Two WordPress plugins required by the premium WordPress WPLMS theme, which has over 28,000 sales, are vulnerable to more than a dozen critical-severity vulnerabilities. […]
US court finds spyware maker NSO liable for WhatsApp hacks
A U.S. federal judge has ruled that Israeli spyware maker NSO Group violated U.S. hacking laws by using WhatsApp zero-days to deploy Pegasus spyware on at least 1,400 devices. […]
Beware Of Shadow AI – Shadow IT’s Less Well-Known Brother
While AI tools can enable employees to be innovative and productive, significant data privacy risks can stem from their usage.
The post Beware Of Shadow AI – Shadow IT’s Less Well-Known Brother appeared first on SecurityWeek.
AI Could Generate 10,000 Malware Variants, Evading Detection in 88% of Case
Cybersecurity researchers have found that it’s possible to use large language models (LLMs) to generate new variants of malicious JavaScript code at scale in a manner that can better evade detection.
“Although LLMs struggle to create malware from scratch, criminals can easily use them to rewrite or obfuscate existing malware, making it harder to detect,” Palo Alto Networks Unit 42 researchers
“Although LLMs struggle to create malware from scratch, criminals can easily use them to rewrite or obfuscate existing malware, making it harder to detect,” Palo Alto Networks Unit 42 researchers
Apache fixes remote code execution bypass in Tomcat web server
Apache has released a security update that addresses an important vulnerability in Tomcat web server that could lead to an attacker achieving remote code execution. […]
5.6 Million Impacted by Ransomware Attack on Healthcare Giant Ascension
Ascension Health says the personal, medical, and payment information of 5.6 million people was stolen in a May 2024 ransomware attack.
The post 5.6 Million Impacted by Ransomware Attack on Healthcare Giant Ascension appeared first on SecurityWeek.
Microsoft fixes bug behind random Office 365 deactivation errors
Microsoft has rolled out a fix for a known issue that causes random “Product Deactivated” errors for customers using Microsoft 365 Office apps. […]
Sophos Patches Critical Firewall Vulnerabilities
Sophos has released patches for a critical-severity firewall vulnerability that could lead to remote code execution.
The post Sophos Patches Critical Firewall Vulnerabilities appeared first on SecurityWeek.
Rockstar2FA Collapse Fuels Expansion of FlowerStorm Phishing-as-a-Service
An interruption to the phishing-as-a-service (PhaaS) toolkit called Rockstar 2FA has led to a rapid uptick in activity from another nascent offering named FlowerStorm.
“It appears that the [Rockstar2FA] group running the service experienced at least a partial collapse of its infrastructure, with pages associated with the service no longer reachable,” Sophos said in a new report published last
“It appears that the [Rockstar2FA] group running the service experienced at least a partial collapse of its infrastructure, with pages associated with the service no longer reachable,” Sophos said in a new report published last
LockBit Ransomware Developer Arrested in Israel at Request of US
Dual Russian and Israeli national has been arrested in Israel and will be extradited to the US to face charges related to LockBit ransomware development.
The post LockBit Ransomware Developer Arrested in Israel at Request of US appeared first on SecurityWeek.