hackers have started to target a critical severity vulnerability in the WP Automatic plugin for WordPress to create user accounts with administrative privileges and to plant backdoors for long-term access.
Cyber Security News
ArcaneDoor Exploiting Cisco Zero-Days To Attack Government Networks
Hackers target Cisco zero-days as they can abuse the widely used networking equipment that contains vulnerabilities which means they can affect many systems and networks in one shot.
.webp)
Cyber Security News
WordPress Plugin Flaw Exposes 10k+ Websites to Cyber Attacks
A critical vulnerability in the WP Datepicker WordPress plugin was identified, affecting more than 10,000 active installations.
Latest Hacking News
Multiple Vulnerabilities Found In Forminator WordPress Plugin
WordPress admins using the Forminator plugin on their websites must rush to update their sites with the latest plugin release. That’s because numerous vulnerabilities existed in the Forminator plugin that could allow triggering site crashes
%20(1).webp)
Cyber Security News
Forminator WordPress Plugin Flaw Exposes Over 50,000 Websites to Cyber Attacks
Cybersecurity revelation, over 50k websites using the popular WordPress plugin Forminator are at risk due to multiple vulnerabilities.
Security Affairs
A flaw in the Forminator plugin impacts hundreds of thousands of WordPress sites
Japan's CERT warns of a vulnerability in the Forminator WordPress plugin that allows unrestricted file uploads to the server.
Bleeping Computer
Critical Forminator plugin flaw impacts over 300k WordPress sites
The Forminator WordPress plugin used in over 500,000 sites is vulnerable to a flaw that allows malicious actors to perform unrestricted file uploads to the server.
Security Affairs
Linux variant of Cerber ransomware targets Atlassian servers
Threat actors are exploiting the CVE-2023-22518 flaw in Atlassian servers to deploy a Linux variant of Cerber (aka C3RB3R) ransomware.
Infosecurity News
Linux Cerber Ransomware Variant Exploits Atlassian Servers
The attacks exploit CVE-2023-22518, a critical flaw in Atlassian Confluence Data Center and Server
The Hacker News
Critical Atlassian Flaw Exploited to Deploy Linux Variant of Cerber Ransomware
Hackers are exploiting a critical vulnerability in Atlassian servers to gain admin access and deploy a Linux variant of Cerber ransomware.
SC Magazine
Atlassian Confluence Linux instances targeted with Cerber ransomware
Attackers exploited a critical vulnerability to create a new administrator account.
Security Affairs
A renewed espionage campaign targets South Asia with iOS spyware LightSpy
Researchers warn of a renewed cyber espionage campaign targeting users in South Asia with the Apple iOS spyware LightSpy
The Cyber Express
Top 10 Most Common WordPress Vulnerabilities to Look Out For in 2024
WordPress maintains its dominance as a content management system (CMS), reportedly occupying 63.3% of the entire market share. At least
HACKRead
5 Best CAPTCHA Plugins for WordPress Websites
Here's a list of 5 effective CAPTCHA plugins for WordPress that can help enhance the security of your website by preventing spam and bot activities:
The Hacker News
Attackers Using Obfuscation Tools to Deliver Multi-Stage Malware via Invoice Phishing
Cybersecurity experts uncover a sophisticated multi-stage attack! 🛡️ Malware including Venom RAT, Remcos RAT, and more deployed via invoice-themed ph
Cyber Security News
Notepad++ Seeking your Help to Take Down the Parasite Website
The developers of Notepad++, a widely used text and source code editor, have recently issued a call to action to their user base. The plea is an urgent one, and it is aimed at addressing a critical issue that requires the community's immediate attention.
DarkReading
Solar Spider Targets Saudi Arabia Banks via New Malware
An ongoing cyberattack with ties to China uses new version of sophisticated JSOutProx Trojan, now targeting banks in the Middle East.
Security Affairs
Security Affairs newsletter Round 466 by Pierluigi Paganini
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
Bleeping Computer
The new features coming in Windows 11 24H2, expected this fall
Windows 11 24H2 is set to arrive on existing devices this fall with several new features, mostly Copilot-related improvements.
Cyber Security News
Cyber Security News Weekly Round-Up (Vulnerabilities, Cyber Attacks, Threats & New Stories)
Welcome to the Cyber Security News Weekly Round-Up. Each week, we will explore the latest cyber threats, vulnerabilities, and notable stories that have shaped the cybersecurity landscape.
