DeceptionAds Delivers 1M+ Daily Impressions via 3,000 Sites, Fake CAPTCHA Pages Cybersecurity researchers have shed light on a previously undocumented aspect associated with ClickFix-style attacks that hinge on taking advantage of a single ad network service as part of a malvertising-driven information stealer campaign dubbed DeceptionAds. “Entirely reliant on a Read more…
Google Exposes GLASSBRIDGE: A Pro-China Influence Network of Fake News Sites Government agencies and non-governmental organizations in the United States have become the target of a nascent China state threat actor known as Storm-2077. The adversary, believed to be active since at least January 2024, has also conducted cyber attacks Read more…
Critical WordPress Anti-Spam Plugin Flaws Expose 200,000+ Sites to Remote Attacks Two critical security flaws impacting the Spam protection, Anti-Spam, and FireWall plugin WordPress could allow an unauthenticated attacker to install and enable malicious plugins on susceptible sites and potentially achieve remote code execution. The vulnerabilities, tracked as CVE-2024-10542 and Read more…
New Phishing Kit Xiū gǒu Targets Users Across Five Countries With 2,000 Fake Sites Cybersecurity researchers have disclosed a new phishing kit that has been put to use in campaigns targeting Australia, Japan, Spain, the U.K., and the U.S. since at least September 2024. Netcraft said more than 2,000 phishing Read more…
Jetpack patches critical bug that exposed data on 27M WordPress sites Jetpack released a patch for a critical vulnerability that could let malicious users submit a specially crafted request to the WordPress server to then disclose data submitted by other users — a flaw that left sensitive personal information potentially Read more…
WordPress Plugin Jetpack Patches Major Vulnerability Affecting 27 Million Sites The maintainers of the Jetpack WordPress plugin have released a security update to remediate a critical vulnerability that could allow logged-in users to access forms submitted by others on a site. Jetpack, owned by WordPress maker Automattic, is an all-in-one Read more…
WordPress LiteSpeed Cache Plugin Security Flaw Exposes Sites to XSS Attacks Oct 04, 2024Ravie LakshmananWebsite Security / Vulnerability A new high-severity security flaw has been disclosed in the LiteSpeed Cache plugin for WordPress that could enable malicious actors to execute arbitrary JavaScript code under certain conditions. The flaw, tracked as Read more…
Watering Hole Attack on Kurdish Sites Distributing Malicious APKs and Spyware Sep 26, 2024Ravie LakshmananCyber Espionage / Mobile Security As many as 25 websites linked to the Kurdish minority have been compromised as part of a watering hole attack designed to harvest sensitive information for over a year and a Read more…
Thousands of Oracle NetSuite Sites at Risk of Exposing Customer Information Aug 20, 2024Ravie LakshmananEnterprise Security / Data Breach Cybersecurity researchers are warning about the discovery of thousands of externally-facing Oracle NetSuite e-commerce sites that have been found susceptible to leaking sensitive customer information. “A potential issue in NetSuite’s SuiteCommerce Read more…
New Credit Card Skimmer Targets WordPress, Magento, and OpenCart Sites Jun 26, 2024NewsroomWeb Skimming / Website Security Multiple content management system (CMS) platforms like WordPress, Magento, and OpenCart have been targeted by a new credit card web skimmer called Caesar Cipher Skimmer. A web skimmer refers to malware that is Read more…