HACKRead
Android Malware Poses as WhatsApp, Instagram, Snapchat to Steal Data
A new Android malware poses as popular applications like WhatsApp, Instagram, and Snapchat to steal user data, including login credentials.
Security Affairs
Security Affairs newsletter Round 471 by Pierluigi Paganini – INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
.png)
Cyber Security News
Cyber Security News Weekly Round-Up (Vulnerabilities, Cyber Attacks, Threats & New Stories)
Staying informed is the key in this dynamic battle of cybersecurity, and due to this, the weekly news recap provides you with the newest trends, weaknesses, infringements found, and some possible defense mechanisms.
The Hacker News
Malicious Android Apps Pose as Google, Instagram, WhatsApp, Spread via Smishing
Fake Android apps mimicking popular platforms like Google & WhatsApp are stealing user data.
DarkReading
Vast Network of Fake Web Shops Defrauds 850,000 & Counting
China-based cybercriminal group "BogusBazaar" created tens of thousands of fraudulent online stores based on expired domains to steal payment credentials.
Infosecurity News
Fake Online Stores Scam Over 850,000 Shoppers
Researchers discover 75,000+ domains hosting fraudulent e-commerce sites, in a campaign dubbed BogusBazaar
HACKRead
LiteSpeed Cache Plugin XSS Vulnerability Affects 1.8M WordPress Sites
WordPress websites are under attack with a surge of malicious JavaScript being injected using vulnerable versions of the LiteSpeed Cache plugin.
Bleeping Computer
Massive webshop fraud ring steals credit cards from 850,000 people
A massive network of 75,000 fake online shops called 'BogusBazaar' tricked over 850,000 people in the US and Europe into making purchases, allowing the criminals to steal credit card information and attempt to process an estimated $50 million in fake orders.
Security Affairs
LiteSpeed Cache WordPress plugin actively exploited in the wild
Threat actors are exploiting a high-severity vulnerability in the LiteSpeed Cache plugin for WordPress to take over web sites
Cyber Security News
Hackers Exploit Litespeed Plugin Flaw To Create Rogue Admin Accounts
WordPress plugins make WordPress more useful, but most of these have flaws that hackers may try to take advantage of to get unauthorized
The Hacker News
Hackers Exploiting LiteSpeed Cache Bug to Gain Full Control of WordPress Sites
A critical flaw in the hugely popular LiteSpeed Cache plugin for WordPress is being exploited in the wild to create rogue admin accounts, granting att
Bleeping Computer
Hackers exploit LiteSpeed Cache flaw to create WordPress admins
Hackers have been targeting WordPress sites with an outdated version of the LiteSpeed Cache plugin to create administrator users and gain control of the websites.
%20(1).webp)
Cyber Security News
Yoast SEO Plugin XSS Flaw Exposes 5 Million+ WordPress Websites to Attack
A critical XSS vulnerability has discovered in the popular Yoast SEO WordPress plugin, potentially putting over 5m websites at risk.
.png)
Cyber Security News
Cyber Security News Weekly Round-Up (Vulnerabilities, Cyber Attacks, Threats & New Stories)
The weekly news summary keeps you up to date with what’s happening in cybersecurity, including developments, vulnerabilities, breaches, threats, and defensive strategies. Knowing about new cyber risks and attack vectors helps you put up safeguards and preventive measures as soon as possible to protect your systems. Remaining constantly aware gives you a holistic view of […]
SecurityWeek
1,400 GitLab Servers Impacted by Exploited Vulnerability
CISA says a critical GitLab password reset flaw is being exploited in attacks and roughly 1,400 servers have not been patched.
The Hacker News
Android Malware Wpeeper Uses Compromised WordPress Sites to Hide C2 Servers
Researchers have uncovered a new Android malware called Wpeeper that uses compromised WordPress sites to hide its true command-and-control servers.
SecurityWeek
Wpeeper Android Trojan Uses Compromised WordPress Sites to Shield Command-and-Control Server
Chinese cybersecurity firm QAX XLab uncovered an Android trojan that hides its command-and-control server behind compromised WordPress sites.
Bleeping Computer
New Wpeeper Android malware hides behind hacked WordPress sites
A new Android backdoor malware named 'Wpeeper' has been spotted in at least two unofficial app stores mimicking the Uptodown App Store, a popular third-party app store for Android devices with over 220 million downloads.
.webp)
Cyber Security News
Beware of New Android Trojan That Executes Malicious Commands on Your Phone
This sophisticated backdoor Trojan to infiltrate Android systems & execute a malicious commands, posing a threat to unsuspecting users.
