Over 600K WordPress Sites at Risk Due to Critical Plugin Vulnerability
A critical security flaw in the popular Forminator WordPress plugin has put more than 600,000 websites worldwide at risk of remote takeover, according to recent disclosures from…
Author: Cybernoz
Cybersecurity essentials for the future: From hype to what works
Cybersecurity never stands still. One week it’s AI-powered attacks, the next it’s a new data breach, regulation, or budget cut. With all that noise, it’s…
Qantas Cyberattack Exposes Data Of Up To 6M Customers
Australia’s national carrier, Qantas Airways Limited, has revealed a cybersecurity incident. The Qantas cyberattack was traced to unauthorized access through a third-party customer service platform…
Anthropic MCP Inspector Vulnerability Lets Hackers Run Arbitrary Code Remotely
A newly disclosed vulnerability in Anthropic’s Model Context Protocol (MCP) Inspector tool has sent shockwaves through the AI development community, exposing a critical attack vector…
How FinTechs are turning GRC into a strategic enabler
In this Help Net Security interview, Alexander Clemm, Corp GRC Lead, Group CISO, and BCO at Riverty, shares how the GRC landscape for FinTechs has…
Secretless Broker: Open-source tool connects apps securely without passwords or keys
Secretless Broker is an open-source connection broker that eliminates the need for client applications to manage secrets when accessing target services like databases, web services,…
Kimsuky Hackers Using ClickFix Technique to Execute Malicious Scripts on Victim Machines
The notorious North Korean threat group Kimsuky has adopted a sophisticated social engineering tactic known as “ClickFix” to deceive users into executing malicious scripts on…
Scammers are tricking travelers into booking trips that don’t exist
Not long ago, travelers worried about bad weather. Now, they’re worried the rental they booked doesn’t even exist. With AI-generated photos and fake reviews, scammers…
Qantas contact centre hit by ‘significant’ cyber incident
Qantas has confirmed that a cyber incident has been contained in one of its contact centres, impacting customer data. In a statement, the company advised, “On…
New C4 Bomb Attack Bypasses Chrome’s AppBound Cookie Encryption
A critical vulnerability that allows low-privileged attackers to decrypt Chrome’s AppBound Cookie Encryption, a security feature Google introduced in July 2024 to protect user cookies…
Europol Dismantles Fraud Crypto Investment Ring That Tricked 5000+ Victims Worldwide
European law enforcement agencies have successfully dismantled a sophisticated cryptocurrency investment fraud network that laundered EUR 460 million in illicit profits from over 5,000 victims…
Recommendation for Key Management | NIST Requests Public Comment
NIST maintains its cryptography standards and guidelines using a periodic review process. Currently, NIST seeks your feedback on all aspects of these two publications: The…