23174
๐ The finest daily news on cybersecurity and privacy. ๐ Daily releases. ๐ป Is your online life secure? ๐ฉ lalilolalo.dev@gmail.com
๐๏ธ WooCommerce Users Targeted by Fake Patch Phishing Campaign Deploying Site Backdoors ๐๏ธCybersecurity researchers are warning about a largescale phishing campaign targeting WooCommerce users with a fake security alert urging them to download a "critical patch" but deploy a backdoor instead. WordPress security company Patchstack described the activity as sophisticated and a variant of another campaign observed in December 2023 that employed a fake CVE ploy to breach sites running.
๐ Read more.
๐ Via "The Hacker News"
----------
๐๏ธ Seen on @cibsecurity
๐๏ธ WooCommerce Users Targeted by Fake Patch Phishing Campaign Deploying Site Backdoors ๐๏ธCybersecurity researchers are warning about a largescale phishing campaign targeting WooCommerce users with a fake security alert urging them to download a "critical patch" but deploy a backdoor instead. WordPress security company Patchstack described the activity as sophisticated and a variant of another campaign observed in December 2023 that employed a fake CVE ploy to breach sites running.
๐ Read more.
๐ Via "The Hacker News"
----------
๐๏ธ Seen on @cibsecurity
๐๏ธ Hackers Exploit Critical Craft CMS Flaws; Hundreds of Servers Likely Compromised ๐๏ธThreat actors have been observed exploiting two newly disclosed critical security flaws in Craft CMS in zeroday attacks to breach servers and gain unauthorized access. The attacks, first observed by Orange Cyberdefense SensePost on February 14, 2025, involve chaining the below vulnerabilities CVE202458136 CVSS score 9.0 An improper protection of alternate path flaw in the Yii PHP.
๐ Read more.
๐ Via "The Hacker News"
----------
๐๏ธ Seen on @cibsecurity
๐๏ธ Hackers Exploit Critical Craft CMS Flaws; Hundreds of Servers Likely Compromised ๐๏ธThreat actors have been observed exploiting two newly disclosed critical security flaws in Craft CMS in zeroday attacks to breach servers and gain unauthorized access. The attacks, first observed by Orange Cyberdefense SensePost on February 14, 2025, involve chaining the below vulnerabilities CVE202458136 CVSS score 9.0 An improper protection of alternate path flaw in the Yii PHP.
๐ Read more.
๐ Via "The Hacker News"
----------
๐๏ธ Seen on @cibsecurity
๐ฆฟ Breakthrough Could Lead to Quantum Encryption in 10 Years ๐ฆฟThis research might also help pave the way for the quantum internet and other quantum systems in perhaps 4050 years.
๐ Read more.
๐ Via "Tech Republic"
----------
๐๏ธ Seen on @cibsecurity
๐๏ธ WooCommerce Users Targeted by Fake Patch Phishing Campaign Deploying Site Backdoors ๐๏ธCybersecurity researchers are warning about a largescale phishing campaign targeting WooCommerce users with a fake security alert urging them to download a "critical patch" but deploy a backdoor instead. WordPress security company Patchstack described the activity as sophisticated and a variant of another campaign observed in December 2023 that employed a fake CVE ploy to breach sites running.
๐ Read more.
๐ Via "The Hacker News"
----------
๐๏ธ Seen on @cibsecurity
๐๏ธ WooCommerce Users Targeted by Fake Patch Phishing Campaign Deploying Site Backdoors ๐๏ธCybersecurity researchers are warning about a largescale phishing campaign targeting WooCommerce users with a fake security alert urging them to download a "critical patch" but deploy a backdoor instead. WordPress security company Patchstack described the activity as sophisticated and a variant of another campaign observed in December 2023 that employed a fake CVE ploy to breach sites running.
๐ Read more.
๐ Via "The Hacker News"
----------
๐๏ธ Seen on @cibsecurity
๐ต๏ธโโ๏ธ Mobile Applications: A Cesspool of Security Issues ๐ต๏ธโโ๏ธAn analysis of more than a halfmillion mobile apps find encryption problems, privacy issues, and known vulnerabilities in thirdparty code. What can users and developers do?.
๐ Read more.
๐ Via "Dark Reading"
----------
๐๏ธ Seen on @cibsecurity
๐ US Data Breach Lawsuits Total $155M Amid Cybersecurity Failures ๐Panaseer's latest cybersecurity study revealed that US companies have paid 155M in data breach lawsuit settlements over just six months.
๐ Read more.
๐ Via "Infosecurity Magazine"
----------
๐๏ธ Seen on @cibsecurity
๐ M&S Shuts Down Online Orders Amid Ongoing Cyber Incident ๐British retailer MS continues to tackle a cyber incident with online orders now paused for customers.
