Cyber Security News
Earth Hundun Hacker Group Employs Advanced Tactics to Evade Detection
Earth Hundun, a notable Asia-Pacific malware organization, uses Waterbear and Deuterbear, first encountered Deuterbear.
Cyber Security News
Earth Hundun, a notable Asia-Pacific malware organization, uses Waterbear and Deuterbear, first encountered Deuterbear.
Trend Micro
This report describes how Waterbear and Deuterbear — two of the tools in Earth Hundun's arsenal — operate, based on a campaign from 2024.
Security Affairs
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
Cyber Security News
Staying informed is the key in this dynamic battle of cybersecurity, and due to this, the weekly news recap provides you with the newest trends, weaknesses, infringements found, and some possible defense mechanisms.
HACKRead
WordPress websites are under attack with a surge of malicious JavaScript being injected using vulnerable versions of the LiteSpeed Cache plugin.
Security Affairs
Threat actors are exploiting a high-severity vulnerability in the LiteSpeed Cache plugin for WordPress to take over web sites
Cyber Security News
WordPress plugins make WordPress more useful, but most of these have flaws that hackers may try to take advantage of to get unauthorized
The Hacker News
A critical flaw in the hugely popular LiteSpeed Cache plugin for WordPress is being exploited in the wild to create rogue admin accounts, granting att
Bleeping Computer
Hackers have been targeting WordPress sites with an outdated version of the LiteSpeed Cache plugin to create administrator users and gain control of the websites.
Cyber Security News
A critical XSS vulnerability has discovered in the popular Yoast SEO WordPress plugin, potentially putting over 5m websites at risk.
Cyber Security News
Security researchers have uncovered four zero-day vulnerabilities within OpenVPN, the world's leading VPN solution.
SecurityWeek
CISA says a critical GitLab password reset flaw is being exploited in attacks and roughly 1,400 servers have not been patched.
Cyber Security News
Reviewing the “getJspFromRequest” method details we can see that it pulls the HTTP parameter “jsp” from the web request.
Security Affairs
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
Cyber Security News
Welcome to this week's edition of the Cyber Security News Weekly Round-Up. This issue covers the latest vulnerabilities, cyber attacks, and emerging threats that have been making headlines. Stay informed and stay secure!
The Cyber Express
Hackers have honed in on a critical WP-Automatic plugin vulnerability, aiming to infiltrate WordPress websites by creating unauthorized admin accounts, according
Ars Technica
WP Automatic plugin patched, but release notes don't mention the critical fix.
SecurityWeek
More than 1,400 CrushFTP servers remain vulnerable to an actively exploited zero-day for which PoC has been published.
Security Affairs
A critical vulnerability in the WordPress Automatic plugin is being exploited to inject backdoors and web shells into websites
SecurityWeek
A vulnerability in the WordPress Automatic plugin is being exploited to inject backdoors and web shells into websites.
Cyber Security News
WordPress plugins are often targeted by hackers as they have security loopholes that can be exploited by them to hack into sites without
The Hacker News
A critical vulnerability (CVE-2024-27956) in the WP-Automatic plugin is being actively exploited. This flaw could allow attackers to take complete con
Bleeping Computer
Hackers have started to target a critical severity vulnerability in the WP Automatic plugin for WordPress to create user accounts with administrative privileges and to plant backdoors for long-term access.
Cyber Security News
Hackers target Cisco zero-days as they can abuse the widely used networking equipment that contains vulnerabilities which means they can affect many systems and networks in one shot.
Cyber Security News
A critical vulnerability in the WP Datepicker WordPress plugin was identified, affecting more than 10,000 active installations.
Latest Hacking News
WordPress admins using the Forminator plugin on their websites must rush to update their sites with the latest plugin release. That’s because numerous vulnerabilities existed in the Forminator plugin that could allow triggering site crashes
Cyber Security News
Cybersecurity revelation, over 50k websites using the popular WordPress plugin Forminator are at risk due to multiple vulnerabilities.
Security Affairs
Japan's CERT warns of a vulnerability in the Forminator WordPress plugin that allows unrestricted file uploads to the server.
Bleeping Computer
The Forminator WordPress plugin used in over 500,000 sites is vulnerable to a flaw that allows malicious actors to perform unrestricted file uploads to the server.
Security Affairs
Threat actors are exploiting the CVE-2023-22518 flaw in Atlassian servers to deploy a Linux variant of Cerber (aka C3RB3R) ransomware.
Infosecurity News
The attacks exploit CVE-2023-22518, a critical flaw in Atlassian Confluence Data Center and Server
The Hacker News
Hackers are exploiting a critical vulnerability in Atlassian servers to gain admin access and deploy a Linux variant of Cerber ransomware.
