Plugins on WordPress.org backdoored in supply chain attack
A threat actor modified the source code of at least five plugins hosted on WordPress.org to include malicious PHP scripts that create new accounts with administrative…
Month: June 2024
Progress quietly fixes MOVEit auth bypass flaws (CVE-2024-5805, CVE-2024-5806)
Progress Software has patched one critical (CVE-2024-5805) and one high-risk (CVE-2024-5806) vulnerability in MOVEit, its widely used managed file transfer (MFT) software product. According to…
EU Sanctions Russia-Linked Threat Actors
The European Union has extended its sanctions against threat actors after adding six Russian and Ukrainian nationals to its restrictive measures list. These latest sanctions…
Polyfill.io JavaScript supply chain attack impacts over 100K sites
Over 100,000 sites have been impacted in a supply chain attack by the Polyfill.io service after a Chinese company acquired the domain and the script was modified…
CDK Global faced second ransomware attack
CDK Global, a prominent provider of software solutions for automotive sales and services across 15,000 dealerships, recently faced significant disruptions due to alleged ransomware attacks.…
Mirai-like botnet is exploiting recently disclosed Zyxel NAS flaw
Mirai-like botnet is exploiting recently disclosed Zyxel NAS flaw Pierluigi Paganini June 25, 2024 Researchers warn that a Mirai-based botnet is exploiting a recently disclosed…
New Medusa malware variants target Android users in seven countries
The Medusa banking trojan for Android has re-emerged after almost a year of keeping a lower profile in campaigns targeting France, Italy, the United States,…
Ransomware attacks on obsolete Android devices
Attention Android users still on versions 11 or earlier: A critical security update demands your immediate attention. Multiple hacking groups are targeting outdated Android devices…
European Commission declares Microsoft’s bundling of Teams with M365 anti-competitive
Microsoft broke European Union (EU) antitrust rules by bundling in its cloud-based communications and collaboration software Teams when users purchased its online productivity suite, Office…
How to Find XSS | HackerOne
What Is XSS? XSS, short for Cross-Site Scripting, is a common type of vulnerability in web applications that executes arbitrary JavaScript in the victim’s browser.…
Client, Employee Data At Risk?
The notorious BlackBasta ransomware group is claiming credit for carrying out cyberattacks on major multinationals in the U.S. The ransomware gang claims it has access…
Neiman Marcus confirms data breach after Snowflake account hack
Luxury retailer Neiman Marcus confirmed it suffered a data breach after hackers attempted to sell the company’s database stolen in recent Snowflake data theft attacks.…