Security Affairs
Security Affairs newsletter Round 469 by Pierluigi Paganini – INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
Cyber Security News
Cyber Security News Weekly Round-Up (Vulnerabilities, Cyber Attacks, Threats & New Stories)
Welcome to this week's edition of the Cyber Security News Weekly Round-Up. This issue covers the latest vulnerabilities, cyber attacks, and emerging threats that have been making headlines. Stay informed and stay secure!
The Cyber Express
Hackers Exploit WP-Automatic Plugin Vulnerability, Threatening WordPress Site Security
Hackers have honed in on a critical WP-Automatic plugin vulnerability, aiming to infiltrate WordPress websites by creating unauthorized admin accounts, according
Ars Technica
Hackers try to exploit WordPress plugin vulnerability that’s as severe as it gets
WP Automatic plugin patched, but release notes don't mention the critical fix.
SecurityWeek
Over 1,400 CrushFTP Instances Vulnerable to Exploited Zero-Day
More than 1,400 CrushFTP servers remain vulnerable to an actively exploited zero-day for which PoC has been published.
Security Affairs
Experts warn of malware campaign targeting WP-Automatic plugin
A critical vulnerability in the WordPress Automatic plugin is being exploited to inject backdoors and web shells into websites
SecurityWeek
Critical WordPress Automatic Plugin Vulnerability Exploited to Inject Backdoors
A vulnerability in the WordPress Automatic plugin is being exploited to inject backdoors and web shells into websites.
Cyber Security News
Hackers Actively Exploiting WP Automatic Updates Plugin Vulnerability
WordPress plugins are often targeted by hackers as they have security loopholes that can be exploited by them to hack into sites without
The Hacker News
Hackers Exploiting WP-Automatic Plugin Bug to Create Admin Accounts on WordPress Sites
A critical vulnerability (CVE-2024-27956) in the WP-Automatic plugin is being actively exploited. This flaw could allow attackers to take complete con
Bleeping Computer
WP Automatic WordPress plugin hit by millions of SQL injection attacks
Hackers have started to target a critical severity vulnerability in the WP Automatic plugin for WordPress to create user accounts with administrative privileges and to plant backdoors for long-term access.
.webp)
Cyber Security News
WordPress Plugin Flaw Exposes 10k+ Websites to Cyber Attacks
A critical vulnerability in the WP Datepicker WordPress plugin was identified, affecting more than 10,000 active installations.
Latest Hacking News
Multiple Vulnerabilities Found In Forminator WordPress Plugin
WordPress admins using the Forminator plugin on their websites must rush to update their sites with the latest plugin release. That’s because numerous vulnerabilities existed in the Forminator plugin that could allow triggering site crashes
%20(1).webp)
Cyber Security News
Forminator WordPress Plugin Flaw Exposes Over 50,000 Websites to Cyber Attacks
Cybersecurity revelation, over 50k websites using the popular WordPress plugin Forminator are at risk due to multiple vulnerabilities.
.webp)
Cyber Security News
WordPress Responsive theme Flaw Let Attackers Inject Malicious HTML Scripts
A vulnerability was identified in the WordPress theme, "Responsive," allowing attackers to inject arbitrary HTML content into websites.
Cyber Security News
GPT-4 Is Capable Of Exploiting 87% Of One-Day Vulnerabilities
Large language models (LLMs) have achieved superhuman performance on many benchmarks, leading to a surge of interest in LLM agents capable
Security Affairs
A flaw in the Forminator plugin impacts hundreds of thousands of WordPress sites
Japan's CERT warns of a vulnerability in the Forminator WordPress plugin that allows unrestricted file uploads to the server.
Bleeping Computer
Critical Forminator plugin flaw impacts over 300k WordPress sites
The Forminator WordPress plugin used in over 500,000 sites is vulnerable to a flaw that allows malicious actors to perform unrestricted file uploads to the server.
Security Affairs
Security Affairs newsletter Round 467 by Pierluigi Paganini – INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
The Cyber Express
Top 10 Most Common WordPress Vulnerabilities to Look Out For in 2024
WordPress maintains its dominance as a content management system (CMS), reportedly occupying 63.3% of the entire market share. At least
HACKRead
5 Best CAPTCHA Plugins for WordPress Websites
Here's a list of 5 effective CAPTCHA plugins for WordPress that can help enhance the security of your website by preventing spam and bot activities:
The Hacker News
Sneaky Credit Card Skimmer Disguised as Harmless Facebook Tracker
E-commerce website owners and admins – BEWARE! Reseachers uncover a credit card skimmer hidden within a bogus Meta Pixel tracker script.
