WordPress force installs critical Jetpack patch on 5 million sites
Automattic, the company behind the open-source WordPress content management system, has started force installing a security patch on millions of websites today to address a…
Category: Bleeping Computer
WordPress plugin ‘Gravity Forms’ vulnerable to PHP object injection
The premium WordPress plugin ‘Gravity Forms,’ currently used by over 930,000 websites, is vulnerable to unauthenticated PHP Object Injection. Gravity Forms is a custom form…
Barracuda zero-day abused since 2022 to drop new malware, steal data
Image: Bing Image Creator Network and email security firm Barracuda today revealed that a recently patched zero-day vulnerability had been exploited for at least seven…
Microsoft finds macOS bug that lets hackers bypass SIP root restrictions
Apple has recently addressed a vulnerability that lets attackers with root privileges bypass System Integrity Protection (SIP) to install “undeletable” malware and access the victim’s…
RomCom malware spread via Google Ads for ChatGPT, GIMP, more
A new campaign distributing the RomCom backdoor malware is impersonating the websites of well-known or fictional software, tricking users into downloading and launching malicious installers.…
Microsoft shares fix for cameras not working on Surface laptops
Microsoft has shared a temporary fix for a widespread issue triggered by a buggy driver that causes built-in cameras on some ARM-based Windows devices (including…
Android apps with spyware installed 421 million times from Google Play
A new Android malware distributed as an advertisement SDK has been discovered in multiple apps, many previously on Google Play and collectively downloaded over 400…
New hacking forum leaks data of 478,000 RaidForums members
A database for the notorious RaidForums hacking forums has been leaked online, allowing threat actors and security researchers insight into the people who frequented the…
Flash loan attack on Jimbos Protocol steals over $7.5 million
Jimbos Protocol, an Arbitrum-based DeFi project, has suffered a flash loan attack that resulted in the loss of more than of 4000 ETH tokens, currently…
MCNA Dental data breach impacts 8.9 million people after ransomware attack
Managed Care of North America (MCNA) Dental has published a data breach notification on its website, informing almost 9 million patients that their personal data…
Lazarus hackers target Windows IIS web servers for initial access
The notorious North Korean state-backed hackers, known as the Lazarus Group, are now targeting vulnerable Windows Internet Information Services (IIS) web servers to gain initial…
PyPI announces mandatory use of 2FA for all software publishers
The Python Package Index (PyPI) has announced that it will require every account that manages a project on the platform to have two-factor authentication (2FA)…