HACKRead
Android Malware Poses as WhatsApp, Instagram, Snapchat to Steal Data
A new Android malware poses as popular applications like WhatsApp, Instagram, and Snapchat to steal user data, including login credentials.
HACKRead
A new Android malware poses as popular applications like WhatsApp, Instagram, and Snapchat to steal user data, including login credentials.
Security Affairs
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
Cyber Security News
Staying informed is the key in this dynamic battle of cybersecurity, and due to this, the weekly news recap provides you with the newest trends, weaknesses, infringements found, and some possible defense mechanisms.
The Hacker News
Fake Android apps mimicking popular platforms like Google & WhatsApp are stealing user data.
DarkReading
China-based cybercriminal group "BogusBazaar" created tens of thousands of fraudulent online stores based on expired domains to steal payment credentials.
Infosecurity News
Researchers discover 75,000+ domains hosting fraudulent e-commerce sites, in a campaign dubbed BogusBazaar
HACKRead
WordPress websites are under attack with a surge of malicious JavaScript being injected using vulnerable versions of the LiteSpeed Cache plugin.
Bleeping Computer
A massive network of 75,000 fake online shops called 'BogusBazaar' tricked over 850,000 people in the US and Europe into making purchases, allowing the criminals to steal credit card information and attempt to process an estimated $50 million in fake orders.
Security Affairs
Threat actors are exploiting a high-severity vulnerability in the LiteSpeed Cache plugin for WordPress to take over web sites
Cyber Security News
WordPress plugins make WordPress more useful, but most of these have flaws that hackers may try to take advantage of to get unauthorized
The Hacker News
A critical flaw in the hugely popular LiteSpeed Cache plugin for WordPress is being exploited in the wild to create rogue admin accounts, granting att
Bleeping Computer
Hackers have been targeting WordPress sites with an outdated version of the LiteSpeed Cache plugin to create administrator users and gain control of the websites.
Cyber Security News
A critical XSS vulnerability has discovered in the popular Yoast SEO WordPress plugin, potentially putting over 5m websites at risk.
Cyber Security News
The weekly news summary keeps you up to date with what’s happening in cybersecurity, including developments, vulnerabilities, breaches, threats, and defensive strategies. Knowing about new cyber risks and attack vectors helps you put up safeguards and preventive measures as soon as possible to protect your systems. Remaining constantly aware gives you a holistic view of […]
SecurityWeek
CISA says a critical GitLab password reset flaw is being exploited in attacks and roughly 1,400 servers have not been patched.
The Hacker News
Researchers have uncovered a new Android malware called Wpeeper that uses compromised WordPress sites to hide its true command-and-control servers.
SecurityWeek
Chinese cybersecurity firm QAX XLab uncovered an Android trojan that hides its command-and-control server behind compromised WordPress sites.
Bleeping Computer
A new Android backdoor malware named 'Wpeeper' has been spotted in at least two unofficial app stores mimicking the Uptodown App Store, a popular third-party app store for Android devices with over 220 million downloads.
Cyber Security News
This sophisticated backdoor Trojan to infiltrate Android systems & execute a malicious commands, posing a threat to unsuspecting users.
Security Affairs
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
Cyber Security News
Welcome to this week's edition of the Cyber Security News Weekly Round-Up. This issue covers the latest vulnerabilities, cyber attacks, and emerging threats that have been making headlines. Stay informed and stay secure!
The Cyber Express
Hackers have honed in on a critical WP-Automatic plugin vulnerability, aiming to infiltrate WordPress websites by creating unauthorized admin accounts, according
Ars Technica
WP Automatic plugin patched, but release notes don't mention the critical fix.
SecurityWeek
More than 1,400 CrushFTP servers remain vulnerable to an actively exploited zero-day for which PoC has been published.
Security Affairs
A critical vulnerability in the WordPress Automatic plugin is being exploited to inject backdoors and web shells into websites
SecurityWeek
A vulnerability in the WordPress Automatic plugin is being exploited to inject backdoors and web shells into websites.
Cyber Security News
WordPress plugins are often targeted by hackers as they have security loopholes that can be exploited by them to hack into sites without
The Hacker News
A critical vulnerability (CVE-2024-27956) in the WP-Automatic plugin is being actively exploited. This flaw could allow attackers to take complete con
Bleeping Computer
Hackers have started to target a critical severity vulnerability in the WP Automatic plugin for WordPress to create user accounts with administrative privileges and to plant backdoors for long-term access.
Cyber Security News
A critical vulnerability in the WP Datepicker WordPress plugin was identified, affecting more than 10,000 active installations.
Latest Hacking News
WordPress admins using the Forminator plugin on their websites must rush to update their sites with the latest plugin release. That’s because numerous vulnerabilities existed in the Forminator plugin that could allow triggering site crashes
Cyber Security News
Cybersecurity revelation, over 50k websites using the popular WordPress plugin Forminator are at risk due to multiple vulnerabilities.
