SecurityWeek
SAP Patches Critical Vulnerabilities in CX Commerce, NetWeaver
SAP has released 14 new and three updated security notes on its May 2024 Security Patch Day, including for critical vulnerabilities.
SecurityWeek
SAP has released 14 new and three updated security notes on its May 2024 Security Patch Day, including for critical vulnerabilities.
Bleeping Computer
A cybercriminal using the name "salfetka" claims to be selling the source code of INC Ransom, a ransomware-as-a-service (RaaS) operation launched in August 2023.
Krebs on Security
Last week, the United States joined the U.K. and Australia in sanctioning and charging a Russian man named Dmitry Yuryevich Khoroshev as the leader of the infamous LockBit ransomware group. LockBit's leader "LockBitSupp" claims the feds named the wrong guy,…
Cyber Security News
Staying informed is the key in this dynamic battle of cybersecurity, and due to this, the weekly news recap provides you with the newest trends, weaknesses, infringements found, and some possible defense mechanisms.
HACKRead
WordPress websites are under attack with a surge of malicious JavaScript being injected using vulnerable versions of the LiteSpeed Cache plugin.
Security Affairs
Threat actors are exploiting a high-severity vulnerability in the LiteSpeed Cache plugin for WordPress to take over web sites
The Hacker News
The cloud promises agility, but opens a Pandora's box of cyber risks if not secured properly. Understand your responsibility under the shared responsi
The Hacker News
A critical flaw in the hugely popular LiteSpeed Cache plugin for WordPress is being exploited in the wild to create rogue admin accounts, granting att
Cyber Security News
A critical XSS vulnerability has discovered in the popular Yoast SEO WordPress plugin, potentially putting over 5m websites at risk.
Cyber Security News
Two vulnerabilities have been identified in pgAdmin of PostgreSQL which were associated with Cross-Site Scripting and Multi-Factor
Cyber Security News
Critical vulnerabilities in MailCleaner versions before 2023.03.14 allow attackers to take control of appliances through malicious emails
Cyber Security News
A new vulnerability has been discovered in Telegram which allows a threat actor to hijack a Telegram user session via XSS
Cyber Security News
Welcome to this week's edition of the Cyber Security News Weekly Round-Up. This issue covers the latest vulnerabilities, cyber attacks, and emerging threats that have been making headlines. Stay informed and stay secure!
HACKRead
It is essential to be knowledgeable about security fundamentals and stay up-to-date with emerging technologies and methodologies.
Cyber Security News
A significant vulnerability was detected in IBM QRadar Suite Software and Cloud Pak for Security that allows attackers to execute arbitrary
Latest Hacking News
WordPress admins using the Forminator plugin on their websites must rush to update their sites with the latest plugin release. That’s because numerous vulnerabilities existed in the Forminator plugin that could allow triggering site crashes
CyberNews
Large language models (LLMs) such as GPT-4 can exploit one-day vulnerabilities, researchers find.
Cyber Security News
Cybersecurity revelation, over 50k websites using the popular WordPress plugin Forminator are at risk due to multiple vulnerabilities.
Cyber Security News
A 220% increase in vulnerabilities impacting AI systems has been discovered since the initial disclosures of 15 vulnerabilities in November
Cyber Security News
Large language models (LLMs) have achieved superhuman performance on many benchmarks, leading to a surge of interest in LLM agents capable
Bleeping Computer
The Forminator WordPress plugin used in over 500,000 sites is vulnerable to a flaw that allows malicious actors to perform unrestricted file uploads to the server.
Cyber Security News
The Juniper networks owned Junos OS has been discovered with multiple vulnerabilities that are associated with Denial of Service (DoS),
Cyber Security News
The weekly cybersecurity news wrap-up provides readers with the latest information on emerging risks, vulnerabilities, ways to reduce them, and harmful schemes to help make defensive measures proactive.
The Cyber Express
WordPress maintains its dominance as a content management system (CMS), reportedly occupying 63.3% of the entire market share. At least
Bleeping Computer
Telegram fixed a zero-day vulnerability in its Windows desktop application that could be used to bypass security warnings and automatically launch Python scripts.
Bleeping Computer
Telegram fixed a zero-day vulnerability in its Windows desktop application that could be used to bypass security warnings and automatically launch Python scripts.
The Cyber Express
Microsoft has released the latest Patch Tuesday update, addressing a large number of vulnerabilities across various products and services. The
Security Affairs
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
Security Affairs
Cisco warns customers of Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers Cross-Site scripting flaw
SecurityWeek
Cisco says it will not release patches for a cross-site scripting vulnerability impacting end-of-life small business routers.
DarkReading
Nearly three months after Operation Cronos, it's clear the gang is not bouncing back from the innovative law-enforcement action. RaaS operators are on notice, and businesses should pay attention.
