WordPress.org to require 2FA for plugin developers by October
Starting October 1st, WordPress.org accounts that can push updates and changes to plugins and themes will be required to activate two-factor…
‘Revival Hijack’ on PyPI Disguises Malware with Legitimate File Names
Adversaries reusing abandoned package names sneak malware into organizations in a sort of software shell game.
Revival Hijack supply-chain attack threatens 22,000 PyPI packages
Threat actors are utilizing an attack called "Revival Hijack," where they register new PyPi projects using the names of previously…
Commercial Spyware Vendors Have a Copycat in Top Russian APT
Russia's Midnight Blizzard infected Mongolian government websites to try to compromise the devices of visitors, using watering-hole tactics.
New Tickler malware used to backdoor US govt, defense orgs
The APT33 Iranian hacking group has used new Tickler malware to backdoor the networks of organizations in the government, defense,…
Attackers Exploit Critical Atlassian Confluence Flaw for Cryptojacking
Novel attack vectors leverage the CVE-2023-22527 RCE flaw discovered in January, which is still under active attack, to turn targeted…
Hitachi Energy Vulnerabilities Plague SCADA Power Systems
The company has assessed four of the five disclosed vulnerabilities as being of high to critical severity.
FlightAware configuration error leaked user data for years
Flight tracking platform FlightAware is asking some users to reset their account login passwords due to a data security incident…
Microsoft: Enable MFA or lose access to admin portals in October
Microsoft warned Entra global admins on Thursday to enable multi-factor authentication (MFA) for their tenants until October 15 to ensure…
Malware force-installs Chrome extensions on 300,000 browsers, patches DLLs
An ongoing and widespread malware campaign force-installed malicious Google Chrome and Microsoft Edge browser extensions in over 300,000 browsers, modifying the…