Millions of WordPress sites are affected by an urgent WordPress update that fixes a critical flaw in the Jetpack plugin

WordPress Releases Automatic Update to Fix Critical Jetpack Plugin Vulnerability WordPress has taken immediate action to address a critical flaw in the widely used Jetpack plugin, which is installed on over five million websites. The automatic update was prompted by the discovery of a vulnerability during an internal security audit. The flaw stems from an

Tagged under:

Stealthy Bandit Stealer: A New Malware Targeting Web Browsers and Cryptocurrency Wallets

A sophisticated and stealthy information-stealing malware called Bandit Stealer has recently emerged, posing a significant threat to web browsers and cryptocurrency wallets. Trend Micro, a leading cybersecurity company, highlighted the malware’s capability to potentially expand to other platforms due to its development using the Go programming language. Currently, Bandit Stealer primarily focuses on Windows systems,

Tagged under: ,

Critical OAuth Vulnerability in Expo Framework Raises Account Hijacking Concerns

A significant security vulnerability has been exposed in the Open Authorization (OAuth) implementation of Expo.io, a popular application development framework. Assigned the CVE identifier CVE-2023-28131, this vulnerability carries a high severity rating of 9.6 on the CVSS scoring system. API security firm Salt Labs has reported that the flaw leaves services utilizing the Expo framework

Tagged under:

Advanced Reconnaissance Malware strikes again by North Korean Kimsuky Hackers

Kimsuky, a North Korean advanced persistent threat (APT) group, has been using custom malware called RandomQuery as part of its reconnaissance and information exfiltration operation. The group’s ongoing targeted campaign, primarily geared towards information services and organizations supporting human rights activists and North Korean defectors, uses phishing emails that purport to be from a prominent

Tagged under:

The Python Package Index Repository is under attack: Registrations and uploads have been halted temporarily

Python Package Index (PyPI), the official repository for third-party software in the Python programming language, has temporarily disabled user sign-ups and the ability to upload new packages until further notice. The PyPI administrators made this decision due to a recent surge in malicious users and projects on the platform, which has overwhelmed their response capacity,

Tagged under: ,

There are 85% of ransom payments going to affiliates from Qilin Ransomware

New findings from Group-IB shed light on the payment structure within the Qilin ransomware-as-a-service (RaaS) scheme, revealing that ransomware affiliates receive a significant share of each ransom payment, ranging from 80% to 85%. Group-IB managed to infiltrate the group in March 2023, leading to insights into the payment structure and inner workings of the RaaS

Tagged under:

Cybercriminals can now generate convincing phishing pages using a new Phishing-as-a-Service platform

A new phishing-as-a-service (PhaaS or PaaS) platform called Greatness has been utilized by cybercriminals to target business users of Microsoft 365 cloud service since mid-2022. This Phishing kit provides affiliates with a link and attachment builder to create convincing decoy and login pages that have features like pre-filled victim email addresses and company logos and

Tagged under:

A zero-day bug has been fixed in Microsoft’s May Patch Tuesday

Microsoft has released its Patch Tuesday updates for May 2023, which include fixes for 38 security vulnerabilities, including one zero-day flaw currently being actively exploited. The Zero Day Initiative (ZDI) from Trend Micro reports that this is the lowest number of security fixes released since August 2021, but warns that this number is likely to

Tagged under:

New Web-Inject Toolkit DrIBAN Targets Italian Corporate Banking Clients

Italian corporate banking clients are under attack from an ongoing financial fraud campaign that uses a web-inject toolkit called drIBAN since at least 2019. According to Cleafy researchers Federico Valentini and Alessandro Strino, the main goal of drIBAN fraud operations is to infect Windows workstations in corporate environments and alter legitimate banking transfers performed by

Tagged under:

North Korea’s ScarCruft uses LNK file infection chains to spread RokRAT malware

North Korea’s ScarCruft, also known as APT37, InkySquid, Nickel Foxcroft, Reaper, RedEyes, and Ricochet Chollima, is a threat group that targets South Korean individuals and entities through spear-phishing attacks. The group’s malware of choice, RokRAT, is capable of credential theft, data exfiltration, system information gathering, command and shellcode execution, and file and directory management. ScarCruft’s

Tagged under: ,