Unauthenticated XSS Vulnerability Patched in HTML Email Template Designer Plugin

WordFence –  WordFence –  On December 23, 2021 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in “WordPress Email Template Designer – WP…

84,000 WordPress Sites Affected by Three Plugins With The Same Vulnerability

WordFence –  WordFence –  On November 5, 2021 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in “Login/Signup Popup”, a WordPress plugin that…

US Senate passes Bill to ban goods produced from Uyghur forced labour

The US Senate on Thursday unanimously passed a Bill banning the import of all goods, including technology, produced in the Chinese region of Xinjiang to penalise the Chinese government for…

MobileIron customers urged to patch systems due to potential Log4j exploitation

Cybersecurity company NCC Group is warning users of MobileIron products to patch their systems since finding exploitations through the Log4j vulnerability.  more coverage NCC Group researchers have so far seen…

Meta removes accounts of spyware company Cytrox after Citizen Lab report on gov't hacks

Citizen Lab has released a new report highlighting widespread government use of the “Predator” spyware from North Macedonian developer Cytrox. Researchers found that Predator was used to attack two people…

‘Tropic Trooper’ Reemerges to Target Transportation Outfits

Analysts warn that the attack group, now known as ‘Earth Centaur,’ is honing its attacks to go after transportation and government agencies. They’ve been an active threat group since 2011,…

‘PseudoManuscrypt’ Mass Spyware Campaign Targets 35K Systems

It’s similar to Lazarus’s Manuscrypt malware, but the new spyware is splattering itself onto government organizations and ICS in a non-Lazarus-like, untargeted wave of attacks. Researchers have tracked new spyware…

NSO zero-click iMessage exploit hacks iPhone without need to click links

The IT security researchers at Google have declared the NSO zero-click iMessage exploit as “Terrifying.” Google Project Zero’s (GPZ) Ian Beer and Samuel Groß have shared details on a new…

Avast Finds Backdoor on US Government Commission Network

Avast –  Avast –  We have found a new targeted attack against a small, lesser-known U.S. federal government commission associated with international rights. Despite repeated attempts through multiple channels over…

Online Shoppers Could Face Eight Million Credential Stuffing Attacks Per Day Over Christmas

Online Shoppers Could Face Eight Million Credential Stuffing Attacks Per Day Over Christmas Online shoppers in the UK will be hit by up to eight million credential stuffing attacks per…