๐ Read more.
๐ Via "Infosecurity Magazine"
----------
๐๏ธ Seen on @cibsecurity
๐ Law Enforcement Crackdowns Drive Novel Ransomware Affiliate Schemes ๐Increased law enforcement pressure has forced ransomware groups like DragonForce and Anubis to move away from traditional affiliate models.
๐ Read more.
๐ Via "Infosecurity Magazine"
----------
๐๏ธ Seen on @cibsecurity
๐๏ธ Researchers Identify Rack::Static Vulnerability Enabling Data Breaches in Ruby Servers ๐๏ธCybersecurity researchers have disclosed three security flaws in the Rack Ruby web server interface that, if successfully exploited, could enable attackers to gain unauthorized access to files, inject malicious data, and tamper with logs under certain conditions. The vulnerabilities, flagged by cybersecurity vendor OPSWAT, are listed below CVE202527610 CVSS score 7.5 A path traversal.
๐ Read more.
๐ Via "The Hacker News"
----------
๐๏ธ Seen on @cibsecurity
๐๏ธ New Critical SAP NetWeaver Flaw Exploited to Drop Web Shell, Brute Ratel Framework ๐๏ธThreat actors are likely exploiting a new vulnerability in SAP NetWeaver to upload JSP web shells with the goal of facilitating unauthorized file uploads and code execution.ย "The exploitation is likely tied to either a previously disclosed vulnerability like CVE20179844 or an unreported remote file inclusion RFI issue," ReliaQuest said in a report published this week. The cybersecurity.
๐ Read more.
๐ Via "The Hacker News"
----------
๐๏ธ Seen on @cibsecurity
๐ฆฟ AI Experts Warn Against OpenAIโs For-Profit Pivot: โSafeguards Could Vanish Overnightโ ๐ฆฟOpenAIs possible restructuring to a forprofit model is receiving pushback from former staff, Nobel Laureates, and AI pioneers.
๐ Read more.
๐ Via "Tech Republic"
----------
๐๏ธ Seen on @cibsecurity
๐ต๏ธโโ๏ธ Phishing Kit Darcula Gets Lethal AI Upgrade ๐ต๏ธโโ๏ธRecently added artificial intelligence capabilities on the Chineselanguage Darcula phishingasaservice platform make phishing attacks easy for even the least technical hackers.
๐ Read more.
๐ Via "Dark Reading"
----------
๐๏ธ Seen on @cibsecurity
๐๏ธ Hackers Exploit Critical Craft CMS Flaws; Hundreds of Servers Likely Compromised ๐๏ธThreat actors have been observed exploiting two newly disclosed critical security flaws in Craft CMS in zeroday attacks to breach servers and gain unauthorized access. The attacks, first observed by Orange Cyberdefense SensePost on February 14, 2025, involve chaining the below vulnerabilities CVE202458136 CVSS score 9.0 An improper protection of alternate path flaw in the Yii PHP.
๐ Read more.
๐ Via "The Hacker News"
----------
๐๏ธ Seen on @cibsecurity
๐ FBI Asks for Help Tracking Chinese Salt Typhoon Actors ๐The US authorities have asked the public to help them unmask Chinas Salt Typhoon threat actors.
๐ Read more.
๐ Via "Infosecurity Magazine"
----------
๐๏ธ Seen on @cibsecurity
๐๏ธ WooCommerce Users Targeted by Fake Patch Phishing Campaign Deploying Site Backdoors ๐๏ธCybersecurity researchers are warning about a largescale phishing campaign targeting WooCommerce users with a fake security alert urging them to download a "critical patch" but deploy a backdoor instead. WordPress security company Patchstack described the activity as sophisticated and a variant of another campaign observed in December 2023 that employed a fake CVE ploy to breach sites running.
๐ Read more.
๐ Via "The Hacker News"
----------
๐๏ธ Seen on @cibsecurity
๐๏ธ Hackers Exploit Critical Craft CMS Flaws; Hundreds of Servers Likely Compromised ๐๏ธThreat actors have been observed exploiting two newly disclosed critical security flaws in Craft CMS in zeroday attacks to breach servers and gain unauthorized access. The attacks, first observed by Orange Cyberdefense SensePost on February 14, 2025, involve chaining the below vulnerabilities CVE202458136 CVSS score 9.0 An improper protection of alternate path flaw in the Yii PHP.