Cyber Security News
Hackers Hijacked Notepad++ Plugin To Inject Malicious Code
Hackers have manipulated a popular Notepad++ plugin, injecting malicious code that compromises users' systems upon execution.
The Cyber Express
Escalation of Fake E-Shop Campaign Threatens Banking Security in Multiple Regions
A recent analysis by Cyble has revealed a concerning escalation in the fake e-shop campaign, signaling a looming threat to
Latest Hacking News
LayerSlider WordPress Plugin Vulnerability Affected Thousands Of Websites
WordPress admins using the LayerSlider plugin on their websites must update their sites with the latest plugin release as soon as possible. The plugin developers patched a critical security vulnerability in LayerSlider that could allow
Cyber Security News
New Fake E-Shopping Attack Hijacking Users Banking Credentials
A fake e-shop scam campaign has been targeting Southeast Asia since 2021, as CRIL observed a surge in activity in September 2022, with the
The Hacker News
Researchers Identify Multiple China Hacker Groups Exploiting Ivanti Security Flaws
Multiple China-linked threat actors exploit zero-day flaws in Ivanti appliances (CVE-2023-46805, CVE-2024-21887, CVE-2024-21893).
The Hacker News
Vietnam-Based Hackers Steal Financial Data Across Asia with Malware
CoralRaider, a suspected Vietnamese threat actor, has been on the prowl since May 2023, targeting Asia and Southeast Asia with malware aimed at steali
%20(1)%20(1).webp)
Cyber Security News
Wordpress Plugin SQL Injection Flaw Exposes 1,000,000 Sites to Cyber Attack
Over a million WordPress websites put at risk due to a critical SQL Injection vulnerability discovered in the popular LayerSlider plugin.
Bleeping Computer
Critical flaw in LayerSlider WordPress plugin impacts 1 million sites
A premium WordPress plugin named LayerSlider, used in over one million sites, is vulnerable to unauthenticated SQL injection, requiring admins to prioritize applying security updates for the plugin.
Cyber Security News
WP-Members Plugin Expose Wordpress Sites To Injection Attacks
A security researcher reported a critical vulnerability in the WP-Members Membership Plugin that allows attackers to inject malicious scripts
SecurityWeek
Critical Vulnerability Found in LayerSlider Plugin Installed on a Million WordPress Sites
A critical SQL injection vulnerability in the LayerSlider WordPress plugin allows attackers to extract sensitive information.
The Hacker News
Critical Security Flaw Found in Popular LayerSlider WordPress Plugin
WordPress sites using LayerSlider versions 7.9.11 - 7.10.0 are vulnerable to attack. Hackers could steal sensitive data like passwords.
SC Magazine
WordPress LayerSlider plugin bug risks password hash extraction
The critical SQL injection flaw was reported through Wordfence for a record $5,500 bug bounty.
Security Affairs
XSS flaw in WordPress WP-Members Plugin can lead to script injection
A cross-site scripting vulnerability (XXS) in the WordPress WP-Members Membership plugin can lead to malicious script injection.
SecurityWeek
Security Flaw in WP-Members Plugin Leads to Script Injection
A cross-site scripting vulnerability in the WP-Members Membership plugin could allow attackers to inject scripts into user profile pages.
%20(1).webp)
Cyber Security News
WordPress Security : XSS Remains as the Most Vulnerability Exploited
Of all the security flaws discovered in the WordPress ecosystem, XSS vulnerabilities accounted for about 53.3% of the total.
The Cyber Express
Millions of WordPress Sites at Risk Due to Essential Addons for Elementor Vulnerability
A new Essential Addons For Elementor vulnerability has been revealed, affecting over 2 million websites utilizing the popular WordPress plugin.
CyberSecurity Dive
Security concerns creep into generative AI adoption
As the AI ecosystem grows and more tools connect to internal data, threat actors have a wider field to introduce vulnerabilities.