SC Magazine
Attackers exploited a critical vulnerability to create a new administrator account.
Security Affairs
Researchers warn of a renewed cyber espionage campaign targeting users in South Asia with the Apple iOS spyware LightSpy
The Cyber Express
WordPress maintains its dominance as a content management system (CMS), reportedly occupying 63.3% of the entire market share. At least
HACKRead
Here's a list of 5 effective CAPTCHA plugins for WordPress that can help enhance the security of your website by preventing spam and bot activities:
The Hacker News
Cybersecurity experts uncover a sophisticated multi-stage attack! 🛡️ Malware including Venom RAT, Remcos RAT, and more deployed via invoice-themed ph
Cyber Security News
The developers of Notepad++, a widely used text and source code editor, have recently issued a call to action to their user base. The plea is an urgent one, and it is aimed at addressing a critical issue that requires the community's immediate attention.
DarkReading
An ongoing cyberattack with ties to China uses new version of sophisticated JSOutProx Trojan, now targeting banks in the Middle East.
Security Affairs
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
Bleeping Computer
Windows 11 24H2 is set to arrive on existing devices this fall with several new features, mostly Copilot-related improvements.
Cyber Security News
Welcome to the Cyber Security News Weekly Round-Up. Each week, we will explore the latest cyber threats, vulnerabilities, and notable stories that have shaped the cybersecurity landscape.
Cyber Security News
Hackers have manipulated a popular Notepad++ plugin, injecting malicious code that compromises users' systems upon execution.
The Cyber Express
A recent analysis by Cyble has revealed a concerning escalation in the fake e-shop campaign, signaling a looming threat to
Latest Hacking News
WordPress admins using the LayerSlider plugin on their websites must update their sites with the latest plugin release as soon as possible. The plugin developers patched a critical security vulnerability in LayerSlider that could allow
Cyber Security News
A fake e-shop scam campaign has been targeting Southeast Asia since 2021, as CRIL observed a surge in activity in September 2022, with the
The Hacker News
Multiple China-linked threat actors exploit zero-day flaws in Ivanti appliances (CVE-2023-46805, CVE-2024-21887, CVE-2024-21893).
The Hacker News
CoralRaider, a suspected Vietnamese threat actor, has been on the prowl since May 2023, targeting Asia and Southeast Asia with malware aimed at steali
Cyber Security News
Over a million WordPress websites put at risk due to a critical SQL Injection vulnerability discovered in the popular LayerSlider plugin.
Bleeping Computer
A premium WordPress plugin named LayerSlider, used in over one million sites, is vulnerable to unauthenticated SQL injection, requiring admins to prioritize applying security updates for the plugin.
Cyber Security News
A security researcher reported a critical vulnerability in the WP-Members Membership Plugin that allows attackers to inject malicious scripts
SecurityWeek
A critical SQL injection vulnerability in the LayerSlider WordPress plugin allows attackers to extract sensitive information.
The Hacker News
WordPress sites using LayerSlider versions 7.9.11 - 7.10.0 are vulnerable to attack. Hackers could steal sensitive data like passwords.
SC Magazine
The critical SQL injection flaw was reported through Wordfence for a record $5,500 bug bounty.
Security Affairs
A cross-site scripting vulnerability (XXS) in the WordPress WP-Members Membership plugin can lead to malicious script injection.
SecurityWeek
A cross-site scripting vulnerability in the WP-Members Membership plugin could allow attackers to inject scripts into user profile pages.
Cyber Security News
Of all the security flaws discovered in the WordPress ecosystem, XSS vulnerabilities accounted for about 53.3% of the total.
The Cyber Express
A new Essential Addons For Elementor vulnerability has been revealed, affecting over 2 million websites utilizing the popular WordPress plugin.
CyberSecurity Dive
As the AI ecosystem grows and more tools connect to internal data, threat actors have a wider field to introduce vulnerabilities.
Latest Hacking News
Heads up, WordPress admins! A new malware campaign is actively preying on WordPress websites, generating popup ads. Identified as Sign1, the malware has targeted over 2500 WordPress sites in the recent wave of attacks, exhibiting
The Cyber Express
A Rank Math plugin vulnerability affects over 2 million WordPress websites. The flaw, identified as a Stored Cross-Site Scripting (XSS)
CyberNews
A vast amount of sensitive data of unsuspecting shoppers was exposed to threat actors by the e-commerce giant’s plugin developer, with millions of orders being leaked.
Cyber Security News
A significant vulnerability has been identified in the Rank Math SEO plugin for WordPress, this flaw cataloged under CVE-2023-32600,
Cyber Security News
OpenVPN has released their new version 2.6.10 in which there have been several bug fixes and improvements specifically to the Windows
Security Affairs
A large-scale malware campaign, tracked as Sign1, has already compromised 39,000 WordPress sites in the last six months.
