WordPress migration add-on flaw could lead to data breaches
All-in-One WP Migration, a popular data migration plugin for WordPress sites with 5 million active installations, suffers from unauthenticated access token manipulation that could allow…
Category: Bleeping Computer
VMware Aria vulnerable to critical SSH authentication bypass flaw
VMware Aria Operations for Networks (formerly vRealize Network Insight) is vulnerable to a critical severity authentication bypass flaw that could allow remote attackers to bypass…
Hacking campaign bruteforces Cisco VPNs to breach networks
Hackers are targeting Cisco Adaptive Security Appliance (ASA) SSL VPNs in credential stuffing and brute-force attacks that take advantage of lapses in security defenses, such…
Trojanized Signal and Telegram apps on Google Play delivered spyware
Image: Midjourney Trojanized Signal and Telegram apps containing the BadBazaar spyware were uploaded onto Google Play and Samsung Galaxy Store by a Chinese APT hacking…
DreamBus malware exploits RocketMQ flaw to infect servers
Image: Midjourney A new version of the DreamBus botnet malware exploits a critical-severity remote code execution vulnerability in RocketMQ servers to infect devices. The exploited…
How the FBI nuked Qakbot malware from infected Windows PCs
The FBI announced today the disruption of the Qakbot botnet in an international law enforcement operation that not only seized infrastructure but also uninstalled the…
New Android MMRat malware uses Protobuf protocol to steal your data
A novel Android banking malware named MMRat utilizes a rarely used communication method, protobuf data serialization, to more efficiently steal data from compromised devices. MMRat was spotted…
Qakbot botnet dismantled after infecting over 700,000 computers
Qakbot, one of the largest and longest-running botnets to date, was taken down following a multinational law enforcement operation spearheaded by the FBI and known…
Microsoft adds HSTS support to Exchange Server 2016 and 2019
Microsoft announced today that Exchange Server 2016 and 2019 now come with support for HTTP Strict Transport Security (also known as HSTS). HSTS is a…
University of Michigan shuts down network after cyberattack
The University of Michigan has taken all of its systems and services offline to deal with a cybersecurity incident, causing a widespread impact on online…
Hackers exploit critical Juniper RCE bug chain after PoC release
Hackers are using a critical exploit chain to target Juniper EX switches and SRX firewalls via their Internet-exposed J-Web configuration interface. Successful exploitation enables unauthenticated…
US govt email servers hacked in Barracuda zero-day attacks
Suspected Chinese hackers disproportionately targeted and breached government and government-linked organizations worldwide in recent attacks targeting a Barracuda Email Security Gateway (ESG) zero-day, with a…