Cyber Security News
A security researcher reported a critical vulnerability in the WP-Members Membership Plugin that allows attackers to inject malicious scripts
The Hacker News
WordPress sites using LayerSlider versions 7.9.11 - 7.10.0 are vulnerable to attack. Hackers could steal sensitive data like passwords.
Trend Micro
Our new article provides key highlights and takeaways from Operation Cronos' disruption of LockBit's operations, as well as telemetry details on how LockBit actors operated post-disruption.
Security Affairs
A cross-site scripting vulnerability (XXS) in the WordPress WP-Members Membership plugin can lead to malicious script injection.
SecurityWeek
A cross-site scripting vulnerability in the WP-Members Membership plugin could allow attackers to inject scripts into user profile pages.
Cyber Security News
Of all the security flaws discovered in the WordPress ecosystem, XSS vulnerabilities accounted for about 53.3% of the total.
SecurityWeek
US government conducting airline privacy review, SEC’s overreaching SolarWinds hack probe, MFA bombing of Apple users.
Cyber Security News
GitLab has announced the release of updated versions for both its Community Edition (CE) and Enterprise Edition (EE), addressing critical vulnerabilities that could potentially allow attackers to inject malicious scripts and cause denial of service (DoS) attacks.
SecurityWeek
JetBrains patches 26 security issues in TeamCity and takes steps to avoid malicious exploitation of vulnerabilities.
Cyber Security News
A security update released by ChatRTX on March 26th, 2024, addresses two vulnerabilities (CVE-2024-0082 and CVE-2024-0083) that could allow
The Cyber Express
A new Essential Addons For Elementor vulnerability has been revealed, affecting over 2 million websites utilizing the popular WordPress plugin.
Bleeping Computer
Ransomware is quickly changing in 2024, with massive disruptions and large gangs shutting down. Learn from Flare how affiliate competition is changing in 2024, and what might come next.
The Cyber Express
A Rank Math plugin vulnerability affects over 2 million WordPress websites. The flaw, identified as a Stored Cross-Site Scripting (XSS)
Cyber Security News
A significant vulnerability has been identified in the Rank Math SEO plugin for WordPress, this flaw cataloged under CVE-2023-32600,
Cyber Security News
Security researcher Henry N. Caga has identified a significant cross-site scripting (XSS) vulnerability within a Google sub-domain.
The Hacker News
A now-patched vulnerability in AWS Managed Workflows for Apache Airflow (MWAA) could have allowed attackers to hijack sessions & execute code remotely
SecurityWeek
AWS patches vulnerability that could have been used to hijack Managed Workflows Apache Airflow (MWAA) sessions via FlowFixation attack.
HACKRead
In today's interconnected world, where our lives revolve around the internet, it's imperative to understand the importance of browser security.
SC Magazine
Several AWS, Azure and Google Cloud domains were found to lack a key guardrail against XSS.
SC Magazine
Several AWS, Azure and Google Cloud domains were found to lack a key guardrail against XSS.
HACKRead
Ukraine's cyber police has arrested three hackers accused of hacking and selling 100 million email and Instagram accounts on the dark web.
Cyber Security News
Hackers use stealers to gather sensitive information for example login credentials, financial data or personal details from victims’ devices.
HACKRead
From dark web to ransomware gangs, new tools and tactics are aiding cyber criminals in targeting E-commerce and Aviation Industries.
Security Affairs
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
The Hacker News
Cybersecurity experts have uncovered new vulnerabilities in #ChatGPT's third-party plugins, posing a significant risk to user data and account.
Cyber Security News
A new tool has surfaced on the Dark Web, signaling a shift in the methods used by cybercriminals to gain unauthorized remote access.
Latest Hacking News
Heads up, WordPress admins! It’s time to update your WordPress websites with the latest Popup Builder plugin release. Researchers have discovered criminal hackers exploiting the Popup Builder plugin flaw to infect the target sites with
Cyber Security News
Multiple Adobe Enterprise products such as Adobe Experience, Premier Pro, ColdFusion, Bridge, Lightroom and Animate have been discovered with
Cyber Security News
Apart from ChatGPT and Gemini AI which are the most popular Artificial Intelligence systems available to the public, there are several other
The Hacker News
WordPress sites under attack! A new malware campaign exploits Popup Builder plugin vulnerability (CVE-2023-6000) infecting over 3,900 sites
Cyber Security News
At Google's LLM bugSWAT event in Las Vegas, researchers uncovered and reported bugs in the company's Bard AI and received a $50k reward.
Cyber Security News
The code redirects users to phishing sites or injects further malware, and the campaign has already infected over 3300 websites.
SecurityWeek
A high-severity XSS vulnerability in the Ultimate Member plugin allows attackers to inject scripts into WordPress sites.
Security Affairs
Threat actors are hacking WordPress sites by exploiting a flaw, tracked as CVE-2023-6000, in old versions of the Popup Builder plugin
Bleeping Computer
Hackers are breaching WordPress sites by exploiting a vulnerability in outdated versions of the Popup Builder plugin, infecting over 3,300 websites with malicious code.
