SecurityWeek
SAP Patches Critical Vulnerabilities in CX Commerce, NetWeaver
SAP has released 14 new and three updated security notes on its May 2024 Security Patch Day, including for critical vulnerabilities.
Bleeping Computer
INC ransomware source code selling on hacking forums for $300,000
A cybercriminal using the name "salfetka" claims to be selling the source code of INC Ransom, a ransomware-as-a-service (RaaS) operation launched in August 2023.
Krebs on Security
How Did Authorities Identify the Alleged Lockbit Boss?
Last week, the United States joined the U.K. and Australia in sanctioning and charging a Russian man named Dmitry Yuryevich Khoroshev as the leader of the infamous LockBit ransomware group. LockBit's leader "LockBitSupp" claims the feds named the wrong guy,…
.png)
Cyber Security News
Cyber Security News Weekly Round-Up (Vulnerabilities, Cyber Attacks, Threats & New Stories)
Staying informed is the key in this dynamic battle of cybersecurity, and due to this, the weekly news recap provides you with the newest trends, weaknesses, infringements found, and some possible defense mechanisms.
HACKRead
LiteSpeed Cache Plugin XSS Vulnerability Affects 1.8M WordPress Sites
WordPress websites are under attack with a surge of malicious JavaScript being injected using vulnerable versions of the LiteSpeed Cache plugin.
Security Affairs
LiteSpeed Cache WordPress plugin actively exploited in the wild
Threat actors are exploiting a high-severity vulnerability in the LiteSpeed Cache plugin for WordPress to take over web sites
The Hacker News
The Fundamentals of Cloud Security Stress Testing
The cloud promises agility, but opens a Pandora's box of cyber risks if not secured properly. Understand your responsibility under the shared responsi
The Hacker News
Hackers Exploiting LiteSpeed Cache Bug to Gain Full Control of WordPress Sites
A critical flaw in the hugely popular LiteSpeed Cache plugin for WordPress is being exploited in the wild to create rogue admin accounts, granting att
%20(1).webp)
Cyber Security News
Yoast SEO Plugin XSS Flaw Exposes 5 Million+ WordPress Websites to Attack
A critical XSS vulnerability has discovered in the popular Yoast SEO WordPress plugin, potentially putting over 5m websites at risk.
%20(1).webp)
Cyber Security News
PostgreSQL Security Flaws Let Attackers Execute Code
Two vulnerabilities have been identified in pgAdmin of PostgreSQL which were associated with Cross-Site Scripting and Multi-Factor
%20(1).webp)
Cyber Security News
Critical MailCleaner Vulnerabilities Let Attackers Execute arbitrary command
Critical vulnerabilities in MailCleaner versions before 2023.03.14 allow attackers to take control of appliances through malicious emails
Cyber Security News
Telegram Web App Vulnerability Let Attackers Hijack Sessions
A new vulnerability has been discovered in Telegram which allows a threat actor to hijack a Telegram user session via XSS
Cyber Security News
Cyber Security News Weekly Round-Up (Vulnerabilities, Cyber Attacks, Threats & New Stories)
Welcome to this week's edition of the Cyber Security News Weekly Round-Up. This issue covers the latest vulnerabilities, cyber attacks, and emerging threats that have been making headlines. Stay informed and stay secure!
HACKRead
Ensuring the Security and Efficiency of Web Applications and Systems
It is essential to be knowledgeable about security fundamentals and stay up-to-date with emerging technologies and methodologies.
Cyber Security News
IBM QRadar XSS Flaw Let Attackers Arbitrary JavaScript Code
A significant vulnerability was detected in IBM QRadar Suite Software and Cloud Pak for Security that allows attackers to execute arbitrary
Latest Hacking News
Multiple Vulnerabilities Found In Forminator WordPress Plugin
WordPress admins using the Forminator plugin on their websites must rush to update their sites with the latest plugin release. That’s because numerous vulnerabilities existed in the Forminator plugin that could allow triggering site crashes
CyberNews
GPT-4 can autonomously exploit vulnerabilities
Large language models (LLMs) such as GPT-4 can exploit one-day vulnerabilities, researchers find.
%20(1).webp)
Cyber Security News
Forminator WordPress Plugin Flaw Exposes Over 50,000 Websites to Cyber Attacks
Cybersecurity revelation, over 50k websites using the popular WordPress plugin Forminator are at risk due to multiple vulnerabilities.
