Cyber Security News
Earth Hundun Hacker Group Employs Advanced Tactics to Evade Detection
Earth Hundun, a notable Asia-Pacific malware organization, uses Waterbear and Deuterbear, first encountered Deuterbear.
Cyber Security News
Earth Hundun, a notable Asia-Pacific malware organization, uses Waterbear and Deuterbear, first encountered Deuterbear.
Trend Micro
This report describes how Waterbear and Deuterbear — two of the tools in Earth Hundun's arsenal — operate, based on a campaign from 2024.
Cyber Security News
Staying informed is the key in this dynamic battle of cybersecurity, and due to this, the weekly news recap provides you with the newest trends, weaknesses, infringements found, and some possible defense mechanisms.
Infosecurity News
Researchers discover 75,000+ domains hosting fraudulent e-commerce sites, in a campaign dubbed BogusBazaar
HACKRead
WordPress websites are under attack with a surge of malicious JavaScript being injected using vulnerable versions of the LiteSpeed Cache plugin.
Bleeping Computer
A massive network of 75,000 fake online shops called 'BogusBazaar' tricked over 850,000 people in the US and Europe into making purchases, allowing the criminals to steal credit card information and attempt to process an estimated $50 million in fake orders.
Cyber Security News
WordPress plugins make WordPress more useful, but most of these have flaws that hackers may try to take advantage of to get unauthorized
The Hacker News
A critical flaw in the hugely popular LiteSpeed Cache plugin for WordPress is being exploited in the wild to create rogue admin accounts, granting att
Bleeping Computer
Hackers have been targeting WordPress sites with an outdated version of the LiteSpeed Cache plugin to create administrator users and gain control of the websites.
Cyber Security News
A critical XSS vulnerability has discovered in the popular Yoast SEO WordPress plugin, potentially putting over 5m websites at risk.
Cyber Security News
The weekly news summary keeps you up to date with what’s happening in cybersecurity, including developments, vulnerabilities, breaches, threats, and defensive strategies. Knowing about new cyber risks and attack vectors helps you put up safeguards and preventive measures as soon as possible to protect your systems. Remaining constantly aware gives you a holistic view of […]
Bleeping Computer
Identity Access Management (IAM) solutions are recognized as an essential component to a business's overall security strategy. Learn more from Tenfold Security on how a business can benefit from an IAM solution.
Cyber Security News
Security researchers have uncovered four zero-day vulnerabilities within OpenVPN, the world's leading VPN solution.
CyberNews
How AI and ML models can increase software supply chain risks and lead to cybersecurity incidents
Cyber Security News
Welcome to this week's edition of the Cyber Security News Weekly Round-Up. This issue covers the latest vulnerabilities, cyber attacks, and emerging threats that have been making headlines. Stay informed and stay secure!
Ars Technica
WP Automatic plugin patched, but release notes don't mention the critical fix.
Security Affairs
A critical vulnerability in the WordPress Automatic plugin is being exploited to inject backdoors and web shells into websites
SecurityWeek
A vulnerability in the WordPress Automatic plugin is being exploited to inject backdoors and web shells into websites.
Cyber Security News
WordPress plugins are often targeted by hackers as they have security loopholes that can be exploited by them to hack into sites without
The Hacker News
A critical vulnerability (CVE-2024-27956) in the WP-Automatic plugin is being actively exploited. This flaw could allow attackers to take complete con
DarkReading
Attacks by a previously unknown state-sponsored actor leveraged two bugs in firewall devices to install custom backdoors on several government networks globally.
Bleeping Computer
Hackers have started to target a critical severity vulnerability in the WP Automatic plugin for WordPress to create user accounts with administrative privileges and to plant backdoors for long-term access.
Infosecurity News
An advisory from Cisco Talos has highlighted a sophisticated cyber-espionage campaign targeting government networks globally
Cyber Security News
Cybersecurity revelation, over 50k websites using the popular WordPress plugin Forminator are at risk due to multiple vulnerabilities.
Bleeping Computer
The Forminator WordPress plugin used in over 500,000 sites is vulnerable to a flaw that allows malicious actors to perform unrestricted file uploads to the server.
The Hacker News
Ukrainian government networks have been compromised by the OfflRouter malware since 2015. This malware is causing sensitive documents to be exposed.
Security Affairs
Researchers warn of a renewed cyber espionage campaign targeting users in South Asia with the Apple iOS spyware LightSpy
The Hacker News
A sophisticated cyber-espionage campaign has re-emerged, targeting South Asia with an iOS spyware implant called LightSpy.
Security Affairs
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
The Cyber Express
WordPress maintains its dominance as a content management system (CMS), reportedly occupying 63.3% of the entire market share. At least
HACKRead
Here's a list of 5 effective CAPTCHA plugins for WordPress that can help enhance the security of your website by preventing spam and bot activities:
The Hacker News
E-commerce website owners and admins – BEWARE! Reseachers uncover a credit card skimmer hidden within a bogus Meta Pixel tracker script.
