Actively exploited by unidentified cybercriminals, a recently patched security vulnerability is found within the WordPress Elementor Pro website builder plugin. Affecting versions 3.11.6 and earlier, this broken access control flaw was resolved by the plugin developers in the 3.11.7 version, released on March 22. In the release notes, the Tel Aviv-based company mentioned, “Improved code security enforcement

A newly identified North Korean cyber group, APT43, has been linked to multiple campaigns aimed at gathering strategic intelligence in line with Pyongyang’s geopolitical interests since 2018. Tracked by Google-owned Mandiant, APT43’s objectives include both espionage and financial motives, employing methods such as credential harvesting and social engineering to achieve its goals. APT43 attempts to generate

A new campaign targeting poorly managed Linux SSH servers has been identified, deploying various strains of malware called ShellBot. The AhnLab Security Emergency Response Center (ASEC) reported that ShellBot, also known as PerlBot, is a DDoS bot malware developed in Perl, which typically uses the IRC protocol for communication with its C&C server. According to

Mandiant, the threat intelligence firm, has linked the zero-day exploitation of a medium-severity security flaw in the Fortinet FortiOS operating system to a suspected Chinese hacking group. The attack is part of a broader campaign to deploy backdoors onto Fortinet and VMware solutions and maintain persistent access to victim environments. Mandiant is tracking the malicious

The Lazarus Group, believed to be linked to North Korea, has been observed exploiting undisclosed software vulnerabilities to breach a South Korean financial business entity twice within a year. The first attack in May 2022 involved the use of a vulnerable version of a widely-used certificate software, while the second attack in October 2022 exploited

Chinese threat actor Sharp Panda has been targeting high-profile government entities in Southeast Asia since late last year in a cyber espionage campaign. Israeli cybersecurity company Check Point has identified the use of a new version of the Soul modular framework as characterizing the intrusions, marking a departure from the group’s attack chains observed in

The threat group known as Lucky Mouse has released a Linux version of its SysUpdate malware toolkit, enabling it to target Linux devices. The updated artifact, which dates back to July 2022, has new features aimed at avoiding security software and resisting reverse engineering. Lucky Mouse, also known as APT27, Bronze Union, Emissary Panda, and