Recent Security News
-
Hackers exploit WordPress plugin flaw to infect 3,300 sites with malware
March 10, 2024 at 11:42AM Hackers are exploiting an XSS vulnerability in outdated Popup Builder plugin versions, infecting over 3,300 WordPress sites with malicious code. A new campaign targeting the same vulnerability has seen a notable uptick, with Sucuri reporting 1,170 infections. To defend against these attacks, users are advised to upgrade to Popup Builder…
-
Magnet Goblin hackers use 1-day flaws to drop custom Linux malware
March 10, 2024 at 11:42AM Magnet Goblin, a financially motivated hacking group, exploits 1-day vulnerabilities to breach public-facing servers and deploy custom malware on Windows and Linux systems. They target devices and services like Ivanti Connect Secure, Apache ActiveMQ, ConnectWise ScreenConnect, Qlik Sense, and Magento. Check Point analysts emphasize the importance of timely patching and…
-
Microsoft Confirms Russian Hackers Stole Source Code, Some Customer Secrets
March 8, 2024 at 11:57PM Microsoft disclosed that the Kremlin-backed threat actor Midnight Blizzard gained access to some source code repositories and internal systems following a hack in January 2024. The company stated that it is investigating the extent of the breach and has increased its security investments in response to the attack. The breach…
-
Chrome users – get an alert when extensions are in danger of falling into wrong hands
March 8, 2024 at 06:44PM Millions of Chrome users can now defend against extension subversion by installing the Chrome add-on “Under New Management,” created by software developer Matt Frisbie. The add-on alerts users when installed extensions change ownership, giving them the power to make informed decisions about the software they’re using. This initiative aims to…
-
The Week in Ransomware – March 8th 2024 – Waiting for the BlackCat rebrand
March 8, 2024 at 06:40PM The BlackCat/ALPHV ransomware gang has shut down after scamming an affiliate for $22 million, amidst increasing calls for a federal ban on ransom payments. Other ransomware activity includes various new variants identified by PCrisk and coordinated attacks by GhostSec and Stormous groups. The impact spans sectors from healthcare to beer…