%20(1).webp)
Cyber Security News
Earth Hundun Hacker Group Employs Advanced Tactics to Evade Detection
Earth Hundun, a notable Asia-Pacific malware organization, uses Waterbear and Deuterbear, first encountered Deuterbear.
Trend Micro
Tracking the Progression of Earth Hundun's Cyberespionage Campaign in 2024
This report describes how Waterbear and Deuterbear — two of the tools in Earth Hundun's arsenal — operate, based on a campaign from 2024.
.png)
Cyber Security News
Cyber Security News Weekly Round-Up (Vulnerabilities, Cyber Attacks, Threats & New Stories)
Staying informed is the key in this dynamic battle of cybersecurity, and due to this, the weekly news recap provides you with the newest trends, weaknesses, infringements found, and some possible defense mechanisms.
Infosecurity News
Fake Online Stores Scam Over 850,000 Shoppers
Researchers discover 75,000+ domains hosting fraudulent e-commerce sites, in a campaign dubbed BogusBazaar
HACKRead
LiteSpeed Cache Plugin XSS Vulnerability Affects 1.8M WordPress Sites
WordPress websites are under attack with a surge of malicious JavaScript being injected using vulnerable versions of the LiteSpeed Cache plugin.
Bleeping Computer
Massive webshop fraud ring steals credit cards from 850,000 people
A massive network of 75,000 fake online shops called 'BogusBazaar' tricked over 850,000 people in the US and Europe into making purchases, allowing the criminals to steal credit card information and attempt to process an estimated $50 million in fake orders.
Cyber Security News
Hackers Exploit Litespeed Plugin Flaw To Create Rogue Admin Accounts
WordPress plugins make WordPress more useful, but most of these have flaws that hackers may try to take advantage of to get unauthorized
The Hacker News
Hackers Exploiting LiteSpeed Cache Bug to Gain Full Control of WordPress Sites
A critical flaw in the hugely popular LiteSpeed Cache plugin for WordPress is being exploited in the wild to create rogue admin accounts, granting att
Bleeping Computer
Hackers exploit LiteSpeed Cache flaw to create WordPress admins
Hackers have been targeting WordPress sites with an outdated version of the LiteSpeed Cache plugin to create administrator users and gain control of the websites.
%20(1).webp)
Cyber Security News
Yoast SEO Plugin XSS Flaw Exposes 5 Million+ WordPress Websites to Attack
A critical XSS vulnerability has discovered in the popular Yoast SEO WordPress plugin, potentially putting over 5m websites at risk.
.png)
Cyber Security News
Cyber Security News Weekly Round-Up (Vulnerabilities, Cyber Attacks, Threats & New Stories)
The weekly news summary keeps you up to date with what’s happening in cybersecurity, including developments, vulnerabilities, breaches, threats, and defensive strategies. Knowing about new cyber risks and attack vectors helps you put up safeguards and preventive measures as soon as possible to protect your systems. Remaining constantly aware gives you a holistic view of […]
Bleeping Computer
Why Identity Access Management is critical for Medium-Sized Businesses
Identity Access Management (IAM) solutions are recognized as an essential component to a business's overall security strategy. Learn more from Tenfold Security on how a business can benefit from an IAM solution.
.webp)
Cyber Security News
Critical OpenVPN Zero-Day Flaws Affecting Millions of Endpoints Across the Globe
Security researchers have uncovered four zero-day vulnerabilities within OpenVPN, the world's leading VPN solution.
CyberNews
Software supply chain risks for AI and ML models
How AI and ML models can increase software supply chain risks and lead to cybersecurity incidents
Cyber Security News
Cyber Security News Weekly Round-Up (Vulnerabilities, Cyber Attacks, Threats & New Stories)
Welcome to this week's edition of the Cyber Security News Weekly Round-Up. This issue covers the latest vulnerabilities, cyber attacks, and emerging threats that have been making headlines. Stay informed and stay secure!
Ars Technica
Hackers try to exploit WordPress plugin vulnerability that’s as severe as it gets
WP Automatic plugin patched, but release notes don't mention the critical fix.
Security Affairs
Experts warn of malware campaign targeting WP-Automatic plugin
A critical vulnerability in the WordPress Automatic plugin is being exploited to inject backdoors and web shells into websites
SecurityWeek
Critical WordPress Automatic Plugin Vulnerability Exploited to Inject Backdoors
A vulnerability in the WordPress Automatic plugin is being exploited to inject backdoors and web shells into websites.