SecurityWeek
Google’s post-quantum cryptography threat model, keyboard typing sounds can expose data, DHS publishes AI roadmap.
SecurityWeek
Over 39,000 websites have been infected in the past months with the Sign1 malware that redirects visitors to scam domains.
The Hacker News
Over 39,000 WordPress sites have fallen victim to the Sign1 malware campaign in just 6 months, redirecting unsuspecting users to scam sites through ma
Cyber Security News
Linux systems are used widely for servers, cloud environments, and IoT devices which makes them an attractive target to cyber criminals as
Bleeping Computer
On Wednesday, the KDE team warned Linux users to exercise "extreme caution" when installing global themes, even from the official KDE Store, because these themes run arbitrary code on devices to customize the desktop's appearance.
Bleeping Computer
A previously unknown malware campaign called Sign1 has infected over 39,000 websites over the past six months, causing visitors to see unwanted redirects and popup ads.
Security Affairs
Multiple threat actors are exploiting the recently disclosed JetBrains TeamCity flaw CVE-2024-27198 in attacks in the wild.
Security Affairs
A new variant of the Russia-linked wiper AcidRain, tracked as AcidPour, was spotted targeting Linux x86 devices.
Bleeping Computer
A new destructive malware named AcidPour was spotted in the wild, featuring data-wiper functionality and targeting Linux x86 IoT and networking devices.
Security Affairs
A critical vulnerability in WordPress miniOrange's Malware Scanner and Web Application Firewall plugins can allow site takeover.
The Hacker News
Over 10,300 sites at risk due to a vulnerability in miniOrange plugins allowing unauthenticated password changes and admin access.
Security Affairs
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
Cyber Security News
With our weekly cybersecurity news summary, explore and learn about the most recent developments in the cybersecurity field.
SecurityWeek
Thousands of WordPress sites are at risk of takeover due to a critical privilege escalation vulnerability in two closed MiniOrange plugins.
The Hacker News
Cybersecurity experts have uncovered new vulnerabilities in #ChatGPT's third-party plugins, posing a significant risk to user data and account.
The Hacker News
Chinese users searching for Notepad++ & VNote on engines like Baidu face malicious ads leading to fake versions with trojans.
The Hacker News
A high-severity flaw in Kubernetes, CVE-2023-5528, has been patched. This vulnerability allowed attackers remote code execution with SYSTEM privileges
Security Affairs
Researchers analyzed ChatGPT plugins and discovered several types of vulnerabilities that could lead to data exposure and account takeover.
SC Magazine
Vulnerability allows remote code execution with System privileges on all Windows endpoints within a Kubernetes cluster.
HACKRead
ChatGPT plugins are designed to enhance the chatbot's capabilities by enabling it to interact with external services across various domains.
DarkReading
Attackers can remotely execute code with System privileges by exploiting a vulnerability in the source code of the open-source container management system.
PCMag
Microsoft's enterprise-focused AI promises to summarize cybersecurity reports in easy-to-understand language and point out potential threats.
SecurityWeek
Three types of vulnerabilities related to ChatGPT plugins could have led to data exposure and account takeovers.
Infosecurity News
Salt Security discovered GPT flaws affecting plugin installation, PluginLab and OAuth
Latest Hacking News
Heads up, WordPress admins! It’s time to update your WordPress websites with the latest Popup Builder plugin release. Researchers have discovered criminal hackers exploiting the Popup Builder plugin flaw to infect the target sites with
CyberNews
Plugins that allow the OpenAI chatbox to interact with other programs have vulnerabilities that could be exploited during a cyberattack.
SC Magazine
Other flaws could leak ChatGPT conversations and third-party account details, researchers found.
HACKRead
According to CheckPoint, WordPress websites are under attack! FakeUpdates malware exploits vulnerabilities and injects malicious code.
SecurityWeek
Enterprise software maker SAP documents multiple critical-severity issues and warns of risk of command injection attacks.
The Hacker News
WordPress sites under attack! A new malware campaign exploits Popup Builder plugin vulnerability (CVE-2023-6000) infecting over 3,900 sites
Cyber Security News
The code redirects users to phishing sites or injects further malware, and the campaign has already infected over 3300 websites.
SC Magazine
Files containing malicious prompts could be used to manipulate interactions, researchers say.
SecurityWeek
A high-severity XSS vulnerability in the Ultimate Member plugin allows attackers to inject scripts into WordPress sites.
Security Affairs
Threat actors are hacking WordPress sites by exploiting a flaw, tracked as CVE-2023-6000, in old versions of the Popup Builder plugin
Cyber Security News
COM (Component Object Model) hijacking is a technique in which threat actors exploit the core architecture of Windows by adding a new value on
Loading more articles....