Security
WordPress plugins taken offline after a developer found 30 injected with malicious code
Dozens of WordPress plugins have been compromised by an unknown actor who planted backdoors in popular add-ons after buying them for hundreds of thousands of dollars.
Read more about WordPress plugins taken offline after a developer found 30 injected with malicious code
Fiverr users’ tax forms, licenses, private documents exposed on Google Search
Fiverr users' data have been found leaking on Google Search: invoices, tax return forms, driver’s licenses, credentials, and many other sensitive documents. Fiverr denies allegations of a cybersecurity incident.
Read more about Fiverr users’ tax forms, licenses, private documents exposed on Google Search
Trusted adware app left 25,000+ systems open to a $10 supply-chain hijack
More than 25,000 systems were left exposed after Huntress researchers discovered adware distributed by Dragon Boss Solutions used an insecure software update channel that could have been hijacked for as little as $10.
Read more about Trusted adware app left 25,000+ systems open to a $10 supply-chain hijack
Has Black Basta returned? Former affiliates assemble for new campaign targeting business execs
A new cyber intrusion campaign is reviving the playbook of the now-defunct Black Basta, raising concerns that former affiliates may be regrouping or reusing a proven model at scale.
Read more about Has Black Basta returned? Former affiliates assemble for new campaign targeting business execs
Full AMEX, Visa, Mastercard data allegedly exposed: act before your account is drained
A listing on a hacker forum claims access to thousands of payment records, including card numbers and security codes. Experts warn users to act immediately to protect their accounts from fraud and unauthorized charges.
Read more about Full AMEX, Visa, Mastercard data allegedly exposed: act before your account is drained
Hackers leak and sell Hallmark stolen data weeks after ransom ultimatum
Data allegedly stolen from Hallmark Cards, Inc. is already circulating across cybercrime forums, just weeks after a ransomware group threatened to release millions of records tied to the company.
Read more about Hackers leak and sell Hallmark stolen data weeks after ransom ultimatum
Hackers threaten to leak over 9M Amtrak records, including personal info
The National Railroad Passenger Corporation, better known as Amtrak, has been claimed by the prolific hacking group ShinyHunters.
Read more about Hackers threaten to leak over 9M Amtrak records, including personal info
Attacker sneaks 108 malicious Chrome extensions into official store, infecting thousands of users
Dozens of extensions on the Chrome Web Store were found to contain malware controlled by a single operator. Thousands of users who installed them have a backdoor planted, their data and session tokens stolen, while extensions remain live.
Read more about Attacker sneaks 108 malicious Chrome extensions into official store, infecting thousands of users
Security analyst calls LinkedIn’s BrowserGate scandal a giant nothingburger, urges calm
A recent investigation loudly claimed to have uncovered what it called one of the “largest corporate espionage and data breach scandals in digital history.” Indeed, it’d be disturbing if LinkedIn were really spying on its users. But it’s just not true, a security analyst says after conducting his own research.
Read more about Security analyst calls LinkedIn’s BrowserGate scandal a giant nothingburger, urges calm
Rockstar Games data leaked: What's inside the GTA makers' data dump?
The Rockstar Games data leak is escalating, with threat actors leaking internal data just months before the biggest game launch of the decade. Our team investigated what data attackers shared on the dark web.
Read more about Rockstar Games data leaked: What's inside the GTA makers' data dump?
Axios patches critical vulnerability that allows attackers to steal cloud credentials
Just two weeks after a massive supply chain compromise, Axios, a widely used JavaScript library for making web requests, is experiencing another critical threat. It contains a bug that allows attackers to chain vulnerabilities and achieve full cloud compromise.
Read more about Axios patches critical vulnerability that allows attackers to steal cloud credentials
Basic-Fit breach exposes bank details of 1 million members
The bank account details and personal information of nearly 1 million Basic-Fit members across six countries have been exposed after hackers breach one of Europe’s largest fitness chains.
Read more about Basic-Fit breach exposes bank details of 1 million members
Too popular? Fake Claude website distributes malware to visitors
Anthropic’s Claude is living the dream, and threat actors have taken note of its popularity. A website pretending to be a legitimate Claude domain was caught serving a remote access trojan to its visitors.
Read more about Too popular? Fake Claude website distributes malware to visitors
AI agents targeted via routers to inject payloads and steal your secrets
As AI agents increasingly rely on third-party API routers, criminals are using this dependence to trick users and inject malicious code into their machines.
Read more about AI agents targeted via routers to inject payloads and steal your secrets
Critical vulnerability affects wolfSSL, an encryption library protecting 5 billion devices and apps
An emergency patch has been released for wolfSSL, a critical security component that handles TLS encryption in five billion everyday devices and apps, from smartphones to routers. Many outdated devices might never get a patch.
Read more about Critical vulnerability affects wolfSSL, an encryption library protecting 5 billion devices and apps
Hackers claim access to pump system protecting Venice’s iconic St. Mark’s Square from flooding
A threat actor, operating under names such as “Infrastructure Destruction Squad” or “Dark Engine,” claims to have targeted the hydraulic pump system that protects Venice’s iconic St. Mark’s Square from flooding.
Read more about Hackers claim access to pump system protecting Venice’s iconic St. Mark’s Square from flooding
Okta compromise hits Hims & Hers in wider ShinyHunters attack spree
The Hims & Hers breach shows how stolen Okta access can unlock support platforms like Zendesk and expose customer data in a growing attack pattern.
Read more about Okta compromise hits Hims & Hers in wider ShinyHunters attack spree
Hackers claim breach exposing Moderna, J&J, Bayer employee data
Hackers are claiming to have breached a corporate intelligence provider, exposing employee data from 18 pharmaceutical and financial giants.
Read more about Hackers claim breach exposing Moderna, J&J, Bayer employee data
Google offers free PC upgrade for a billion Windows users
More than 500 million people are still using Windows 10. Many of them are now either functioning without support or relying on temporary security updates issued after official support ended. The total number of affected users across the wider Windows ecosystem could be close to a billion. Google is now offering free alternatives that could prevent security disasters.
Read more about Google offers free PC upgrade for a billion Windows users
Deleted your Signal app? FBI might still extract your messages
Armed with reliable end-to-end encryption, Signal is widely considered to be the best way to communicate more securely. In a recent case, though, the FBI found a way to break into a suspect’s Signal chats – even after the individual deleted the app from his device.
Read more about Deleted your Signal app? FBI might still extract your messages