Cyber Security News
48 Vulnerabilities Uncovered In AI systems : Surge By 220%
A 220% increase in vulnerabilities impacting AI systems has been discovered since the initial disclosures of 15 vulnerabilities in November
Cyber Security News
GPT-4 Is Capable Of Exploiting 87% Of One-Day Vulnerabilities
Large language models (LLMs) have achieved superhuman performance on many benchmarks, leading to a surge of interest in LLM agents capable
Bleeping Computer
Critical Forminator plugin flaw impacts over 300k WordPress sites
The Forminator WordPress plugin used in over 500,000 sites is vulnerable to a flaw that allows malicious actors to perform unrestricted file uploads to the server.
Cyber Security News
Multiple Juniper Networks Flaw Let Attackers Delete Files
The Juniper networks owned Junos OS has been discovered with multiple vulnerabilities that are associated with Denial of Service (DoS),
Cyber Security News
Cyber Security News Weekly Round-Up (Vulnerabilities, Cyber Attacks, Threats & New Stories)
The weekly cybersecurity news wrap-up provides readers with the latest information on emerging risks, vulnerabilities, ways to reduce them, and harmful schemes to help make defensive measures proactive.
The Cyber Express
Top 10 Most Common WordPress Vulnerabilities to Look Out For in 2024
WordPress maintains its dominance as a content management system (CMS), reportedly occupying 63.3% of the entire market share. At least
Bleeping Computer
Telegram fixes Windows app zero-day used to launch Python scripts
Telegram fixed a zero-day vulnerability in its Windows desktop application that could be used to bypass security warnings and automatically launch Python scripts.
Bleeping Computer
Telegram fixes Windows app zero-day caused by file extension typo
Telegram fixed a zero-day vulnerability in its Windows desktop application that could be used to bypass security warnings and automatically launch Python scripts.
The Cyber Express
Microsoft Patch Tuesday 2024 Update Fixes 147 New Vulnerabilities
Microsoft has released the latest Patch Tuesday update, addressing a large number of vulnerabilities across various products and services. The
Security Affairs
Security Affairs newsletter Round 466 by Pierluigi Paganini
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
Security Affairs
Cisco warns of XSS flaw in end-of-life small business routers
Cisco warns customers of Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers Cross-Site scripting flaw
SecurityWeek
Cisco Warns of Vulnerability in Discontinued Small Business Routers
Cisco says it will not release patches for a cross-site scripting vulnerability impacting end-of-life small business routers.
DarkReading
LockBit Ransomware Takedown Strikes Deep Into Brand's Viability
Nearly three months after Operation Cronos, it's clear the gang is not bouncing back from the innovative law-enforcement action. RaaS operators are on notice, and businesses should pay attention.
Cyber Security News
WP-Members Plugin Expose Wordpress Sites To Injection Attacks
A security researcher reported a critical vulnerability in the WP-Members Membership Plugin that allows attackers to inject malicious scripts
The Hacker News
Critical Security Flaw Found in Popular LayerSlider WordPress Plugin
WordPress sites using LayerSlider versions 7.9.11 - 7.10.0 are vulnerable to attack. Hackers could steal sensitive data like passwords.
Trend Micro
Unveiling the Fallout: Operation Cronos' Impact on LockBit Following Landmark Disruption
Our new article provides key highlights and takeaways from Operation Cronos' disruption of LockBit's operations, as well as telemetry details on how LockBit actors operated post-disruption.
Security Affairs
XSS flaw in WordPress WP-Members Plugin can lead to script injection
A cross-site scripting vulnerability (XXS) in the WordPress WP-Members Membership plugin can lead to malicious script injection.
SecurityWeek
Security Flaw in WP-Members Plugin Leads to Script Injection
A cross-site scripting vulnerability in the WP-Members Membership plugin could allow attackers to inject scripts into user profile pages.
%20(1).webp)
Cyber Security News
WordPress Security : XSS Remains as the Most Vulnerability Exploited
Of all the security flaws discovered in the WordPress ecosystem, XSS vulnerabilities accounted for about 53.3% of the total.
SecurityWeek
In Other News: Airline Privacy Review, SEC's SolarWinds Hack Probe, Apple MFA Bombing
US government conducting airline privacy review, SEC’s overreaching SolarWinds hack probe, MFA bombing of Apple users.
.webp)
Cyber Security News
GitLab Security Flaw Let Attackers Inject Malicious Scripts: Patch Now
GitLab has announced the release of updated versions for both its Community Edition (CE) and Enterprise Edition (EE), addressing critical vulnerabilities that could potentially allow attackers to inject malicious scripts and cause denial of service (DoS) attacks.
