Security
Headlines
HeadlinesLatestCVEs

Tag

#wordpress

HeartSender Cybercrime Network Dismantled in Joint US-Dutch Operation

Massive Pakistani cybercrime network HeartSender has been shut down in a joint US-Dutch operation. Learn how their phishing…

HackRead
Open in Source
#vulnerability#wordpress#intel#auth
I have finalized the list of trending vulnerabilities for 2024 according to Positive Technologies

I have finalized the list of trending vulnerabilities for 2024 according to Positive Technologies. Last year, 74 vulnerabilities were classified as trending (to compare the scale, just over 40,000 were added to NVD in 2024). All trending vulnerabilities are found in Western commercial products and open source projects. This year, the vulnerabilities of domestic Russian […]

Telegram-Based “Sneaky 2FA” Phishing Kit Targets Microsoft 365 Accounts

Sneaky 2FA: New Phishing-as-a-Service targets Microsoft 365, leveraging sophisticated evasion techniques and a Telegram-based platform to steal credentials.…

Black Basta-Style Cyberattack Hits Inboxes with 1,165 Emails in 90 Minutes

A recent cyberattack, mimicking the tactics of the notorious Black Basta ransomware group, targeted one of SlashNext’s clients.…

WordPress Skimmers Evade Detection by Injecting Themselves into Database Tables

Cybersecurity researchers are warning of a new stealthy credit card skimmer campaign that targets WordPress e-commerce checkout pages by inserting malicious JavaScript code into a database table associated with the content management system (CMS). "This credit card skimmer malware targeting WordPress websites silently injects malicious JavaScript into database entries to steal sensitive payment

About Authentication Bypass – Hunk Companion WordPress plugin (CVE-2024-11972) vulnerability

About Authentication Bypass – Hunk Companion WordPress plugin (CVE-2024-11972) vulnerability. ThemeHunk company develops commercial themes for WordPress CMS. And the Hunk Companion plugin is designed to complement and enhance the functionality of these themes. The plugin has over 10,000 installations. On December 10, WPScan reported a vulnerability in Hunk Companion plugin versions below 1.9.0, allowing […]

GroupGreeting e-card site attacked in “zqxq” campaign 

This article was researched and written by Stefan Dasic, manager, research and response for ThreatDown, powered by Malwarebytes Malwarebytes recently uncovered...

Unconventional Cyberattacks Aim to Take Over PayPal Accounts

Attackers are abusing a Microsoft 365 feature to send payment requests to users, tricking them into logging in to their accounts so attackers can seize control over them.

PhishWP Plug-in Hijacks WordPress E-Commerce Checkouts

The malware, found on a Russian cybercriminal site, impersonates e-commerce payment-processing services such as Stripe to steal user payment data from legitimate websites.

New PhishWP Plugin on Russian Forum Turns Sites into Phishing Pages

SlashNext has discovered a malicious WordPress plugin, PhishWP, which creates convincing fake payment pages to steal your credit card information, 3DS codes, and personal data.