DarkReading
Various anti-detection features, including use of ScrubCrypt antivirus-evasion tool, fuel an attack that aims to take over Microsoft Windows machines.
Security Affairs
Researchers discovered a sophisticated multi-stage attack that leverages ScrubCrypt to drop VenomRAT along with many malicious plugins.
The Hacker News
Cybersecurity experts uncover a sophisticated multi-stage attack! 🛡️ Malware including Venom RAT, Remcos RAT, and more deployed via invoice-themed ph
DarkReading
An ongoing cyberattack with ties to China uses new version of sophisticated JSOutProx Trojan, now targeting banks in the Middle East.
Cyber Security News
GitLab is a prominent web-based Git repository manager that is exploited by hackers to gain unauthorized access to confidential source code,
Bleeping Computer
Windows 11 24H2 is set to arrive on existing devices this fall with several new features, mostly Copilot-related improvements.
Cyber Security News
Welcome to the Cyber Security News Weekly Round-Up. Each week, we will explore the latest cyber threats, vulnerabilities, and notable stories that have shaped the cybersecurity landscape.
The Hacker News
Financial organizations in APAC & MENA are under attack. A sophisticated threat dubbed JSOutProx combines JavaScript & .NET to infiltrate systems.
Bleeping Computer
Visa is warning about a spike in detections for a new version of the JsOutProx malware targeting financial institutions and their customers.
Bleeping Computer
A premium WordPress plugin named LayerSlider, used in over one million sites, is vulnerable to unauthenticated SQL injection, requiring admins to prioritize applying security updates for the plugin.
Security Affairs
Resecurity researchers warn that a new Version of JsOutProx is targeting financial institutions in APAC and MENA via Gitlab abuse.
SecurityWeek
A critical SQL injection vulnerability in the LayerSlider WordPress plugin allows attackers to extract sensitive information.
The Hacker News
WordPress sites using LayerSlider versions 7.9.11 - 7.10.0 are vulnerable to attack. Hackers could steal sensitive data like passwords.
SC Magazine
The critical SQL injection flaw was reported through Wordfence for a record $5,500 bug bounty.
SecurityWeek
A cross-site scripting vulnerability in the WP-Members Membership plugin could allow attackers to inject scripts into user profile pages.
Cyber Security News
Of all the security flaws discovered in the WordPress ecosystem, XSS vulnerabilities accounted for about 53.3% of the total.
Cyber Security News
This weekly cybersecurity news recap keeps you informed about the latest threats, exposures, mitigation techniques, and emerging malicious tactics that could compromise systems.
SecurityWeek
US government conducting airline privacy review, SEC’s overreaching SolarWinds hack probe, MFA bombing of Apple users.
The Cyber Express
A new Essential Addons For Elementor vulnerability has been revealed, affecting over 2 million websites utilizing the popular WordPress plugin.
CyberNews
Apple users are being targeted by MFA bombing attacks, also known as push notification spam. Bad actors might be exploiting a bug in Apple’s password reset feature.
CyberNews
Old routers and IoT devices have been identified as key targets for six large malware campaigns. Cybersecurity experts are urging users to update their devices.
CyberNews
In 2016, Facebook launched a secret project to acquire, decrypt, transfer, and use private, encrypted in-app analytics from Snapchat, YouTube, and Amazon.
CyberSecurity Dive
As the AI ecosystem grows and more tools connect to internal data, threat actors have a wider field to introduce vulnerabilities.
Bleeping Computer
Microsoft has released the March 2024 non-security KB5035942 preview update for Windows 11 23H2, which enables Moment 5 features by default and fixes 18 known issues.
Latest Hacking News
Heads up, WordPress admins! A new malware campaign is actively preying on WordPress websites, generating popup ads. Identified as Sign1, the malware has targeted over 2500 WordPress sites in the recent wave of attacks, exhibiting
The Cyber Express
A Rank Math plugin vulnerability affects over 2 million WordPress websites. The flaw, identified as a Stored Cross-Site Scripting (XSS)
CyberNews
A vast amount of sensitive data of unsuspecting shoppers was exposed to threat actors by the e-commerce giant’s plugin developer, with millions of orders being leaked.
The Hacker News
Minecraft faces a growing threat from DDoS attacks, impacting over 500 million registered users. Learn how these attacks disrupt gameplay and what you
Cyber Security News
A significant vulnerability has been identified in the Rank Math SEO plugin for WordPress, this flaw cataloged under CVE-2023-32600,
Cyber Security News
OpenVPN has released their new version 2.6.10 in which there have been several bug fixes and improvements specifically to the Windows
Security Affairs
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
Security Affairs
A large-scale malware campaign, tracked as Sign1, has already compromised 39,000 WordPress sites in the last six months.
HACKRead
Sign1 malware's tactics make it a significant threat as it uses time-based randomization to generate dynamic URLs, making it difficult to block.
