Security
Headlines
HeadlinesLatestCVEs

Tag

#intel

Under the engineering hood: Why Malwarebytes chose WordPress as its CMS

It might surprise some that a security company would choose WordPress as the backbone of its digital content operations. Here's what we considered when choosing it.

Malwarebytes
Open in Source
#sql#xss#csrf#vulnerability#web#windows#microsoft#ddos#redis#js#git#java#wordpress#intel#php#nginx#auth#ssl
Microsoft Revokes 200 Fraudulent Certificates Used in Rhysida Ransomware Campaign

Microsoft on Thursday disclosed that it revoked more than 200 certificates used by a threat actor it tracks as Vanilla Tempest to fraudulently sign malicious binaries in ransomware attacks. The certificates were "used in fake Teams setup files to deliver the Oyster backdoor and ultimately deploy Rhysida ransomware," the Microsoft Threat Intelligence team said in a post shared on X. The tech

GHSA-wvpg-4wrh-5889: PrestaShop Checkout Target PayPal merchant account hijacking from backoffice

### Impact Wrong usage of the PHP `array_search()` allows bypass of validation. ### Patches The problem has been patched in versions: - v4.4.1 for PrestaShop 1.7 (build number: 7.4.4.1) - v4.4.1 for PrestaShop 8 (build number: 8.4.4.1) - v5.0.5 for PrestaShop 1.7 (build number: 7.5.0.5) - v5.0.5 for PrestaShop 8 (build number: 8.5.0.5) - v5.0.5 for PrestaShop 9 (build number: 9.5.0.5) Read the [Versioning policy](https://github.com/PrestaShopCorp/ps_checkout/wiki/Versioning) to learn more about the build number. ### Credits [Léo CUNÉAZ](https://github.com/inem0o) reported this issue.

GHSA-fpxp-pfqm-x54w: PrestaShop Checkout Backoffice directory traversal allows arbitrary file disclosure

# Impact Missing validation on input vulnerable to directory traversal. # Patches The problem has been patched in versions: v4.4.1 for PrestaShop 1.7 (build number: 7.4.4.1) v4.4.1 for PrestaShop 8 (build number: 8.4.4.1) v5.0.5 for PrestaShop 1.7 (build number: 7.5.0.5) v5.0.5 for PrestaShop 8 (build number: 8.5.0.5) v5.0.5 for PrestaShop 9 (build number: 9.5.0.5) Read the [Versioning policy](https://github.com/PrestaShopCorp/ps_checkout/wiki/Versioning) to learn more about the build number. # Credits [Léo CUNÉAZ](https://github.com/inem0o) for reportied this issue.

GHSA-54hq-mf6h-48xh: PrestaShop Checkout allows customer account takeover via email

# Impact Missing validation on Express Checkout feature allows silent log-in. # Patches The problem has been patched in versions - v4.4.1 for PrestaShop 1.7 (build number: 7.4.4.1) - v4.4.1 for PrestaShop 8 (build number: 8.4.4.1) - v5.0.5 for PrestaShop 1.7 (build number: 7.5.0.5) - v5.0.5 for PrestaShop 8 (build number: 8.5.0.5) - v5.0.5 for PrestaShop 9 (build number: 9.5.0.5) Read the [Versioning policy](https://github.com/PrestaShopCorp/ps_checkout/wiki/Versioning) to learn more about the build number. # Credits [Léo CUNÉAZ](https://github.com/inem0o) reported this issue.

GHSA-9329-mxxw-qwf8: Strapi core vulnerable to sensitive data exposure via CORS misconfiguration

### Summary A CORS misconfiguration vulnerability exists in default installations of Strapi where attacker-controlled origins are improperly reflected in API responses. ### Technical Details By default, Strapi reflects the value of the Origin header back in the Access-Control-Allow-Origin response header without proper validation or whitelisting. Example: `Origin: http://localhost:8888` `Access-Control-Allow-Origin: http://localhost:8888` `Access-Control-Allow-Credentials: true` This allows an attacker-controlled site (on a different port, like 8888) to send credentialed requests to the Strapi backend on 1337. ### Suggested Fix 1. Explicitly whitelist trusted origins 2. Avoid reflecting dynamic origins

Ransomware attacks and how victims respond

This edition highlights the detailed studies that have been recently published on how ransomware attacks affect victims, from PTSD to burnout, and discusses ways to help deal with the fallout of victimization.

North Korean Hackers Use EtherHiding to Hide Malware Inside Blockchain Smart Contracts

A threat actor with ties to the Democratic People's Republic of Korea (aka North Korea) has been observed leveraging the EtherHiding technique to distribute malware and enable cryptocurrency theft, marking the first time a state-sponsored hacking group has embraced the method. The activity has been attributed by Google Threat Intelligence Group (GTIG) to a threat cluster it tracks as UNC5342,

Hackers Abuse Blockchain Smart Contracts to Spread Malware via Infected WordPress Sites

A financially motivated threat actor codenamed UNC5142 has been observed abusing blockchain smart contracts as a way to facilitate the distribution of information stealers such as Atomic (AMOS), Lumma, Rhadamanthys (aka RADTHIEF), and Vidar, targeting both Windows and Apple macOS systems. "UNC5142 is characterized by its use of compromised WordPress websites and 'EtherHiding,' a technique used

Architectures, Risks, and Adoption: How to Assess and Choose the Right AI-SOC Platform

Scaling the SOC with AI - Why now?  Security Operations Centers (SOCs) are under unprecedented pressure. According to SACR’s AI-SOC Market Landscape 2025, the average organization now faces around 960 alerts per day, while large enterprises manage more than 3,000 alerts daily from an average of 28 different tools. Nearly 40% of those alerts go uninvestigated, and 61% of security teams admit