Two vulnerabilities in the Anti-Spam by CleanTalk WordPress plugin allowed attackers to execute arbitrary code remotely.
The post Critical Vulnerabilities Found in Anti-Spam Plugin Used by 200,000 WordPress Sites appeared first on SecurityWeek.
Chinese Hackers Use GHOSTSPIDER Malware to Hack Telecoms Across 12+ Countries
The China-linked threat actor known as Earth Estries has been observed using a previously undocumented backdoor called GHOSTSPIDER as part of its attacks targeting Southeast Asian telecommunications companies.
Trend Micro, which described the hacking group as an aggressive advanced persistent threat (APT), said the intrusions also involved the use of another cross-platform backdoor dubbed
Trend Micro, which described the hacking group as an aggressive advanced persistent threat (APT), said the intrusions also involved the use of another cross-platform backdoor dubbed
Firefox and Windows zero-days exploited by Russian RomCom hackers
Russian-based RomCom cybercrime group chained two zero-day vulnerabilities in recent attacks targeting Firefox and Tor Browser users across Europe and North America. […]
Starbucks, Grocery Stores Hit by Blue Yonder Ransomware Attack
Supply chain management software provider Blue Yonder has been targeted in a ransomware attack that caused significant disruptions for some customers.
The post Starbucks, Grocery Stores Hit by Blue Yonder Ransomware Attack appeared first on SecurityWeek.
CISA Urges Agencies to Patch Critical “Array Networks” Flaw Amid Active Attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a now-patched critical security flaw impacting Array Networks AG and vxAG secure access gateways to its Known Exploited Vulnerabilities (KEV) catalog following reports of active exploitation in the wild.
The vulnerability, tracked as CVE-2023-28461 (CVSS score: 9.8), concerns a case of missing authentication that
The vulnerability, tracked as CVE-2023-28461 (CVSS score: 9.8), concerns a case of missing authentication that
QNAP addresses critical flaws across NAS, router software
QNAP has released security bulletins over the weekend, which address multiple vulnerabilities, including three critical severity flaws that users should address as soon as possible. […]
New Windows 10 0x80073CFA fix requires installing WinAppSDK 3 times
Microsoft has shared a new method to fix a bug preventing app uninstalls or updates on Windows 10 for those unwilling to deploy this month’s preview update. […]
Blue Yonder ransomware attack disrupts grocery store supply chain
Supply chain management firm Blue Yonder is warning that a ransomware attack caused significant disruption to its services, with the outages impacting grocery store chains in the UK. […]
DOJ: Man hacked networks to pitch cybersecurity services
A Kansas City man has been indicted for allegedly hacking into computer networks and using this access to promote his cybersecurity services. […]
Recent Zyxel Firewall Vulnerability Exploited in Ransomware Attacks
A ransomware group has been observed exploiting a recently patched command injection vulnerability in Zyxel firewalls for initial access.
The post Recent Zyxel Firewall Vulnerability Exploited in Ransomware Attacks appeared first on SecurityWeek.