The Hacker News
Over 39,000 WordPress sites have fallen victim to the Sign1 malware campaign in just 6 months, redirecting unsuspecting users to scam sites through ma
Bleeping Computer
On Wednesday, the KDE team warned Linux users to exercise "extreme caution" when installing global themes, even from the official KDE Store, because these themes run arbitrary code on devices to customize the desktop's appearance.
Bleeping Computer
A previously unknown malware campaign called Sign1 has infected over 39,000 websites over the past six months, causing visitors to see unwanted redirects and popup ads.
The Hacker News
With the explosion of SaaS applications in the modern workplace, IT and security teams often struggle to keep up with vendor risk assessments.
Security Affairs
A critical vulnerability in WordPress miniOrange's Malware Scanner and Web Application Firewall plugins can allow site takeover.
The Hacker News
Over 10,300 sites at risk due to a vulnerability in miniOrange plugins allowing unauthenticated password changes and admin access.
Cyber Security News
With our weekly cybersecurity news summary, explore and learn about the most recent developments in the cybersecurity field.
SecurityWeek
Thousands of WordPress sites are at risk of takeover due to a critical privilege escalation vulnerability in two closed MiniOrange plugins.
The Hacker News
Cybersecurity experts have uncovered new vulnerabilities in #ChatGPT's third-party plugins, posing a significant risk to user data and account.
SecurityWeek
Microsoft announces that its Copilot for Security generative AI security solution will become generally available on April 1.
Security Affairs
Researchers analyzed ChatGPT plugins and discovered several types of vulnerabilities that could lead to data exposure and account takeover.
SC Magazine
Vulnerability allows remote code execution with System privileges on all Windows endpoints within a Kubernetes cluster.
HACKRead
ChatGPT plugins are designed to enhance the chatbot's capabilities by enabling it to interact with external services across various domains.
CSO
Available worldwide on April 1, Microsoft Copilot for Security uses generative AI to provide incident summaries, step-by-step remediation guidance, and reverse-engineering of scripts.
SecurityWeek
Three types of vulnerabilities related to ChatGPT plugins could have led to data exposure and account takeovers.
Infosecurity News
Salt Security discovered GPT flaws affecting plugin installation, PluginLab and OAuth
Latest Hacking News
Heads up, WordPress admins! It’s time to update your WordPress websites with the latest Popup Builder plugin release. Researchers have discovered criminal hackers exploiting the Popup Builder plugin flaw to infect the target sites with
CyberNews
Plugins that allow the OpenAI chatbox to interact with other programs have vulnerabilities that could be exploited during a cyberattack.
SC Magazine
Other flaws could leak ChatGPT conversations and third-party account details, researchers found.
HACKRead
According to CheckPoint, WordPress websites are under attack! FakeUpdates malware exploits vulnerabilities and injects malicious code.
The Hacker News
WordPress sites under attack! A new malware campaign exploits Popup Builder plugin vulnerability (CVE-2023-6000) infecting over 3,900 sites
Cyber Security News
The code redirects users to phishing sites or injects further malware, and the campaign has already infected over 3300 websites.
SecurityWeek
A high-severity XSS vulnerability in the Ultimate Member plugin allows attackers to inject scripts into WordPress sites.
Cyber Security News
Stay updated with the most recent advancements in the cybersecurity industry with our weekly recap of cybersecurity news.
The Hacker News
Over 700 WordPress sites hit by brute-force attacks using malicious JavaScript injections, leveraging innocent visitors' browsers to compromise more s
The Cyber Express
WordPress, a widely used content management system that powers millions of websites around the world, has become a source of
The Record
Tibetans are being targeted with corrupted language translation software in a cyber espionage campaign that began last September, according to researchers at cybersecurity firm ESET.
SC Magazine
Attackers are creating hundreds of admin accounts, with a high potential for supply chain attacks.
DarkReading
Ivanti customers: soon, even if you've patched, you still might not be safe from relentless attacks from high-level Chinese threat actors.
Bleeping Computer
Microsoft has released the Windows 11 'Moment 5' update for versions 23H2 and 22H2, starting the rollout of new features, such as Windows Copilot skills and plugins, Voice Access, AI enhancements for ClipChamp and Photos, and Narrator improvements.
The Hacker News
Two suspected China-linked cyber espionage clusters, UNC5325 and UNC3886, exploit Ivanti VPN flaws, deploying new malware.
Cyber Security News
A critical vulnerability has been discovered in the LiteSpeed Cache plugin, a popular WordPress plugin installed on over 4 million websites.
SecurityWeek
Chinese threat actors target Ivanti VPN appliances with new malware designed to persist system upgrades.
Infosecurity News
The flaw, discovered by Patchstack, stems from a lack of input sanitization and output escaping in the plugin’s code
Cyber Security News
Steganography is employed by threat actors to hide malicious payloads in benign files such as pictures or documents.
Loading more articles....