Unknown threat actors are abusing lesser-known code snippet plugins for WordPress to insert malicious PHP code in victim sites that are capable of harvesting credit card data. The campaign, observed by Sucuri… Read More »WordPress Plugin Exploited to Steal Credit Card Data from E-commerce Sites
The transition to the cloud, poor password hygiene and the evolution in webpage technologies have all enabled the rise in phishing attacks. But despite sincere efforts by security stakeholders to mitigate them… Read More »Report: The Dark Side of Phishing Protection
Microsoft is calling attention to a Morocco-based cybercrime group dubbed Storm-0539 that’s behind gift card fraud and theft through highly sophisticated email and SMS phishing attacks. “Their primary motivation is to steal… Read More »Moroccan Cybercrime Group Steals Up to $100K Daily Through Gift Card Fraud
Cybersecurity researchers are alerting of phishing campaigns that abuse Cloudflare Workers to serve phishing sites that are used to harvest users’ credentials associated with Microsoft, Gmail, Yahoo!, and cPanel Webmail. The attack method, called… Read More »New Tricks in the Phishing Playbook: Cloudflare Workers, HTML Smuggling, GenAI
The Pakistan-nexus Transparent Tribe actor has been linked to a new set of attacks targeting Indian government, defense, and aerospace sectors using cross-platform malware written in Python, Golang, and Rust. “This cluster… Read More »Pakistan-linked Hackers Deploy Python, Golang, and Rust Malware on Indian Targets
Cybersecurity researchers have discovered a critical security flaw in an artificial intelligence (AI)-as-a-service provider Replicate that could have allowed threat actors to gain access to proprietary AI models and sensitive information. “Exploitation… Read More »Experts Find Flaw in Replicate AI Service Exposing Customers’ Models and Data
The MITRE Corporation has revealed that the cyber attack targeting the not-for-profit company towards late December 2023 by exploiting zero-day flaws in Ivanti Connect Secure (ICS) involved the actor creating… Read More »Hackers Created Rogue VMs to Evade Detection in Recent MITRE Cyber Attack
Threat actors have been observed making use of fake websites masquerading as legitimate antivirus solutions from Avast, Bitdefender, and Malwarebytes to propagate malware capable of stealing sensitive information from Android… Read More »Fake Antivirus Websites Deliver Malware to Android and Windows Devices
Don’t be fooled into thinking that cyber threats are only a problem for large organizations. The truth is that cybercriminals are increasingly targeting smaller businesses, and they’re getting smarter every… Read More »How Do Hackers Blend In So Well? Learn Their Tricks in This Expert Webinar
Google on Thursday rolled out fixes to address a high-severity security flaw in its Chrome browser that it said has been exploited in the wild. Assigned the CVE identifier CVE-2024-5274, the… Read More »Google Detects 4th Chrome Zero-Day in May Actively Under Attack – Update ASAP