Latest Hacking News
Sign1 Malware Targeted Over 2500 WordPress Sites In Recent Campaign
Heads up, WordPress admins! A new malware campaign is actively preying on WordPress websites, generating popup ads. Identified as Sign1, the malware has targeted over 2500 WordPress sites in the recent wave of attacks, exhibiting
The Cyber Express
Rank Math SEO Plugin Vulnerability Exposes 2 Million WordPress Sites
A Rank Math plugin vulnerability affects over 2 million WordPress websites. The flaw, identified as a Stored Cross-Site Scripting (XSS)
CyberNews
Shopify plugins leaked data from nearly 2K stores
A vast amount of sensitive data of unsuspecting shoppers was exposed to threat actors by the e-commerce giant’s plugin developer, with millions of orders being leaked.
.webp)
Cyber Security News
Rank Math SEO Plugin Flaw Exposes 2M+ Websites to Cyber Attack
A significant vulnerability has been identified in the Rank Math SEO plugin for WordPress, this flaw cataloged under CVE-2023-32600,
.webp)
Cyber Security News
Critical OpenVPN Flaw Let Attackers Escalate Privilege
OpenVPN has released their new version 2.6.10 in which there have been several bug fixes and improvements specifically to the Windows
Security Affairs
Sign1 malware campaign already infected 39,000 WordPress sites
A large-scale malware campaign, tracked as Sign1, has already compromised 39,000 WordPress sites in the last six months.
SecurityWeek
In Other News: Google's PQC Threat Model, Keyboard Sounds Expose Data, AI Roadmap
Google’s post-quantum cryptography threat model, keyboard typing sounds can expose data, DHS publishes AI roadmap.
SecurityWeek
39,000 Websites Infected in 'Sign1' Malware Campaign
Over 39,000 websites have been infected in the past months with the Sign1 malware that redirects visitors to scam domains.
The Hacker News
Massive Sign1 Campaign Infects 39,000+ WordPress Sites with Scam Redirects
Over 39,000 WordPress sites have fallen victim to the Sign1 malware campaign in just 6 months, redirecting unsuspecting users to scam sites through ma
Cyber Security News
AcidPour Attacking Linux Systems Running On x86 Architecture
Linux systems are used widely for servers, cloud environments, and IoT devices which makes them an attractive target to cyber criminals as
Bleeping Computer
KDE advises extreme caution after theme wipes Linux user's files
On Wednesday, the KDE team warned Linux users to exercise "extreme caution" when installing global themes, even from the official KDE Store, because these themes run arbitrary code on devices to customize the desktop's appearance.
Bleeping Computer
Evasive Sign1 malware campaign infects 39,000 WordPress sites
A previously unknown malware campaign called Sign1 has infected over 39,000 websites over the past six months, causing visitors to see unwanted redirects and popup ads.
Security Affairs
Threat actors actively exploit JetBrains TeamCity flaws to deliver malware
Multiple threat actors are exploiting the recently disclosed JetBrains TeamCity flaw CVE-2024-27198 in attacks in the wild.
Security Affairs
New AcidPour wiper targets Linux x86 devices.
A new variant of the Russia-linked wiper AcidRain, tracked as AcidPour, was spotted targeting Linux x86 devices.
Bleeping Computer
New AcidPour data wiper targets Linux x86 network devices
A new destructive malware named AcidPour was spotted in the wild, featuring data-wiper functionality and targeting Linux x86 IoT and networking devices.
Security Affairs
Remove WordPress miniOrange plugins, a critical flaw can allow site takeover
A critical vulnerability in WordPress miniOrange's Malware Scanner and Web Application Firewall plugins can allow site takeover.
The Hacker News
WordPress Admins Urged to Remove miniOrange Plugins Due to Critical Flaw
Over 10,300 sites at risk due to a vulnerability in miniOrange plugins allowing unauthenticated password changes and admin access.
Security Affairs
Security Affairs newsletter Round 463 by Pierluigi Paganini
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
.webp)
Cyber Security News
Cyber Security News Weekly Round-Up : Cyber Attacks, Vulnerabilities, Threats & New Cyber Stories
With our weekly cybersecurity news summary, explore and learn about the most recent developments in the cybersecurity field.
SecurityWeek
Discontinued Security Plugins Expose Many WordPress Sites to Takeover
Thousands of WordPress sites are at risk of takeover due to a critical privilege escalation vulnerability in two closed MiniOrange plugins.
The Hacker News
Third-Party ChatGPT Plugins Could Lead to Account Takeovers
Cybersecurity experts have uncovered new vulnerabilities in #ChatGPT's third-party plugins, posing a significant risk to user data and account.
