Category: Security

WordPress Page Builder Plugin Bugs Threaten 1 Million Sites with Full Takeover

Severe CSRF to XSS bugs open the door to code execution and complete website compromise.

Unpatched Bugs in Oracle iPlanet Open Door to Info-Disclosure, Injection

CVE-2020-9315 and CVE-2020-9314 in iPlanet version 7 will not receive patches.

Sphinx Malware Returns to Riddle U.S. Targets

The banking trojan has upgraded and is seeing a resurgence on the back of coronavirus stimulus payment themes.

Hackers Breach 3.5 Million MobiFriends Dating App Credentials

The emails, hashed passwords and usernames of 3.5 million users of the dating app MobiFriends were put up for sale

Report: Microsoft’s GitHub Account Gets Hacked

The Shiny Hunters hacking group said it stole 500 GB of data from the tech giant’s repositories on the developer

Blue Mockingbird Monero-Mining Campaign Exploits Web Apps

The cybercriminals are using a deserialization vulnerability, CVE-2019-18935, to achieve remote code execution before moving laterally through the enterprise.

Hackers Dumpster Dive for Taxpayer Data in COVID-19 Relief Money Scams

Threat actors are buying and selling taxpayer data on hacker forums as well as using phishing and other campaigns to

Naikon APT Hid Five-Year Espionage Attack Under Radar

The Chinese APT has been discovered behind a five-year espionage campaign that compromises government servers – and uses that as

InfinityBlack Dismantled After Selling Millions of Credentials

In the Europol-led takedown, police shut down databases with more than 170 million entries.

Attackers Claim Identity of Financial NGO to Steal Sharepoint, Office Credentials

Investment brokers are the target of a new wave of socially engineered phishing attacks, warns FINRA.