WPForms bug allows Stripe refunds on millions of WordPress sites
A vulnerability in WPForms, a WordPress plugin used in over 6 million websites, could allow subscriber-level users to issue arbitrary Stripe refunds or cancel subscriptions.…
Category: Bleeping Computer
Microsoft December 2024 Patch Tuesday fixes 1 exploited zero-day, 71 flaws
Tag CVE ID CVE Title Severity GitHub CVE-2024-49063 Microsoft/Muzic Remote Code Execution Vulnerability Important Microsoft Defender for Endpoint CVE-2024-49057 Microsoft Defender for Endpoint on Android…
Windows 10 KB5048652 update fixes new motherboard activation bug
Microsoft has released the KB5048652 cumulative update for Windows 10 22H2, which contains six fixes, including a fix that prevented Windows 10 from activating when…
FTC distributes $72 million in Fortnite refunds from Epic Games
The Federal Trade Commission (FTC) is distributing over $72 million in Epic Game Fortnite refunds for the company’s use of dark patterns to trick players into…
US sanctions Chinese firm for hacking firewalls in ransomware attacks
The U.S. Treasury Department has sanctioned Chinese cybersecurity company Sichuan Silence and one of its employees for their involvement in a series of Ragnarok ransomware…
Uncovering an advanced phishing attack
This article is written by Varonis Security Specialist Tom Barnea. Think about your most recent security awareness training concerning phishing attacks. It likely included guidelines…
New Cleo zero-day RCE flaw exploited in data theft attacks
Hackers are actively exploiting a zero-day vulnerability in Cleo managed file transfer software to breach corporate networks and conduct data theft attacks. The flaw is…
Chinese hackers use Visual Studio Code tunnels for remote access
Chinese hackers targeting large IT service providers in Southern Europe were seen abusing Visual Studio Code (VSCode) tunnels to maintain persistent remote access to compromised…
Microsoft 365 outage takes down Office web apps, admin center
Microsoft is investigating a widespread and ongoing Microsoft 365 outage impacting Office web apps and the Microsoft 365 admin center. Since this incident started hours…
Ransomware attack hits leading heart surgery device maker
Artivion, a leading manufacturer of heart surgery medical devices, has disclosed a November 21 ransomware attack that disrupted its operations and forced it to take…
OpenWrt Sysupgrade flaw let hackers push malicious firmware images
A flaw in OpenWrt’s Attended Sysupgrade feature used to build custom, on-demand firmware images could have allowed for the distribution of malicious firmware packages. OpenWrt is a…
Radiant links $50 million crypto heist to North Korean hackers
Radiant Capital now says that North Korean threat actors are behind the $50 million cryptocurrency heist that occurred after hackers breached its systems in an…