Cyber Security News
A vulnerability was identified in the WordPress theme, "Responsive," allowing attackers to inject arbitrary HTML content into websites.
Cyber Security News
Large language models (LLMs) have achieved superhuman performance on many benchmarks, leading to a surge of interest in LLM agents capable
Security Affairs
Japan's CERT warns of a vulnerability in the Forminator WordPress plugin that allows unrestricted file uploads to the server.
Bleeping Computer
The Forminator WordPress plugin used in over 500,000 sites is vulnerable to a flaw that allows malicious actors to perform unrestricted file uploads to the server.
Security Affairs
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
The Cyber Express
WordPress maintains its dominance as a content management system (CMS), reportedly occupying 63.3% of the entire market share. At least
HACKRead
Here's a list of 5 effective CAPTCHA plugins for WordPress that can help enhance the security of your website by preventing spam and bot activities:
The Hacker News
E-commerce website owners and admins – BEWARE! Reseachers uncover a credit card skimmer hidden within a bogus Meta Pixel tracker script.
The Hacker News
Microsoft releases a massive patch for April 2024, fixing a record 149 flaws. Two vulnerabilities are ALREADY under attack.
The Record
Rubycarp has been in operation for at least a decade, and its campaigns appear to overlap with other cybercrime groups, according to researchers at Sysdig.
Bleeping Computer
A Romanian botnet group named 'RUBYCARP' is leveraging known vulnerabilities and performing brute force attacks to breach corporate networks and compromise servers for financial gain.
The Hacker News
RUBYCARP threat group, suspected to be of Romanian origin, has been discovered operating a botnet for crypto mining, DDoS, and phishing attacks
CSO
The group was discovered recently through Sysdig honeypots as it attempted to exploit a Laravel vulnerability.
Bleeping Computer
Almost 2,000 hacked WordPress sites now display fake NFT and discount pop-ups to trick visitors into connecting their wallets to crypto drainers that automatically steal funds.
Security Affairs
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
Cyber Security News
Welcome to the Cyber Security News Weekly Round-Up. Each week, we will explore the latest cyber threats, vulnerabilities, and notable stories that have shaped the cybersecurity landscape.
Latest Hacking News
WordPress admins using the LayerSlider plugin on their websites must update their sites with the latest plugin release as soon as possible. The plugin developers patched a critical security vulnerability in LayerSlider that could allow
DarkReading
A researcher received a $5,500 bug bounty for discovering a vulnerability (CVE-2024-2879) in LayerSlider, a plug-in with more than a million active installations.
Cyber Security News
Over a million WordPress websites put at risk due to a critical SQL Injection vulnerability discovered in the popular LayerSlider plugin.
Bleeping Computer
A premium WordPress plugin named LayerSlider, used in over one million sites, is vulnerable to unauthenticated SQL injection, requiring admins to prioritize applying security updates for the plugin.
Cyber Security News
A security researcher reported a critical vulnerability in the WP-Members Membership Plugin that allows attackers to inject malicious scripts
SecurityWeek
A critical SQL injection vulnerability in the LayerSlider WordPress plugin allows attackers to extract sensitive information.
The Hacker News
WordPress sites using LayerSlider versions 7.9.11 - 7.10.0 are vulnerable to attack. Hackers could steal sensitive data like passwords.
SC Magazine
The critical SQL injection flaw was reported through Wordfence for a record $5,500 bug bounty.
Security Affairs
A cross-site scripting vulnerability (XXS) in the WordPress WP-Members Membership plugin can lead to malicious script injection.
SecurityWeek
A cross-site scripting vulnerability in the WP-Members Membership plugin could allow attackers to inject scripts into user profile pages.
Cyber Security News
Of all the security flaws discovered in the WordPress ecosystem, XSS vulnerabilities accounted for about 53.3% of the total.
SecurityWeek
US government conducting airline privacy review, SEC’s overreaching SolarWinds hack probe, MFA bombing of Apple users.
The Cyber Express
A new Essential Addons For Elementor vulnerability has been revealed, affecting over 2 million websites utilizing the popular WordPress plugin.
The Hacker News
New phishing campaign uncovered by Trustwave SpiderLabs uses novel malware to deploy Agent Tesla, a notorious information stealer and keylogger.
Latest Hacking News
Heads up, WordPress admins! A new malware campaign is actively preying on WordPress websites, generating popup ads. Identified as Sign1, the malware has targeted over 2500 WordPress sites in the recent wave of attacks, exhibiting
The Cyber Express
A Rank Math plugin vulnerability affects over 2 million WordPress websites. The flaw, identified as a Stored Cross-Site Scripting (XSS)
Cyber Security News
A significant vulnerability has been identified in the Rank Math SEO plugin for WordPress, this flaw cataloged under CVE-2023-32600,
Security Affairs
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
Security Affairs
A large-scale malware campaign, tracked as Sign1, has already compromised 39,000 WordPress sites in the last six months.