The Hacker News
Malicious Ads Targeting Chinese Users with Fake Notepad++ and VNote Installers
Chinese users searching for Notepad++ & VNote on engines like Baidu face malicious ads leading to fake versions with trojans.
The Hacker News
Researchers Detail Kubernetes Vulnerability That Enables Windows Node Takeover
A high-severity flaw in Kubernetes, CVE-2023-5528, has been patched. This vulnerability allowed attackers remote code execution with SYSTEM privileges
Security Affairs
Researchers found multiple flaws in ChatGPT plugins
Researchers analyzed ChatGPT plugins and discovered several types of vulnerabilities that could lead to data exposure and account takeover.
SC Magazine
Akamai offers POC and Open Policy Agent to block Kubernetes bug
Vulnerability allows remote code execution with System privileges on all Windows endpoints within a Kubernetes cluster.
HACKRead
ChatGPT Plugins Exposed to Critical Vulnerabilities, Risked User Data
ChatGPT plugins are designed to enhance the chatbot's capabilities by enabling it to interact with external services across various domains.
DarkReading
Patch Now: Kubernetes RCE Flaw Allows Full Takeover of Windows Nodes
Attackers can remotely execute code with System privileges by exploiting a vulnerability in the source code of the open-source container management system.
PCMag
Fighting Hackers With GPT-4: Copilot for Security Launches on April 1
Microsoft's enterprise-focused AI promises to summarize cybersecurity reports in easy-to-understand language and point out potential threats.
SecurityWeek
ChatGPT Plugin Vulnerabilities Exposed Data, Accounts
Three types of vulnerabilities related to ChatGPT plugins could have led to data exposure and account takeovers.
Infosecurity News
New Research Exposes Security Risks in ChatGPT Plugins
Salt Security discovered GPT flaws affecting plugin installation, PluginLab and OAuth
Latest Hacking News
Popup Builder Plugin Flaw Exploited To Infect WordPress Sites
Heads up, WordPress admins! It’s time to update your WordPress websites with the latest Popup Builder plugin release. Researchers have discovered criminal hackers exploiting the Popup Builder plugin flaw to infect the target sites with
CyberNews
ChatGPT plugins prone to threat actors, says study
Plugins that allow the OpenAI chatbox to interact with other programs have vulnerabilities that could be exploited during a cyberattack.
SC Magazine
ChatGPT 0-click plugin exploit risked leak of private GitHub repos
Other flaws could leak ChatGPT conversations and third-party account details, researchers found.
HACKRead
FakeUpdates Malware Campaign Targets WordPress - Millions of Sites at Risk
According to CheckPoint, WordPress websites are under attack! FakeUpdates malware exploits vulnerabilities and injects malicious code.
SecurityWeek
SAP Patches Critical Command Injection Vulnerabilities
Enterprise software maker SAP documents multiple critical-severity issues and warns of risk of command injection attacks.
The Hacker News
Malware Campaign Exploits Popup Builder WordPress Plugin to Infect 3,900+ Sites
WordPress sites under attack! A new malware campaign exploits Popup Builder plugin vulnerability (CVE-2023-6000) infecting over 3,900 sites
Cyber Security News
Hackers Compromised 3,300 Websites Using Plug-in Vulnerability
The code redirects users to phishing sites or injects further malware, and the campaign has already infected over 3300 websites.
SC Magazine
Google Gemini bugs enable prompt leaks, injection via Workspace plugin
Files containing malicious prompts could be used to manipulate interactions, researchers say.
SecurityWeek
Ultimate Member Plugin Flaw Exposes 100,000 WordPress Sites to Attacks
A high-severity XSS vulnerability in the Ultimate Member plugin allows attackers to inject scripts into WordPress sites.
Security Affairs
Hackers exploited WordPress Popup Builder plugin flaw to compromise 3,300 sites
Threat actors are hacking WordPress sites by exploiting a flaw, tracked as CVE-2023-6000, in old versions of the Popup Builder plugin
Cyber Security News
Malware Families Adapting To COM Hijacking Technique For Persistence
COM (Component Object Model) hijacking is a technique in which threat actors exploit the core architecture of Windows by adding a new value on
Loading more articles....