Security
Headlines
HeadlinesLatestCVEs

Tag

#wordpress

PhishWP Plug-in Hijacks WordPress E-Commerce Checkouts

The malware, found on a Russian cybercriminal site, impersonates e-commerce payment-processing services such as Stripe to steal user payment data from legitimate websites.

DARKReading
Open in Source
#web#mac#cisco#git#wordpress#auth
New PhishWP Plugin on Russian Forum Turns Sites into Phishing Pages

SlashNext has discovered a malicious WordPress plugin, PhishWP, which creates convincing fake payment pages to steal your credit card information, 3DS codes, and personal data.

NPM Package Disguised as an Ethereum Tool Deploys Quasar RAT

Researchers discovered a malicious package on the npm package registry that resembles a library for Ethereum smart contract vulnerabilities but actually drops an open-source remote access trojan called Quasar RAT onto developer systems.

Researchers Uncover Dark Web Operation Entirely Focused on KYC Bypass

iProov uncovers a major Dark Web operation selling stolen identities with matching biometrics, posing a serious threat to KYC verification systems

Builder.ai Database Misconfiguration Exposes 1.29 TB of Unsecured Records

Cybersecurity researcher Jeremiah Fowler discovered a 1.2TB database containing over 3 million records of Builder.ai, a London-based AI software and app development company. Discover the risks, lessons learned, and best practices for data security.

Androxgh0st Botnet Targets IoT Devices, Exploiting 27 Vulnerabilities

Androxgh0st, a botnet targeting web servers since January 2024, is also deploying IoT-focused Mozi payloads, reveals CloudSEK’s latest research.

Hackers Use Fake PoCs on GitHub to Steal WordPress Credentials, AWS Keys

SUMMARY Datadog Security Labs’ cybersecurity researchers have discovered a new, malicious year-long campaign from a threat actor identified…

390,000+ WordPress Credentials Stolen via Malicious GitHub Repository Hosting PoC Exploits

A now-removed GitHub repository that advertised a WordPress tool to publish posts to the online content management system (CMS) is estimated to have enabled the exfiltration of over 390,000 credentials. The malicious activity is part of a broader attack campaign undertaken by a threat actor, dubbed MUT-1244 (where MUT refers to "mysterious unattributed threat") by Datadog Security Labs, that

WordPress Hunk Companion Plugin Flaw Exploited to Silently Install Vulnerable Plugins

Malicious actors are exploiting a critical vulnerability in the Hunk Companion plugin for WordPress to install other vulnerable plugins that could open the door to a variety of attacks. The flaw, tracked as CVE-2024-11972 (CVSS score: 9.8), affects all versions of the plugin prior to 1.9.0. The plugin has over 10,000 active installations. "This flaw poses a significant security risk, as it

Cybercrime Gangs Abscond With Thousands of AWS Credentials

The Nemesis and ShinyHunters attackers scanned millions of IP addresses to find exploitable cloud-based flaws, though their operation ironically was discovered due to a cloud misconfiguration of their own doing.