SecurityWeek
26 Security Issues Patched in TeamCity
JetBrains patches 26 security issues in TeamCity and takes steps to avoid malicious exploitation of vulnerabilities.
Cyber Security News
NVIDIA ChatRTX For Windows App Vulnerability Let Attackers Escalate Privilege
A security update released by ChatRTX on March 26th, 2024, addresses two vulnerabilities (CVE-2024-0082 and CVE-2024-0083) that could allow
The Cyber Express
Millions of WordPress Sites at Risk Due to Essential Addons for Elementor Vulnerability
A new Essential Addons For Elementor vulnerability has been revealed, affecting over 2 million websites utilizing the popular WordPress plugin.
Bleeping Computer
Ransomware as a Service and the Strange Economics of the Dark Web
Ransomware is quickly changing in 2024, with massive disruptions and large gangs shutting down. Learn from Flare how affiliate competition is changing in 2024, and what might come next.
The Cyber Express
Rank Math SEO Plugin Vulnerability Exposes 2 Million WordPress Sites
A Rank Math plugin vulnerability affects over 2 million WordPress websites. The flaw, identified as a Stored Cross-Site Scripting (XSS)
.webp)
Cyber Security News
Rank Math SEO Plugin Flaw Exposes 2M+ Websites to Cyber Attack
A significant vulnerability has been identified in the Rank Math SEO plugin for WordPress, this flaw cataloged under CVE-2023-32600,
Cyber Security News
XSS Vulnerability in Google Subdomain Let Hackers Hijacks the User Sessions
Security researcher Henry N. Caga has identified a significant cross-site scripting (XSS) vulnerability within a Google sub-domain.
The Hacker News
AWS Patches Critical 'FlowFixation' Bug in Airflow Service to Prevent Session Hijacking
A now-patched vulnerability in AWS Managed Workflows for Apache Airflow (MWAA) could have allowed attackers to hijack sessions & execute code remotely
SecurityWeek
Vulnerability Allowed One-Click Takeover of AWS Service Accounts
AWS patches vulnerability that could have been used to hijack Managed Workflows Apache Airflow (MWAA) sessions via FlowFixation attack.
HACKRead
Why Browser Security Matters More Than You Think
In today's interconnected world, where our lives revolve around the internet, it's imperative to understand the importance of browser security.
SC Magazine
AWS fixes 1-click account takeover flaw exposing cloud services to XSS risk
Several AWS, Azure and Google Cloud domains were found to lack a key guardrail against XSS.
SC Magazine
AWS fixes 1-click Apache Airflow session hijack flaw
Several AWS, Azure and Google Cloud domains were found to lack a key guardrail against XSS.
HACKRead
Ukraine Arrests Hackers for Selling 100 Million Email, Instagram Accounts
Ukraine's cyber police has arrested three hackers accused of hacking and selling 100 million email and Instagram accounts on the dark web.
Cyber Security News
Hackers Advertising GlorySprout Stealer On Popular Hacking Forums
Hackers use stealers to gather sensitive information for example login credentials, financial data or personal details from victims’ devices.
HACKRead
Dark Web Tool Arms Ransomware Gangs: E-commerce & Aviation Industries Targeted
From dark web to ransomware gangs, new tools and tactics are aiding cyber criminals in targeting E-commerce and Aviation Industries.
Security Affairs
Security Affairs newsletter Round 463 by Pierluigi Paganini
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
The Hacker News
Third-Party ChatGPT Plugins Could Lead to Account Takeovers
Cybersecurity experts have uncovered new vulnerabilities in #ChatGPT's third-party plugins, posing a significant risk to user data and account.
.webp)
Cyber Security News
Hackers Use TMChecker Remote Access Tool to Attack Popular VPN & Mail Servers
A new tool has surfaced on the Dark Web, signaling a shift in the methods used by cybercriminals to gain unauthorized remote access.