Cyber Security News
Hackers Actively Exploiting WP Automatic Updates Plugin Vulnerability
WordPress plugins are often targeted by hackers as they have security loopholes that can be exploited by them to hack into sites without
The Hacker News
Hackers Exploiting WP-Automatic Plugin Bug to Create Admin Accounts on WordPress Sites
A critical vulnerability (CVE-2024-27956) in the WP-Automatic plugin is being actively exploited. This flaw could allow attackers to take complete con
DarkReading
Cisco Zero-Days Anchor 'ArcaneDoor' Cyber Espionage Campaign
Attacks by a previously unknown state-sponsored actor leveraged two bugs in firewall devices to install custom backdoors on several government networks globally.
Bleeping Computer
WP Automatic WordPress plugin hit by millions of SQL injection attacks
Hackers have started to target a critical severity vulnerability in the WP Automatic plugin for WordPress to create user accounts with administrative privileges and to plant backdoors for long-term access.
Infosecurity News
State-Sponsored Espionage Campaign Exploits Cisco Vulnerabilities
An advisory from Cisco Talos has highlighted a sophisticated cyber-espionage campaign targeting government networks globally
%20(1).webp)
Cyber Security News
Forminator WordPress Plugin Flaw Exposes Over 50,000 Websites to Cyber Attacks
Cybersecurity revelation, over 50k websites using the popular WordPress plugin Forminator are at risk due to multiple vulnerabilities.
Bleeping Computer
Critical Forminator plugin flaw impacts over 300k WordPress sites
The Forminator WordPress plugin used in over 500,000 sites is vulnerable to a flaw that allows malicious actors to perform unrestricted file uploads to the server.
The Hacker News
OfflRouter Malware Evades Detection in Ukraine for Almost a Decade
Ukrainian government networks have been compromised by the OfflRouter malware since 2015. This malware is causing sensitive documents to be exposed.
Security Affairs
A renewed espionage campaign targets South Asia with iOS spyware LightSpy
Researchers warn of a renewed cyber espionage campaign targeting users in South Asia with the Apple iOS spyware LightSpy
The Hacker News
Chinese-Linked LightSpy iOS Spyware Targets South Asian iPhone Users
A sophisticated cyber-espionage campaign has re-emerged, targeting South Asia with an iOS spyware implant called LightSpy.
Security Affairs
Security Affairs newsletter Round 467 by Pierluigi Paganini – INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
The Cyber Express
Top 10 Most Common WordPress Vulnerabilities to Look Out For in 2024
WordPress maintains its dominance as a content management system (CMS), reportedly occupying 63.3% of the entire market share. At least
HACKRead
5 Best CAPTCHA Plugins for WordPress Websites
Here's a list of 5 effective CAPTCHA plugins for WordPress that can help enhance the security of your website by preventing spam and bot activities:
The Hacker News
Sneaky Credit Card Skimmer Disguised as Harmless Facebook Tracker
E-commerce website owners and admins – BEWARE! Reseachers uncover a credit card skimmer hidden within a bogus Meta Pixel tracker script.
DarkReading
Cagey Phishing Attack Drops Multiple RATs to Steal Data
Various anti-detection features, including use of ScrubCrypt antivirus-evasion tool, fuel an attack that aims to take over Microsoft Windows machines.
Security Affairs
ScrubCrypt used to drop VenomRAT along with many malicious plugins
Researchers discovered a sophisticated multi-stage attack that leverages ScrubCrypt to drop VenomRAT along with many malicious plugins.
The Hacker News
Attackers Using Obfuscation Tools to Deliver Multi-Stage Malware via Invoice Phishing
Cybersecurity experts uncover a sophisticated multi-stage attack! 🛡️ Malware including Venom RAT, Remcos RAT, and more deployed via invoice-themed ph
DarkReading
Solar Spider Targets Saudi Arabia Banks via New Malware
An ongoing cyberattack with ties to China uses new version of sophisticated JSOutProx Trojan, now targeting banks in the Middle East.
Cyber Security News
JsOutProx Malware Abusing GitLab To Attack Financial Institutions
GitLab is a prominent web-based Git repository manager that is exploited by hackers to gain unauthorized access to confidential source code,
Bleeping Computer
The new features coming in Windows 11 24H2, expected this fall
Windows 11 24H2 is set to arrive on existing devices this fall with several new features, mostly Copilot-related improvements.
Cyber Security News
Cyber Security News Weekly Round-Up (Vulnerabilities, Cyber Attacks, Threats & New Stories)
Welcome to the Cyber Security News Weekly Round-Up. Each week, we will explore the latest cyber threats, vulnerabilities, and notable stories that have shaped the cybersecurity landscape.