The Hacker News
Microsoft Fixes 149 Flaws in Huge April Patch Release, Zero-Days Included
Microsoft releases a massive patch for April 2024, fixing a record 149 flaws. Two vulnerabilities are ALREADY under attack.
The Record
Romania-linked ‘Rubycarp’ hackers look for cryptomining, phishing DDoS opportunities
Rubycarp has been in operation for at least a decade, and its campaigns appear to overlap with other cybercrime groups, according to researchers at Sysdig.
Bleeping Computer
RUBYCARP hackers linked to 10-year-old cryptomining botnet
A Romanian botnet group named 'RUBYCARP' is leveraging known vulnerabilities and performing brute force attacks to breach corporate networks and compromise servers for financial gain.
The Hacker News
10-Year-Old 'RUBYCARP' Romanian Hacker Group Surfaces with Botnet
RUBYCARP threat group, suspected to be of Romanian origin, has been discovered operating a botnet for crypto mining, DDoS, and phishing attacks
CSO
Sysdig digs up a ransomware gang in stealth for over a decade
The group was discovered recently through Sysdig honeypots as it attempted to exploit a Laravel vulnerability.
Bleeping Computer
Hackers deploy crypto drainers on thousands of WordPress sites
Almost 2,000 hacked WordPress sites now display fake NFT and discount pop-ups to trick visitors into connecting their wallets to crypto drainers that automatically steal funds.
Security Affairs
Security Affairs newsletter Round 466 by Pierluigi Paganini
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
Cyber Security News
Cyber Security News Weekly Round-Up (Vulnerabilities, Cyber Attacks, Threats & New Stories)
Welcome to the Cyber Security News Weekly Round-Up. Each week, we will explore the latest cyber threats, vulnerabilities, and notable stories that have shaped the cybersecurity landscape.
Latest Hacking News
LayerSlider WordPress Plugin Vulnerability Affected Thousands Of Websites
WordPress admins using the LayerSlider plugin on their websites must update their sites with the latest plugin release as soon as possible. The plugin developers patched a critical security vulnerability in LayerSlider that could allow
DarkReading
Critical Security Flaw Exposes 1 Million WordPress Sites to SQL Injection
A researcher received a $5,500 bug bounty for discovering a vulnerability (CVE-2024-2879) in LayerSlider, a plug-in with more than a million active installations.
%20(1)%20(1).webp)
Cyber Security News
Wordpress Plugin SQL Injection Flaw Exposes 1,000,000 Sites to Cyber Attack
Over a million WordPress websites put at risk due to a critical SQL Injection vulnerability discovered in the popular LayerSlider plugin.
Bleeping Computer
Critical flaw in LayerSlider WordPress plugin impacts 1 million sites
A premium WordPress plugin named LayerSlider, used in over one million sites, is vulnerable to unauthenticated SQL injection, requiring admins to prioritize applying security updates for the plugin.
Cyber Security News
WP-Members Plugin Expose Wordpress Sites To Injection Attacks
A security researcher reported a critical vulnerability in the WP-Members Membership Plugin that allows attackers to inject malicious scripts
SecurityWeek
Critical Vulnerability Found in LayerSlider Plugin Installed on a Million WordPress Sites
A critical SQL injection vulnerability in the LayerSlider WordPress plugin allows attackers to extract sensitive information.
The Hacker News
Critical Security Flaw Found in Popular LayerSlider WordPress Plugin
WordPress sites using LayerSlider versions 7.9.11 - 7.10.0 are vulnerable to attack. Hackers could steal sensitive data like passwords.
SC Magazine
WordPress LayerSlider plugin bug risks password hash extraction
The critical SQL injection flaw was reported through Wordfence for a record $5,500 bug bounty.
Security Affairs
XSS flaw in WordPress WP-Members Plugin can lead to script injection
A cross-site scripting vulnerability (XXS) in the WordPress WP-Members Membership plugin can lead to malicious script injection.
SecurityWeek
Security Flaw in WP-Members Plugin Leads to Script Injection
A cross-site scripting vulnerability in the WP-Members Membership plugin could allow attackers to inject scripts into user profile pages.
%20(1).webp)
Cyber Security News
WordPress Security : XSS Remains as the Most Vulnerability Exploited
Of all the security flaws discovered in the WordPress ecosystem, XSS vulnerabilities accounted for about 53.3% of the total.
SecurityWeek
In Other News: Airline Privacy Review, SEC's SolarWinds Hack Probe, Apple MFA Bombing
US government conducting airline privacy review, SEC’s overreaching SolarWinds hack probe, MFA bombing of Apple users.