๐ Read more.
๐ Via "The Hacker News"
----------
๐๏ธ Seen on @cibsecurity
๐๏ธ WooCommerce Users Targeted by Fake Patch Phishing Campaign Deploying Site Backdoors ๐๏ธCybersecurity researchers are warning about a largescale phishing campaign targeting WooCommerce users with a fake security alert urging them to download a "critical patch" but deploy a backdoor instead. WordPress security company Patchstack described the activity as sophisticated and a variant of another campaign observed in December 2023 that employed a fake CVE ploy to breach sites running.
๐ Read more.
๐ Via "The Hacker News"
----------
๐๏ธ Seen on @cibsecurity
๐๏ธ WooCommerce Users Targeted by Fake Patch Phishing Campaign Deploying Site Backdoors ๐๏ธCybersecurity researchers are warning about a largescale phishing campaign targeting WooCommerce users with a fake security alert urging them to download a "critical patch" but deploy a backdoor instead. WordPress security company Patchstack described the activity as sophisticated and a variant of another campaign observed in December 2023 that employed a fake CVE ploy to breach sites running.
๐ Read more.
๐ Via "The Hacker News"
----------
๐๏ธ Seen on @cibsecurity
๐ฆฟ Breakthrough Could Lead to Quantum Encryption in 10 Years ๐ฆฟThis research might also help pave the way for the quantum internet and other quantum systems in perhaps 4050 years.
๐ Read more.
๐ Via "Tech Republic"
----------
๐๏ธ Seen on @cibsecurity
๐ Popular LLMs Found to Produce Vulnerable Code by Default ๐Backslash Security found that nave prompts resulted in code vulnerable to at least four of the of the 10 most common vulnerabilities across popular LLMs.
๐ Read more.
๐ Via "Infosecurity Magazine"
----------
๐๏ธ Seen on @cibsecurity
๐ Security Experts Flag Chrome Extension Using AI Engine to Act Without User Input ๐Researchers have found a Chrome extension that can act on the users behalf by using a popular AI agent orchestration protocol.
๐ Read more.
๐ Via "Infosecurity Magazine"
----------
๐๏ธ Seen on @cibsecurity
๐ SAP Fixes Critical Vulnerability After Evidence of Exploitation ๐A maximum severity flaw affecting SAP NetWeaver has been exploited by threat actors.
๐ Read more.
๐ Via "Infosecurity Magazine"
----------
๐๏ธ Seen on @cibsecurity
๐๏ธ DslogdRAT Malware Deployed via Ivanti ICS Zero-Day CVE-2025-0282 in Japan Attacks ๐๏ธCybersecurity researchers are warning about a new malware called DslogdRAT that's installed following the exploitation of a nowpatched security flaw in Ivanti Connect Secure ICS. The malware, along with a web shell, were "installed by exploiting a zeroday vulnerability at that time, CVE20250282, during attacks against organizations in Japan around December 2024," JPCERTCC researcher Yuma.
๐ Read more.
๐ Via "The Hacker News"
----------
๐๏ธ Seen on @cibsecurity
๐๏ธ Why NHIs Are Security's Most Dangerous Blind Spot ๐๏ธWhen we talk about identity in cybersecurity, most people think of usernames, passwords, and the occasional MFA prompt. But lurking beneath the surface is a growing threat that does not involve human credentials at all, as we witness the exponential growth of NonHuman Identities NHIs.ย At the top of mind when NHIs are mentioned, most security teams immediately think of Service Accounts.
๐ Read more.
๐ Via "The Hacker News"
----------
๐๏ธ Seen on @cibsecurity
๐๏ธ North Korean Hackers Spread Malware via Fake Crypto Firms and Job Interview Lures ๐๏ธNorth Korealinked threat actors behind the Contagious Interview have set up front companies as a way to distribute malware during the fake hiring process. "In this new campaign, the threat actor group is using three front companies in the cryptocurrency consulting industryBlockNovas LLC blocknovas. com, Angeloper Agency angeloper.com, and SoftGlide LLC softglide.coto spread.
๐ Read more.
๐ Via "The Hacker News"
----------
๐๏ธ Seen on @cibsecurity
๐ฆฟ 5 Most Common Security Attack Methods in 2024: Mandiantโs M-Trends Report ๐ฆฟMandiant, which was acquired by Google Cloud in 2022, paints a picture of global cyber threats from last year in order to help readers be better prepared this year.
๐ Read more.
๐ Via "Tech Republic"
----------
๐๏ธ Seen on @cibsecurity
๐ต๏ธโโ๏ธ Vehicles Face 45% More Attacks, 4 Times More Hackers ๐ต๏ธโโ๏ธTwo kinds of attacks are in high gear ransomware attacks against OEMs and compromised electric vehicle chargers, according to data from Q1 2025.
๐ Read more.
๐ Via "Dark Reading"
----------
๐๏ธ Seen on @cibsecurity