DarkReading
Ransomware cybercrime gangs GhostSec and Stormous have teamed up in widespread double-extortion attacks.
Security Affairs
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
Cyber Security News
Welcome to the Cyber Security News Recap, a weekly newsletter. We strive to provide you with the most current information regarding advancements in cybersecurity.
Cyber Security News
A critical vulnerability has been discovered in the LiteSpeed Cache plugin, a popular WordPress plugin installed on over 4 million websites.
The Hacker News
Discover how sophisticated hackers are targeting Mexico with TimbreStealer, a new malware on the block.
Infosecurity News
The flaw, discovered by Patchstack, stems from a lack of input sanitization and output escaping in the plugin’s code
Security Affairs
Researchers warn of an XSS vulnerability, tracked as CVE-2023-40000, in the LiteSpeed Cache plugin for WordPress
The Hacker News
A critical flaw in LiteSpeed Cache for WordPress allows unauthenticated privilege escalation. Over 5M sites at risk
The Hacker News
Over 10 million secrets were exposed in public GitHub commits last year alone. Are your secrets safe? Learn how to protect your data in the age of AI.
Security Affairs
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
The Hacker News
In a dramatic turn of events, LockBitSupp, a key figure in the notorious LockBit ransomware operation, is reportedly cooperating with law enforcement.
Krebs on Security
The FBI's takedown of the LockBit ransomware group last week came as LockBit was preparing to release sensitive data stolen from government computer systems in Fulton County, Ga. But LockBit is now regrouping, and the gang says it will publish…
Latest Hacking News
Joomla users must ensure that they receive the latest update as the platform fixes numerous security vulnerabilities. One of these includes a severe code execution vulnerability. Joomla Fixes Numerous Security Vulnerabilities According to a recent advisory, Joomla
SecurityWeek
Spyware vendor Varonis is shutting down, Crowdstrike tracks 232 threat actors, Meta and Freenom reach settlement.
Security Affairs
Joomla maintainers have addressed multiple flaws in the popular content management system (CMS) that can lead to execute arbitrary code
Trend Micro
This research is the result of our collaboration with the National Crime Agency in the United Kingdom, who took action against LockBit as part of Operation Cronos, an international effort resulting in the undermining of its operations.
Bleeping Computer
Five vulnerabilities have been discovered in the Joomla content management system that could be leveraged to execute arbitrary code on vulnerable websites.
The Hacker News
VMware has identified a critical security flaw in its Enhanced Authentication Plugin (EAP), urging users to uninstall it.
DarkReading
Improper content filtering in a core function allows multiple paths to exploitation for CVE-2024-21726.
Ars Technica
Authorities who took down the ransomware group brag about their epic hack.
Bleeping Computer
The alleged source code for the third iteration of the Knight ransomware is being offered for sale to a single buyer on a hacker forum by a representative of the operation.
Infosecurity News
What businesses should know about Operation Cronos and LockBit, one of the largest ransomware takedowns in history
Bleeping Computer
The cybercrime ecosystem has created a supply chain of stolen accounts and breached networks that are used to fuel ransomware attacks and data breaches. Learn more from Flare about how this supply chain has led to an explosion of cybercrime.
Cyber Security News
The Russia-based threat group TAG-70 has been discovered to be exploiting Roundcube webmail servers with a recently disclosed Cross-Site Scripting vulnerability CVE-2023-5631.
Krebs on Security
U.S. and U.K. authorities have seized the darknet websites run by LockBit, a prolific and destructive ransomware group that has claimed more than 2,000 victims worldwide and extorted over $120 million in payments. Instead of listing data stolen from ransomware…
HACKRead
A group of Russian hackers going by the handle of TAG-70 has targeted mail servers in Ukraine, Georgia, and Poland, aiming to collect intelligence.
Security Affairs
An APT group, tracked as TAG-70, linked to Belarus and Russia exploited XSS flaws in Roundcube webmail servers to target over 80 orgs
SecurityWeek
Russian cyberespionage group targets European government, military, and critical infrastructure entities via Roundcube vulnerabilities.
CyberNews
Researchers are warning about a new cyber-espionage campaign against Roundcube webmail servers in Europe.
CSO
The threat actor exploits an XSS flaw in Roundcube webmail servers to target critical government infrastructure.
The Hacker News
A new cyberespionage campaign has targeted over 80 organizations in Europe, exploiting vulnerabilities in Roundcube webmail servers.
Security Affairs
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
DarkReading
TAG-70's sophisticated espionage campaign targeted a range of geopolitical targets, suggesting a highly capable and well-funded state-backed threat actor.
The Record
A Russia-linked hacking group is exploiting a known bug in a popular webmail server to spy on government and military agencies in Europe, as well as Iranian embassies in Russia, according to a new report.
Loading more articles....