The Cyber Express
Millions of WordPress Sites at Risk Due to Essential Addons for Elementor Vulnerability
A new Essential Addons For Elementor vulnerability has been revealed, affecting over 2 million websites utilizing the popular WordPress plugin.
The Hacker News
Alert: New Phishing Attack Delivers Keylogger Disguised as Bank Payment Notice
New phishing campaign uncovered by Trustwave SpiderLabs uses novel malware to deploy Agent Tesla, a notorious information stealer and keylogger.
Latest Hacking News
Sign1 Malware Targeted Over 2500 WordPress Sites In Recent Campaign
Heads up, WordPress admins! A new malware campaign is actively preying on WordPress websites, generating popup ads. Identified as Sign1, the malware has targeted over 2500 WordPress sites in the recent wave of attacks, exhibiting
The Cyber Express
Rank Math SEO Plugin Vulnerability Exposes 2 Million WordPress Sites
A Rank Math plugin vulnerability affects over 2 million WordPress websites. The flaw, identified as a Stored Cross-Site Scripting (XSS)
.webp)
Cyber Security News
Rank Math SEO Plugin Flaw Exposes 2M+ Websites to Cyber Attack
A significant vulnerability has been identified in the Rank Math SEO plugin for WordPress, this flaw cataloged under CVE-2023-32600,
Security Affairs
Security Affairs newsletter Round 464 by Pierluigi Paganini
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
Security Affairs
Sign1 malware campaign already infected 39,000 WordPress sites
A large-scale malware campaign, tracked as Sign1, has already compromised 39,000 WordPress sites in the last six months.
HACKRead
Thousands of WordPress Websites Hacked with New Sign1 Malware
Sign1 malware's tactics make it a significant threat as it uses time-based randomization to generate dynamic URLs, making it difficult to block.
SecurityWeek
39,000 Websites Infected in 'Sign1' Malware Campaign
Over 39,000 websites have been infected in the past months with the Sign1 malware that redirects visitors to scam domains.
The Hacker News
Massive Sign1 Campaign Infects 39,000+ WordPress Sites with Scam Redirects
Over 39,000 WordPress sites have fallen victim to the Sign1 malware campaign in just 6 months, redirecting unsuspecting users to scam sites through ma
Bleeping Computer
Evasive Sign1 malware campaign infects 39,000 WordPress sites
A previously unknown malware campaign called Sign1 has infected over 39,000 websites over the past six months, causing visitors to see unwanted redirects and popup ads.
DarkReading
Hackers Posing as Law Firms Phish Global Orgs
Companies trust lawyers with the most sensitive information they've got. Attackers are aiming to exploit that bond to deliver malware.
HACKRead
Dark Web Tool Arms Ransomware Gangs: E-commerce & Aviation Industries Targeted
From dark web to ransomware gangs, new tools and tactics are aiding cyber criminals in targeting E-commerce and Aviation Industries.
Security Affairs
Remove WordPress miniOrange plugins, a critical flaw can allow site takeover
A critical vulnerability in WordPress miniOrange's Malware Scanner and Web Application Firewall plugins can allow site takeover.
The Hacker News
WordPress Admins Urged to Remove miniOrange Plugins Due to Critical Flaw
Over 10,300 sites at risk due to a vulnerability in miniOrange plugins allowing unauthenticated password changes and admin access.
Security Affairs
Security Affairs newsletter Round 463 by Pierluigi Paganini
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
SecurityWeek
Discontinued Security Plugins Expose Many WordPress Sites to Takeover
Thousands of WordPress sites are at risk of takeover due to a critical privilege escalation vulnerability in two closed MiniOrange plugins.
Latest Hacking News
Popup Builder Plugin Flaw Exploited To Infect WordPress Sites
Heads up, WordPress admins! It’s time to update your WordPress websites with the latest Popup Builder plugin release. Researchers have discovered criminal hackers exploiting the Popup Builder plugin flaw to infect the target sites with
HACKRead
FakeUpdates Malware Campaign Targets WordPress - Millions of Sites at Risk
According to CheckPoint, WordPress websites are under attack! FakeUpdates malware exploits vulnerabilities and injects malicious code.
Infosecurity News
New Cloud Attack Targets Crypto CDN Meson Ahead of Launch
Sysdig said the rise of the Meson Network in blockchain signals a new frontier for attackers
The Hacker News
Malware Campaign Exploits Popup Builder WordPress Plugin to Infect 3,900+ Sites
WordPress sites under attack! A new malware campaign exploits Popup Builder plugin vulnerability (CVE-2023-6000) infecting over 3,900 sites
Cyber Security News
Hackers Compromised 3,300 Websites Using Plug-in Vulnerability
The code redirects users to phishing sites or injects further malware, and the campaign has already infected over 3300 websites.