The Hacker News
New Wave of JSOutProx Malware Targeting Financial Firms in APAC and MENA
Financial organizations in APAC & MENA are under attack. A sophisticated threat dubbed JSOutProx combines JavaScript & .NET to infiltrate systems.
Bleeping Computer
Visa warns of new JSOutProx malware variant targeting financial orgs
Visa is warning about a spike in detections for a new version of the JsOutProx malware targeting financial institutions and their customers.
Bleeping Computer
Critical flaw in LayerSlider WordPress plugin impacts 1 million sites
A premium WordPress plugin named LayerSlider, used in over one million sites, is vulnerable to unauthenticated SQL injection, requiring admins to prioritize applying security updates for the plugin.
Security Affairs
The New Version of JsOutProx is Attacking Financial Institutions in APAC and MENA via Gitlab Abuse
Resecurity researchers warn that a new Version of JsOutProx is targeting financial institutions in APAC and MENA via Gitlab abuse.
SecurityWeek
Critical Vulnerability Found in LayerSlider Plugin Installed on a Million WordPress Sites
A critical SQL injection vulnerability in the LayerSlider WordPress plugin allows attackers to extract sensitive information.
The Hacker News
Critical Security Flaw Found in Popular LayerSlider WordPress Plugin
WordPress sites using LayerSlider versions 7.9.11 - 7.10.0 are vulnerable to attack. Hackers could steal sensitive data like passwords.
SC Magazine
WordPress LayerSlider plugin bug risks password hash extraction
The critical SQL injection flaw was reported through Wordfence for a record $5,500 bug bounty.
SecurityWeek
Security Flaw in WP-Members Plugin Leads to Script Injection
A cross-site scripting vulnerability in the WP-Members Membership plugin could allow attackers to inject scripts into user profile pages.
%20(1).webp)
Cyber Security News
WordPress Security : XSS Remains as the Most Vulnerability Exploited
Of all the security flaws discovered in the WordPress ecosystem, XSS vulnerabilities accounted for about 53.3% of the total.
.png)
Cyber Security News
Cyber Security News Weekly Round-Up (Vulnerabilities, Cyber Attacks, Threats & New Stories)
This weekly cybersecurity news recap keeps you informed about the latest threats, exposures, mitigation techniques, and emerging malicious tactics that could compromise systems.
SecurityWeek
In Other News: Airline Privacy Review, SEC's SolarWinds Hack Probe, Apple MFA Bombing
US government conducting airline privacy review, SEC’s overreaching SolarWinds hack probe, MFA bombing of Apple users.
The Cyber Express
Millions of WordPress Sites at Risk Due to Essential Addons for Elementor Vulnerability
A new Essential Addons For Elementor vulnerability has been revealed, affecting over 2 million websites utilizing the popular WordPress plugin.
CyberNews
Apple users face barrage of MFA bombing attacks
Apple users are being targeted by MFA bombing attacks, also known as push notification spam. Bad actors might be exploiting a bug in Apple’s password reset feature.
CyberNews
Thousands of ASUS routers targeted by cybercriminals
Old routers and IoT devices have been identified as key targets for six large malware campaigns. Cybersecurity experts are urging users to update their devices.
CyberNews
Facebook may have exploited user devices to spy on competitors, documents show
In 2016, Facebook launched a secret project to acquire, decrypt, transfer, and use private, encrypted in-app analytics from Snapchat, YouTube, and Amazon.
CyberSecurity Dive
Security concerns creep into generative AI adoption
As the AI ecosystem grows and more tools connect to internal data, threat actors have a wider field to introduce vulnerabilities.
Bleeping Computer
Windows 11 KB5035942 update enables Moment 5 features for everyone
Microsoft has released the March 2024 non-security KB5035942 preview update for Windows 11 23H2, which enables Moment 5 features by default and fixes 18 known issues.
Latest Hacking News
Sign1 Malware Targeted Over 2500 WordPress Sites In Recent Campaign
Heads up, WordPress admins! A new malware campaign is actively preying on WordPress websites, generating popup ads. Identified as Sign1, the malware has targeted over 2500 WordPress sites in the recent wave of attacks, exhibiting
The Cyber Express
Rank Math SEO Plugin Vulnerability Exposes 2 Million WordPress Sites
A Rank Math plugin vulnerability affects over 2 million WordPress websites. The flaw, identified as a Stored Cross-Site Scripting (XSS)
CyberNews
Shopify plugins leaked data from nearly 2K stores
A vast amount of sensitive data of unsuspecting shoppers was exposed to threat actors by the e-commerce giant’s plugin developer, with millions of orders being leaked.
