jeudi 12 octobre 2023 à 11:16
Cybersecurity researchers have shed light on a new sophisticated strain of malware that masquerades as a WordPress plugin to stealthily create administrator accounts and remotely control a compromised site.
"Complete with a professional looking opening comment implying it is a caching plugin, this rogue code contains numerous functions, adds filters to prevent itself from being included in the
jeudi 12 octobre 2023 à 08:20
High-profile government and telecom entities in Asia have been targeted as part of an ongoing campaign since 2021 that's designed to deploy basic backdoors and loaders for delivering next-stage malware.
Cybersecurity company Check Point is tracking the activity under the name Stayin' Alive. Targets include organizations located in Vietnam, Uzbekistan, Pakistan, and Kazakhstan.
"The simplistic
mercredi 11 octobre 2023 à 14:41
More than 17,000 WordPress websites have been compromised in the month of September 2023 with a malware known as Balada Injector, nearly twice the number of detections in August.
Of these, 9,000 of the websites are said to have been infiltrated using a recently disclosed security flaw in the tagDiv Composer plugin (CVE-2023-3169, CVSS score: 6.1) that could be exploited by unauthenticated users
mercredi 11 octobre 2023 à 14:26
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a high-severity flaw in Adobe Acrobat Reader to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
Tracked as CVE-2023-21608 (CVSS score: 7.8), the vulnerability has been described as a use-after-free bug that can be exploited to achieve remote code execution (RCE) with the