Latest Hacking News
Popup Builder Plugin Flaw Exploited To Infect WordPress Sites
Heads up, WordPress admins! It’s time to update your WordPress websites with the latest Popup Builder plugin release. Researchers have discovered criminal hackers exploiting the Popup Builder plugin flaw to infect the target sites with
.webp)
Cyber Security News
Multiple Adobe Enterprise products Vulnerable To Code Execution
Multiple Adobe Enterprise products such as Adobe Experience, Premier Pro, ColdFusion, Bridge, Lightroom and Animate have been discovered with
Cyber Security News
ChatGPT-Next-Web SSRF Flaw Let Attackers Gain Unauthorized Access
Apart from ChatGPT and Gemini AI which are the most popular Artificial Intelligence systems available to the public, there are several other
The Hacker News
Malware Campaign Exploits Popup Builder WordPress Plugin to Infect 3,900+ Sites
WordPress sites under attack! A new malware campaign exploits Popup Builder plugin vulnerability (CVE-2023-6000) infecting over 3,900 sites
%20(1).webp)
Cyber Security News
Researchers Hacked Google A.I: Earned $50,000 Bounty
At Google's LLM bugSWAT event in Las Vegas, researchers uncovered and reported bugs in the company's Bard AI and received a $50k reward.
Cyber Security News
Hackers Compromised 3,300 Websites Using Plug-in Vulnerability
The code redirects users to phishing sites or injects further malware, and the campaign has already infected over 3300 websites.
SecurityWeek
Ultimate Member Plugin Flaw Exposes 100,000 WordPress Sites to Attacks
A high-severity XSS vulnerability in the Ultimate Member plugin allows attackers to inject scripts into WordPress sites.
Security Affairs
Hackers exploited WordPress Popup Builder plugin flaw to compromise 3,300 sites
Threat actors are hacking WordPress sites by exploiting a flaw, tracked as CVE-2023-6000, in old versions of the Popup Builder plugin
Bleeping Computer
Hackers exploit WordPress plugin flaw to infect 3,300 sites with malware
Hackers are breaching WordPress sites by exploiting a vulnerability in outdated versions of the Popup Builder plugin, infecting over 3,300 websites with malicious code.
DarkReading
GhostLocker 2.0 Haunts Businesses Across Middle East, Africa & Asia
Ransomware cybercrime gangs GhostSec and Stormous have teamed up in widespread double-extortion attacks.
Security Affairs
Security Affairs newsletter Round 461 by Pierluigi Paganini
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
Cyber Security News
Weekly Cyber Security News Letter & Threats Roundup - Top 25 Cyber Incidents
Welcome to the Cyber Security News Recap, a weekly newsletter. We strive to provide you with the most current information regarding advancements in cybersecurity.
Cyber Security News
LiteSpeed Cache Plugin XSS Flaw Exposes 4M+ Million Sites to Attack
A critical vulnerability has been discovered in the LiteSpeed Cache plugin, a popular WordPress plugin installed on over 4 million websites.
The Hacker News
TimbreStealer Malware Spreading via Tax-themed Phishing Scam Targets IT Users
Discover how sophisticated hackers are targeting Mexico with TimbreStealer, a new malware on the block.
Infosecurity News
Four Million WordPress Sites Vulnerable to LiteSpeed Plugin Flaw
The flaw, discovered by Patchstack, stems from a lack of input sanitization and output escaping in the plugin’s code
Security Affairs
XSS flaw in LiteSpeed Cache plugin exposes millions of WordPress sites at risk
Researchers warn of an XSS vulnerability, tracked as CVE-2023-40000, in the LiteSpeed Cache plugin for WordPress
The Hacker News
WordPress LiteSpeed Plugin Vulnerability Puts 5 Million Sites at Risk
A critical flaw in LiteSpeed Cache for WordPress allows unauthenticated privilege escalation. Over 5M sites at risk
The Hacker News
Three Tips to Protect Your Secrets from AI Accidents
Over 10 million secrets were exposed in public GitHub commits last year alone. Are your secrets safe? Learn how to protect your data in the age of AI.
Security Affairs
Security Affairs newsletter Round 460 by Pierluigi Paganini
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
The Hacker News
Authorities Claim LockBit Admin "LockBitSupp" Has Engaged with Law Enforcement
In a dramatic turn of events, LockBitSupp, a key figure in the notorious LockBit ransomware operation, is reportedly cooperating with law enforcement.
Krebs on Security
FBI’s LockBit Takedown Postponed a Ticking Time Bomb in Fulton County, Ga.
The FBI's takedown of the LockBit ransomware group last week came as LockBit was preparing to release sensitive data stolen from government computer systems in Fulton County, Ga. But LockBit is now regrouping, and the gang says it will publish…
Latest Hacking News
Recent Joomla Update Brings Multiple Security Fixes
Joomla users must ensure that they receive the latest update as the platform fixes numerous security vulnerabilities. One of these includes a severe code execution vulnerability. Joomla Fixes Numerous Security Vulnerabilities According to a recent advisory, Joomla
SecurityWeek
In Other News: Spyware Vendor Shutdown, Freenom-Meta Settlement, 232 Threat Groups
Spyware vendor Varonis is shutting down, Crowdstrike tracks 232 threat actors, Meta and Freenom reach settlement.
