20K WordPress Sites Exposed by Insecure Plugin REST-API
The WordPress WP HTML Mail plugin for personalized emails is vulnerable to code injection and phishing due to XSS. Continue reading 20K WordPress Sites Exposed by Insecure Plugin REST-API
Author Archives: Becky Bracken
Critical Cisco StarOS Bug Grants Root Access via Debug Mode
Cisco issued a critical fix for a flaw in its Cisco RCM for Cisco StarOS Software that could give attackers RCE on the application with root-level privileges.
Continue reading Critical Cisco StarOS Bug Grants Root Access via Debug Mode
Destructive Wiper Targeting Ukraine Aimed at Eroding Trust, Experts Say
Disruptive malware attacks on Ukrainian organizations (posing as ransomware attacks) are very likely part of Russia’s wider effort to undermine Ukraine’s sovereignty, according to analysts. Continue reading Destructive Wiper Targeting Ukraine Aimed at Eroding Trust, Experts Say
Cloned Dept. of Labor Site Hawks Fake Government Contracts
A well-crafted but fake government procurement portal offers the opportunity to submit a bid for lucrative government projects — but harvests credentials instead. Continue reading Cloned Dept. of Labor Site Hawks Fake Government Contracts
Cybercriminals Actively Target VMware vSphere with Cryptominers
VMware’s container-based application development environment has become attractive to cyberattackers. Continue reading Cybercriminals Actively Target VMware vSphere with Cryptominers
Top Illicit Carding Marketplace UniCC Abruptly Shuts Down
UniCC controlled 30 percent of the stolen payment-card data market; leaving analysts eyeing what’s next. Continue reading Top Illicit Carding Marketplace UniCC Abruptly Shuts Down
North Korean APTs Stole ~$400M in Crypto in 2021
Meanwhile, EtherumMax got sued over an alleged pump-and-dump scam after using celebs like Floyd Mayweather Jr. & Kim Kardashian to promote EMAX Tokens.
Continue reading North Korean APTs Stole ~$400M in Crypto in 2021
New GootLoader Campaign Targets Accounting, Law Firms
GootLoader hijacks WordPress sites to lure professionals to download malicious sample contract templates.
Continue reading New GootLoader Campaign Targets Accounting, Law Firms
Stolen TikTok Videos, Bent on Fraud, Invade YouTube Shorts
Scammers easily game YouTube Shorts with viral TikTok content, bilking both creators and users. Continue reading Stolen TikTok Videos, Bent on Fraud, Invade YouTube Shorts
WordPress Bugs Exploded in 2021, Most Exploitable
Record-number WordPress plugin vulnerabilities are wicked exploitable even with low CVSS scores, leaving security teams blind to their risk.
Continue reading WordPress Bugs Exploded in 2021, Most Exploitable