Cybercriminals have begun to exploit a critical vulnerability in the WP Automatic plugin for WordPress, enabling them to create accounts with administrative privileges and install backdoors for long-term access. Installed on over 30,000 sites,...
In recent weeks, there has been an intensification of cyberattacks on Indian government bodies, initiated by groups linked to Pakistan. The analytical team at Seqrite Labs has identified several campaigns in which remote access...
ThreatFabric has identified a new malicious application named Brokewell, capable of recording every action on a device, from keystrokes to text input and application launches. The Trojan is distributed through a counterfeit Google Chrome...
Network security measures such as firewalls are designed to safeguard corporate networks from breaches. However, it turns out that cybercriminals are increasingly turning these systems against their owners, using them as springboards to infiltrate...
Security experts have identified a critical vulnerability in the Flowmon network performance monitoring tool from Progress Software, utilized by over 1,500 companies globally, including major organizations such as SEGA, KIA, and Volkswagen. The vulnerability...
Experts at Citizen Lab have identified vulnerabilities in popular keyboard applications that could be exploited to log keystrokes of Chinese users worldwide. These security issues are nearly ubiquitous across apps, including those pre-installed on...
Cybersecurity researchers from Perception Point recently discovered a vulnerability on the Nespresso coffee machine and capsule manufacturer’s website, which scammers actively exploit to redirect users to malicious sites. The vulnerability, related to open redirection,...
Recently, security researchers identified a new vulnerability known as Dependency Confusion, affecting an archived Apache project titled Cordova App Harness. This vulnerability enables malefactors to manipulate package managers into downloading a fraudulent package from...
North Korean hackers exploited the eScan antivirus update mechanism to embed backdoors into corporate networks and disseminate cryptocurrency miners using the malicious software, GuptiMiner. Cybersecurity firm Avast reports that the perpetrators conducted an adversary-in-the-middle...
The South Korean police have issued a warning about cyberattacks by North Korean hacker groups targeting defense industry enterprises to steal valuable technological information. The police have documented several instances of successful breaches of...
The United States Treasury Department has announced the imposition of sanctions against four Iranian citizens and two corporations for their involvement in cyberattacks targeting U.S. government agencies, defense contractors, and private companies. The sanctions...
According to a recent report by Cisco Talos, the CoralRaider group is utilizing CDN platforms to disseminate malware in the United States, the United Kingdom, Germany, and Japan. The campaign aims to pilfer credentials,...
On April 17, researchers at Zscaler exposed a malicious software distribution campaign targeting IT professionals. This operation employs deceptive advertising of popular network utilities to implant a new backdoor named MadMxShell. The campaign was...
Cybersecurity experts from Fortinet have identified a new malicious package in the PyPI registry for developers, aimed at stealing user data from Discord. The package, named “discordpy_bypass-1.7,” was published on March 10, 2024, and...
As a result of an alleged cyberattack by a hacking group associated with the Anonymous collective, the Israeli Defense Forces (IDF) faced claims of compromising confidential data. According to the hackers, they accessed 20...
Over the past few years, security experts have observed an intensification of cyberattacks on organizations in Eastern and Western Europe, as well as North America. The perpetrators are hackers from the group known as...
