Compromised plugins found on WordPress.org
An unknown threat actor has compromised five (and possibly more) WordPress plugins and injected them with code that creates a new admin account, effectively allowing them complete control over WordPress installations / websites. “In addition, i.....»»
![Google](https://www.google.com/images/poweredby_transparent/poweredby_FFFFFF.gif)
Backdoor slipped into multiple WordPress plugins in ongoing supply-chain attack
Malicious updates available from WordPress.org create attacker-controlled admin account. Enlarge (credit: Getty Images) WordPress plugins running on as many as 36,000 websites have been backdoored in a supply-chain attac.....»»
Week in review: JetBrains GitHub plugin vulnerability, 20k FortiGate appliances compromised
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Users of JetBrains IDEs at risk of GitHub access token compromise (CVE-2024-37051) JetBrains has fixed a critical vulnerability (CVE-2024-37051) tha.....»»
20,000 FortiGate appliances compromised by Chinese hackers
Coathanger – a piece of malware specifically built to persist on Fortinet’s FortiGate appliances – may still be lurking on too many devices deployed worldwide. How Coathanger persists on FortiGate devices In February 2024, the Dutch Mil.....»»
Hackers steal “significant volume” of data from hundreds of Snowflake customers
Give shortcomings of Snowflake and its customers, there's plenty of blame to go around. Enlarge (credit: Getty Images) As many as 165 customers of cloud storage provider Snowflake have been compromised by a group that ob.....»»
Cyber insurance isn’t the answer for ransom payments
Ransomware remains an ongoing threat for organizations and is the largest single cause of IT outages and downtime as 41% of data is compromised during a cyberattack, according to Veeam. “Ransomware is endemic, impacting 3 out of 4 organizations in.....»»
TikTok hack compromised CNN account; Paris Hilton and others targeted
A TikTok hack allowed attackers to take control of CNN’s account, while other high-profile accounts were also targeted. The nature of the security breach remains a mystery at present. It was said to have involved direct messaging, but was seemin.....»»
Ulysses writing app for Mac, iPad, and iPhone gets internal linking, history navigation, more
Popular markdown-based writing app Ulysses has received a valuable update today that brings internal links for headings, history navigation, dark mode for WordPress publishing preview, and more. Here’s what’s new with Ulysses version 35 for Mac,.....»»
361 million account credentials leaked on Telegram: Are yours among them?
A new trove of 361 million email addresses has been added to Have I Been Pwned? (HIBP), the free online service through which users can check whether their account credentials and other data has been compromised in one or more data breaches. Have I B.....»»
Snowflake compromised? Attackers exploit stolen credentials
Have attackers compromised Snowflake or just their customers’ accounts and databases? Conflicting claims muddy the situation. What is Snowflake? Snowflake is cloud-based data storage and analytics company based in the US, and claims nearly 9,50.....»»
Compromised courtroom recording software was served from vendor’s official site
Courtroom recording software JAVS Viewer has been saddled with loader malware and has been served from the developer’s site since at least April 2, a threat researcher has warned last month. After analyzing a flagged installer detected in a cus.....»»
Compromised recording software was served from vendor’s official site, threat researchers say
Legitimate recording software JAVS Viewer has been saddled with loader malware and has been served from the developer’s site since at least April 2, a threat researcher has warned last month. After analyzing a flagged installer detected in a cu.....»»
I reviewed Google’s new cheap Pixel phone, and you really should buy it
The Google Pixel 8a is the cheapest Pixel you can buy, but is it too compromised to consider? Thankfully, no. Here's why it's a great purchase......»»
Ebury botnet compromises 400,000+ Linux servers
ESET researchers released its deep-dive investigation into one of the most advanced server-side malware campaigns. It is still growing and has seen hundreds of thousands of compromised servers in its at least 15-year-long operation. The Ebury group a.....»»
Dell warns of “incident” that may have leaked customers’ personal info
Notification follows claim of compromised database with 49M Dell customers' data. Enlarge (credit: Getty) For years, Dell customers have been on the receiving end of scam calls from people claiming to be part of the comp.....»»
Abnormal extends Account Takeover Protection to cloud apps, introduces AI Security Mailbox
Abnormal Security is expanding its Account Takeover Protection product line beyond email to provide visibility into cross-platform user behavior and centralize compromised account detection and remediation across identity, collaboration, and cloud in.....»»
Hackers try to exploit WordPress plugin vulnerability that’s as severe as it gets
WP Automatic plugin patched, but release notes don't mention the critical fix. Enlarge (credit: Getty Images) Hackers are assailing websites using a prominent WordPress plugin with millions of attempts to exploit a high-.....»»
A critical security flaw could affect thousands of WordPress sites
Forminator can be used to upload malware to the site, Japan's researchers say......»»
Cisco Duo provider breached, SMS MFA logs compromised
Hackers have managed to compromise a telephony provider for Duo, the Cisco-owned company providing secure access solutions, and steal MFA (multi-factor authentication) SMS message logs of Duo customers. About the attack The unnamed provider – o.....»»
Roku closes the barn door, badly, after a half-million accounts are compromised
Roku has finally turned on two-factor authentication -- after it learned that more than 500,000 accounts were hit by a credential-stuffing attack......»»
WordPress Parent Company Acquires Beeper
The acquisition was made public via a formal announcement from Beeper CEO Eric Migicovsky. The post WordPress Parent Company Acquires Beeper appeared first on Phandroid. Remember Beeper, the company that went back-and-forth against Apple o.....»»