SecurityWeek
Ultimate Member Plugin Flaw Exposes 100,000 WordPress Sites to Attacks
A high-severity XSS vulnerability in the Ultimate Member plugin allows attackers to inject scripts into WordPress sites.
Latest Hacking News
WordPress Sites Exploited To Brute-Force Passwords Via Users’ Browsers
According to a recent post from Sucuri, their website scanner detected an active distributed brute-force attack exploiting WordPress sites to steal other sites' passwords. The attackers inject malicious scripts into the target websites, which execute
Security Affairs
Hackers exploited WordPress Popup Builder plugin flaw to compromise 3,300 sites
Threat actors are hacking WordPress sites by exploiting a flaw, tracked as CVE-2023-6000, in old versions of the Popup Builder plugin
Bleeping Computer
Hackers exploit WordPress plugin flaw to infect 3,300 sites with malware
Hackers are breaching WordPress sites by exploiting a vulnerability in outdated versions of the Popup Builder plugin, infecting over 3,300 websites with malicious code.
Cyber Security News
Cyber Security News Weekly Round-Up : Vulnerabilities, Cyber Attacks, Threats & New Cyber Stories
Stay updated with the most recent advancements in the cybersecurity industry with our weekly recap of cybersecurity news.
Ars Technica
Attack wrangles thousands of web users into a password-cracking botnet
Ongoing attack is targeting thousands of sites, continues to grow.
The Hacker News
Hacked WordPress Sites Abusing Visitors' Browsers for Distributed Brute-Force Attacks
Over 700 WordPress sites hit by brute-force attacks using malicious JavaScript injections, leveraging innocent visitors' browsers to compromise more s
The Cyber Express
Alarm Over WordPress Zero-Day Vulnerability: Alleged Exploit Endangers 110,000 Websites
WordPress, a widely used content management system that powers millions of websites around the world, has become a source of
The DFIR Report
Threat Brief: WordPress Exploit Leads to Godzilla Web Shell, Discovery & New CVE - The DFIR Report
Below is a recent Threat Brief that we shared with our customers. Each year, we produce over 50 detailed Threat Briefs, which follow a format similar to the below. Typically, … Read More
Security Affairs
Security Affairs newsletter Round 461 by Pierluigi Paganini
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
Bleeping Computer
News farm impersonates 60+ major outlets: BBC, CNN, CNBC, Guardian...
BleepingComputer has discovered a content farm operating some 60+ domains named after popular media outlets, including the BBC, CNBC, CNN, Forbes, Huffington Post, The Guardian, and Washington Post, among others. These sites build SEO for their online gambling ventures and sell "press release" slots at hefty prices.
Bleeping Computer
Content farm impersonates 60+ major news outlets, like BBC, CNN, CNBC
BleepingComputer has discovered a content farm operating some 60+ domains named after popular media outlets, including the BBC, CNBC, CNN, Forbes, Huffington Post, The Guardian, and Washington Post, among others. These sites build SEO for their online gambling ventures and sell "press release" slots at hefty prices.
Cyber Security News
LiteSpeed Cache Plugin XSS Flaw Exposes 4M+ Million Sites to Attack
A critical vulnerability has been discovered in the LiteSpeed Cache plugin, a popular WordPress plugin installed on over 4 million websites.
Infosecurity News
Four Million WordPress Sites Vulnerable to LiteSpeed Plugin Flaw
The flaw, discovered by Patchstack, stems from a lack of input sanitization and output escaping in the plugin’s code
Security Affairs
XSS flaw in LiteSpeed Cache plugin exposes millions of WordPress sites at risk
Researchers warn of an XSS vulnerability, tracked as CVE-2023-40000, in the LiteSpeed Cache plugin for WordPress
The Hacker News
WordPress LiteSpeed Plugin Vulnerability Puts 5 Million Sites at Risk
A critical flaw in LiteSpeed Cache for WordPress allows unauthenticated privilege escalation. Over 5M sites at risk
The Hacker News
WordPress Plugin Alert - Critical SQLi Vulnerability Threatens 200K+ Websites
A critical security flaw (CVE-2024-1071) in the WordPress plugin Ultimate Member has been disclosed, affecting over 200,000 active installations.
SecurityWeek
Critical Flaw in Popular 'Ultimate Member' WordPress Plugin
The vulnerability carries a CVSS severity score of 9.8/10 and affects web sites running the Ultimate Member WordPress membership plugin.
Loading more articles....