The Hacker News
Crafting Shields: Defending Minecraft Servers Against DDoS Attacks
Minecraft faces a growing threat from DDoS attacks, impacting over 500 million registered users. Learn how these attacks disrupt gameplay and what you
.webp)
Cyber Security News
Rank Math SEO Plugin Flaw Exposes 2M+ Websites to Cyber Attack
A significant vulnerability has been identified in the Rank Math SEO plugin for WordPress, this flaw cataloged under CVE-2023-32600,
.webp)
Cyber Security News
Critical OpenVPN Flaw Let Attackers Escalate Privilege
OpenVPN has released their new version 2.6.10 in which there have been several bug fixes and improvements specifically to the Windows
Security Affairs
Security Affairs newsletter Round 464 by Pierluigi Paganini
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
Security Affairs
Sign1 malware campaign already infected 39,000 WordPress sites
A large-scale malware campaign, tracked as Sign1, has already compromised 39,000 WordPress sites in the last six months.
HACKRead
Thousands of WordPress Websites Hacked with New Sign1 Malware
Sign1 malware's tactics make it a significant threat as it uses time-based randomization to generate dynamic URLs, making it difficult to block.
The Hacker News
Massive Sign1 Campaign Infects 39,000+ WordPress Sites with Scam Redirects
Over 39,000 WordPress sites have fallen victim to the Sign1 malware campaign in just 6 months, redirecting unsuspecting users to scam sites through ma
Bleeping Computer
KDE advises extreme caution after theme wipes Linux user's files
On Wednesday, the KDE team warned Linux users to exercise "extreme caution" when installing global themes, even from the official KDE Store, because these themes run arbitrary code on devices to customize the desktop's appearance.
Bleeping Computer
Evasive Sign1 malware campaign infects 39,000 WordPress sites
A previously unknown malware campaign called Sign1 has infected over 39,000 websites over the past six months, causing visitors to see unwanted redirects and popup ads.
The Hacker News
How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl
With the explosion of SaaS applications in the modern workplace, IT and security teams often struggle to keep up with vendor risk assessments.
Security Affairs
Remove WordPress miniOrange plugins, a critical flaw can allow site takeover
A critical vulnerability in WordPress miniOrange's Malware Scanner and Web Application Firewall plugins can allow site takeover.
The Hacker News
WordPress Admins Urged to Remove miniOrange Plugins Due to Critical Flaw
Over 10,300 sites at risk due to a vulnerability in miniOrange plugins allowing unauthenticated password changes and admin access.
.webp)
Cyber Security News
Cyber Security News Weekly Round-Up : Cyber Attacks, Vulnerabilities, Threats & New Cyber Stories
With our weekly cybersecurity news summary, explore and learn about the most recent developments in the cybersecurity field.
SecurityWeek
Discontinued Security Plugins Expose Many WordPress Sites to Takeover
Thousands of WordPress sites are at risk of takeover due to a critical privilege escalation vulnerability in two closed MiniOrange plugins.
The Hacker News
Third-Party ChatGPT Plugins Could Lead to Account Takeovers
Cybersecurity experts have uncovered new vulnerabilities in #ChatGPT's third-party plugins, posing a significant risk to user data and account.
SecurityWeek
Microsoft Copilot for Security Official Launch Date Announced
Microsoft announces that its Copilot for Security generative AI security solution will become generally available on April 1.
Security Affairs
Researchers found multiple flaws in ChatGPT plugins
Researchers analyzed ChatGPT plugins and discovered several types of vulnerabilities that could lead to data exposure and account takeover.
SC Magazine
Akamai offers POC and Open Policy Agent to block Kubernetes bug
Vulnerability allows remote code execution with System privileges on all Windows endpoints within a Kubernetes cluster.
HACKRead
ChatGPT Plugins Exposed to Critical Vulnerabilities, Risked User Data
ChatGPT plugins are designed to enhance the chatbot's capabilities by enabling it to interact with external services across various domains.
CSO
Microsoft reveals general availability of Copilot for Security
Available worldwide on April 1, Microsoft Copilot for Security uses generative AI to provide incident summaries, step-by-step remediation guidance, and reverse-engineering of scripts.
