Vulnerability in WordPress Plugin WooCommerce Payments Is Actively Used to Hack Sites
Hackers use a vulnerability in the widely used WooCommerce Payments WordPress plugin to gain privileges of any user, including administrator, on vulnerable sites. WooCommerce Payments is a popular WordPress plugin…
Fake Ads on Facebook Promote Scam AI Services
Facebook has been hit by a wave of fake ads that offer what looks like AI services. In fact, those are scam pages that trick people into installing malware. AI…
FIN8 Updated Sardonic Backdoor to Deliver Noberus Ransomware
FIN8, an infamous group of cybercriminals, has updated its backdoor malware to avoid being detected. They made improvements and prepared to release a new type of crimeware called Noberus. This…
Citrix and Adobe Vulnerabilities Under Active Exploitation
Citrix was able to patch a zero-day vulnerability, while Adobe warns of attacks using ColdFusion Zero-Day and releases an urgent update that nearly fixes the issue. Nonetheless, the story is…
Trojanized TeamViewer Installer Spreads njRAT
Threat actors reportedly started using fake TeamViewer to distribute malware. Their particular favourite for the final payload is the infamous njRAT trojan – an old-timer of the scene. Through the…
Hundreds of Military and Intelligence Agencies Uploaded Data to VirusTotal
An employee of the Google-owned platform VirusTotal accidentally uploaded a file with the names, email addresses and other data of hundreds of people working in intelligence agencies and ministries of…
WormGPT Helps Cybercriminals to Launch Sophisticated Phishing Attacks
SlashNext noticed that cybercriminals are increasingly using generative AI in their phishing attacks, such as the new WormGPT tool. WormGPT is advertised on hacker forums, and it can be used…
US Military Emails Leaked Massively Due to the Typo
Email letters sent to the US military addresses ended up on similarly-named Mali emails because of the domain name typo. All this started as a mistake, but may transform into…
Microsoft “nOAuth” is Vulnerable to Simple Email Spoofing
In June, researchers revealed a vulnerability in Azure Active Directory and third-party apps called "nOAuth," that could result in a complete account takeover. This is just one of the many…
American Airlines Hacked by Cl0P Gang, MOVEit Involved
American Airlines, the major airline company in the US, appears to be yet another victim of MOVEit vulnerability. Specifically, Cl0p ransomware gang hackers claim the successful attack upon the co.…
Trojan:Win32/Randet.A!plock – What is That Detection?
Windows Defender's mass detections of Trojan:Win32/Randet.A!plock worries people. Are the user files complained about by Defender malicious? Trojan:Win32/Randet.A!plock Microsoft Defender Detection Recently, users have been actively discussing on thematic forums…
Microsoft CVE-2023-36884 Vulnerability Exploited in the Wild
On July 11, 2023, Microsoft published an article about addressing the CVE-2023-36884 vulnerability. This breach allowed for remote code execution in Office and Windows HTML. Microsoft has acknowledged a targeted…