HACKRead
Sign1 malware's tactics make it a significant threat as it uses time-based randomization to generate dynamic URLs, making it difficult to block.
SecurityWeek
Over 39,000 websites have been infected in the past months with the Sign1 malware that redirects visitors to scam domains.
The Hacker News
Over 39,000 WordPress sites have fallen victim to the Sign1 malware campaign in just 6 months, redirecting unsuspecting users to scam sites through ma
Bleeping Computer
A previously unknown malware campaign called Sign1 has infected over 39,000 websites over the past six months, causing visitors to see unwanted redirects and popup ads.
DarkReading
Companies trust lawyers with the most sensitive information they've got. Attackers are aiming to exploit that bond to deliver malware.
HACKRead
From dark web to ransomware gangs, new tools and tactics are aiding cyber criminals in targeting E-commerce and Aviation Industries.
Security Affairs
A critical vulnerability in WordPress miniOrange's Malware Scanner and Web Application Firewall plugins can allow site takeover.
The Hacker News
Over 10,300 sites at risk due to a vulnerability in miniOrange plugins allowing unauthenticated password changes and admin access.
Security Affairs
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
SecurityWeek
Thousands of WordPress sites are at risk of takeover due to a critical privilege escalation vulnerability in two closed MiniOrange plugins.
Latest Hacking News
Heads up, WordPress admins! It’s time to update your WordPress websites with the latest Popup Builder plugin release. Researchers have discovered criminal hackers exploiting the Popup Builder plugin flaw to infect the target sites with
HACKRead
According to CheckPoint, WordPress websites are under attack! FakeUpdates malware exploits vulnerabilities and injects malicious code.
Infosecurity News
Sysdig said the rise of the Meson Network in blockchain signals a new frontier for attackers
The Hacker News
WordPress sites under attack! A new malware campaign exploits Popup Builder plugin vulnerability (CVE-2023-6000) infecting over 3,900 sites
Cyber Security News
The code redirects users to phishing sites or injects further malware, and the campaign has already infected over 3300 websites.
SecurityWeek
A high-severity XSS vulnerability in the Ultimate Member plugin allows attackers to inject scripts into WordPress sites.
Latest Hacking News
According to a recent post from Sucuri, their website scanner detected an active distributed brute-force attack exploiting WordPress sites to steal other sites' passwords. The attackers inject malicious scripts into the target websites, which execute
Security Affairs
Threat actors are hacking WordPress sites by exploiting a flaw, tracked as CVE-2023-6000, in old versions of the Popup Builder plugin
Bleeping Computer
Hackers are breaching WordPress sites by exploiting a vulnerability in outdated versions of the Popup Builder plugin, infecting over 3,300 websites with malicious code.
Cyber Security News
Stay updated with the most recent advancements in the cybersecurity industry with our weekly recap of cybersecurity news.
Ars Technica
Ongoing attack is targeting thousands of sites, continues to grow.
The Hacker News
Over 700 WordPress sites hit by brute-force attacks using malicious JavaScript injections, leveraging innocent visitors' browsers to compromise more s
The Cyber Express
WordPress, a widely used content management system that powers millions of websites around the world, has become a source of
The DFIR Report
Below is a recent Threat Brief that we shared with our customers. Each year, we produce over 50 detailed Threat Briefs, which follow a format similar to the below. Typically, … Read More
Security Affairs
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
Bleeping Computer
BleepingComputer has discovered a content farm operating some 60+ domains named after popular media outlets, including the BBC, CNBC, CNN, Forbes, Huffington Post, The Guardian, and Washington Post, among others. These sites build SEO for their online gambling ventures and sell "press release" slots at hefty prices.
Bleeping Computer
BleepingComputer has discovered a content farm operating some 60+ domains named after popular media outlets, including the BBC, CNBC, CNN, Forbes, Huffington Post, The Guardian, and Washington Post, among others. These sites build SEO for their online gambling ventures and sell "press release" slots at hefty prices.
Cyber Security News
A critical vulnerability has been discovered in the LiteSpeed Cache plugin, a popular WordPress plugin installed on over 4 million websites.
Infosecurity News
The flaw, discovered by Patchstack, stems from a lack of input sanitization and output escaping in the plugin’s code
Security Affairs
Researchers warn of an XSS vulnerability, tracked as CVE-2023-40000, in the LiteSpeed Cache plugin for WordPress
The Hacker News
A critical flaw in LiteSpeed Cache for WordPress allows unauthenticated privilege escalation. Over 5M sites at risk
The Hacker News
A critical security flaw (CVE-2024-1071) in the WordPress plugin Ultimate Member has been disclosed, affecting over 200,000 active installations.
SecurityWeek
The vulnerability carries a CVSS severity score of 9.8/10 and affects web sites running the Ultimate Member WordPress membership plugin.
Loading more articles....