SecurityWeek
ChatGPT Plugin Vulnerabilities Exposed Data, Accounts
Three types of vulnerabilities related to ChatGPT plugins could have led to data exposure and account takeovers.
Infosecurity News
New Research Exposes Security Risks in ChatGPT Plugins
Salt Security discovered GPT flaws affecting plugin installation, PluginLab and OAuth
Latest Hacking News
Popup Builder Plugin Flaw Exploited To Infect WordPress Sites
Heads up, WordPress admins! It’s time to update your WordPress websites with the latest Popup Builder plugin release. Researchers have discovered criminal hackers exploiting the Popup Builder plugin flaw to infect the target sites with
CyberNews
ChatGPT plugins prone to threat actors, says study
Plugins that allow the OpenAI chatbox to interact with other programs have vulnerabilities that could be exploited during a cyberattack.
SC Magazine
ChatGPT 0-click plugin exploit risked leak of private GitHub repos
Other flaws could leak ChatGPT conversations and third-party account details, researchers found.
HACKRead
FakeUpdates Malware Campaign Targets WordPress - Millions of Sites at Risk
According to CheckPoint, WordPress websites are under attack! FakeUpdates malware exploits vulnerabilities and injects malicious code.
The Hacker News
Malware Campaign Exploits Popup Builder WordPress Plugin to Infect 3,900+ Sites
WordPress sites under attack! A new malware campaign exploits Popup Builder plugin vulnerability (CVE-2023-6000) infecting over 3,900 sites
Cyber Security News
Hackers Compromised 3,300 Websites Using Plug-in Vulnerability
The code redirects users to phishing sites or injects further malware, and the campaign has already infected over 3300 websites.
SecurityWeek
Ultimate Member Plugin Flaw Exposes 100,000 WordPress Sites to Attacks
A high-severity XSS vulnerability in the Ultimate Member plugin allows attackers to inject scripts into WordPress sites.
Cyber Security News
Cyber Security News Weekly Round-Up : Vulnerabilities, Cyber Attacks, Threats & New Cyber Stories
Stay updated with the most recent advancements in the cybersecurity industry with our weekly recap of cybersecurity news.
The Hacker News
Hacked WordPress Sites Abusing Visitors' Browsers for Distributed Brute-Force Attacks
Over 700 WordPress sites hit by brute-force attacks using malicious JavaScript injections, leveraging innocent visitors' browsers to compromise more s
The Cyber Express
Alarm Over WordPress Zero-Day Vulnerability: Alleged Exploit Endangers 110,000 Websites
WordPress, a widely used content management system that powers millions of websites around the world, has become a source of
The Record
Tibetans targeted by China-linked supply chain attacks using malicious language translators
Tibetans are being targeted with corrupted language translation software in a cyber espionage campaign that began last September, according to researchers at cybersecurity firm ESET.
SC Magazine
JetBrains TeamCity critical flaw exploited; 1.4k servers compromised
Attackers are creating hundreds of admin accounts, with a high potential for supply chain attacks.
DarkReading
Chinese APT Developing Exploits to Defeat Patched Ivanti Users
Ivanti customers: soon, even if you've patched, you still might not be safe from relentless attacks from high-level Chinese threat actors.
Bleeping Computer
Windows 11 'Moment 5' update released, here are the new features
Microsoft has released the Windows 11 'Moment 5' update for versions 23H2 and 22H2, starting the rollout of new features, such as Windows Copilot skills and plugins, Voice Access, AI enhancements for ClipChamp and Photos, and Narrator improvements.
The Hacker News
Chinese Hackers Exploiting Ivanti VPN Flaws to Deploy New Malware
Two suspected China-linked cyber espionage clusters, UNC5325 and UNC3886, exploit Ivanti VPN flaws, deploying new malware.
Cyber Security News
LiteSpeed Cache Plugin XSS Flaw Exposes 4M+ Million Sites to Attack
A critical vulnerability has been discovered in the LiteSpeed Cache plugin, a popular WordPress plugin installed on over 4 million websites.
SecurityWeek
Chinese Cyberspies Use New Malware in Ivanti VPN Attacks
Chinese threat actors target Ivanti VPN appliances with new malware designed to persist system upgrades.
Infosecurity News
Four Million WordPress Sites Vulnerable to LiteSpeed Plugin Flaw
The flaw, discovered by Patchstack, stems from a lack of input sanitization and output escaping in the plugin’s code
Cyber Security News
Hackers Use Steganography Methods To Hide Malware In PNG File
Steganography is employed by threat actors to hide malicious payloads in benign files such as pictures or documents.
Loading more articles....