Security Affairs
Multiple XSS flaws in Joomla can lead to remote code execution
Joomla maintainers have addressed multiple flaws in the popular content management system (CMS) that can lead to execute arbitrary code
Trend Micro
LockBit Attempts to Stay Afloat with a New Version
This research is the result of our collaboration with the National Crime Agency in the United Kingdom, who took action against LockBit as part of Operation Cronos, an international effort resulting in the undermining of its operations.
Bleeping Computer
Joomla fixes XSS flaws that could expose sites to RCE attacks
Five vulnerabilities have been discovered in the Joomla content management system that could be leveraged to execute arbitrary code on vulnerable websites.
The Hacker News
VMware Alert: Uninstall EAP Now - Critical Flaw Puts Active Directory at Risk
VMware has identified a critical security flaw in its Enhanced Authentication Plugin (EAP), urging users to uninstall it.
DarkReading
Joomla XSS Bugs Open Millions of Websites to RCE
Improper content filtering in a core function allows multiple paths to exploitation for CVE-2024-21726.
Ars Technica
After years of losing, it’s finally feds’ turn to troll ransomware group
Authorities who took down the ransomware group brag about their epic hack.
Bleeping Computer
Knight ransomware source code for sale after leak site shuts down
The alleged source code for the third iteration of the Knight ransomware is being offered for sale to a single buyer on a hacker forum by a representative of the operation.
Infosecurity News
LockBit Ransomware Takedown: What You Need to Know about Operation Cro
What businesses should know about Operation Cronos and LockBit, one of the largest ransomware takedowns in history
Bleeping Computer
Ransomware Groups, Targeting Preferences, and the Access Economy
The cybercrime ecosystem has created a supply chain of stolen accounts and breached networks that are used to fuel ransomware attacks and data breaches. Learn more from Flare about how this supply chain has led to an explosion of cybercrime.
Cyber Security News
Russian Hackers Breached 80+ Organizations Using Roundcube XSS Flaw
The Russia-based threat group TAG-70 has been discovered to be exploiting Roundcube webmail servers with a recently disclosed Cross-Site Scripting vulnerability CVE-2023-5631.
Krebs on Security
Feds Seize LockBit Ransomware Websites, Offer Decryption Tools, Troll Affiliates
U.S. and U.K. authorities have seized the darknet websites run by LockBit, a prolific and destructive ransomware group that has claimed more than 2,000 victims worldwide and extorted over $120 million in payments. Instead of listing data stolen from ransomware…
HACKRead
Russian Hackers Hit Mail Servers in Europe for Political and Military Intel
A group of Russian hackers going by the handle of TAG-70 has targeted mail servers in Ukraine, Georgia, and Poland, aiming to collect intelligence.
Security Affairs
Russia-linked APT TAG-70 targets European government and military mail servers exploiting Roundcube XSS
An APT group, tracked as TAG-70, linked to Belarus and Russia exploited XSS flaws in Roundcube webmail servers to target over 80 orgs
SecurityWeek
Russian Cyberspies Exploit Roundcube Flaws Against European Governments
Russian cyberespionage group targets European government, military, and critical infrastructure entities via Roundcube vulnerabilities.
CyberNews
New Russian cyber-espionage campaign targeting Europe’s webmail servers
Researchers are warning about a new cyber-espionage campaign against Roundcube webmail servers in Europe.
CSO
Russian hackers target vulnerable webmail servers in Europe for espionage
The threat actor exploits an XSS flaw in Roundcube webmail servers to target critical government infrastructure.
The Hacker News
Russian-Linked Hackers Breach 80+ Organizations via Roundcube Flaws
A new cyberespionage campaign has targeted over 80 organizations in Europe, exploiting vulnerabilities in Roundcube webmail servers.
Security Affairs
Security Affairs newsletter Round 459 by Pierluigi Paganini
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
DarkReading
Russian APT 'Winter Vivern' Targets European Governments, Military
TAG-70's sophisticated espionage campaign targeted a range of geopolitical targets, suggesting a highly capable and well-funded state-backed threat actor.
The Record
Russia-aligned hackers target European and Iranian embassies in new espionage campaign
A Russia-linked hacking group is exploiting a known bug in a popular webmail server to spy on government and military agencies in Europe, as well as Iranian embassies in Russia, according to a new report.
Loading more articles....