Critical Flaw in Premium WordPress Themes Permits Site Takeover
Researchers discovered a significant privilege escalation problem in two themes used by over 90,000 WordPress sites that might allow threat actors to take entire...
Phishers Add Chatbot to the Phishing Lure
Trustwave SpiderLabs researchers have recently discovered phishers are using a new technique to improve victim participation and confidence: adding an interactive chatbot.
The phishers use...
Researchers Discover Supply Chain Attack Targeting GitLab CI Pipelines
SentinelLabs security researchers have discovered a software chain supply attack intended at Rust developers, including malware designed to compromise GitLab Continuous Integration (CI) pipelines.
CrateDepression...
VMware Bugs Exploited to Deliver Mirai Malware, Exploit Log4Shell
Researchers claim that a GitHub proof-of-concept exploit of previously disclosed VMware vulnerability is being deployed in the field by hackers.
Hackers are exploiting recently discovered...
Over 380,000 Kubernetes API Servers Exposed to Internet
The Shadowserver Foundation began searching the internet for Kubernetes API servers and discovered over 380,000 that provide some level of access.
The foundation monitors the...
NVIDIA Fixes Graphics Driver Code Execution Vulnerabilities
NVIDIA has released graphics driver updates to fix various vulnerabilities, including four CVEs with a "high severity" rating. CVE202228181 and CVE202228182 (CVSS score of...
Sysrv-K Botnet Attacks Windows and Linux Users
According to Microsoft researchers, a botnet that is exploiting flaws in the Spring Framework and WordPress plugins, is being tracked.
Cybercriminals behind the Sysrv botnet...
New Special Interest Group Seeks to Boost ICS/OT Cyber Defenses
MITRE has announced the formation of a new special interest group (SIG) tasked with improving cyber defenses for Industrial Control Systems (ICS) and Operational...
Pathlock Announces Multiple Mergers & Acquisitions and 200 Million USD in...
Pathlock, a provider of access orchestration solutions, has announced various mergers and acquisitions, as well as a 200 million USD funding round.
Data governance, identity...
‘Sysrv’ Botnet Attacking Recent Spring Cloud Gateway Vulnerability
Microsoft advises that a new variation of the Sysrv botnet has added a new Spring Cloud Gateway vulnerability to its exploit library.
The Sysrv botnet...