‘Lucifer’ Botnet Turns Up the Heat on Apache Hadoop Servers
More than 3,000 unique attacks hitting Hadoop and Druid honeypots in just the past month indicate an attacker testing phase,…
CISA: Roundcube email server bug now exploited in attacks
CISA warns that a Roundcube email server vulnerability patched in September is now actively exploited in cross-site scripting (XSS) attacks.…
CISA pushes federal agencies to patch Citrix RCE within a week
Today, CISA ordered U.S. federal agencies to secure their systems against three recently patched Citrix NetScaler and Google Chrome zero-days…
Nearly 7K WordPress Sites Compromised by Balada Injector
Nearly 200K WordPress sites could be vulnerable to the attack thanks to CVE-2023-6000, lurking in the PopUp Builder plug-in.
Google fixes first actively exploited Chrome zero-day of 2024
Google has released security updates to fix the first Chrome zero-day vulnerability exploited in the wild since the start of the year.…
New Balada Injector campaign infects 6,700 WordPress sites
A new Balada Injector campaign launched in mid-December has infected over 6,700 WordPress websites using a vulnerable version of the…
Stealthy AsyncRAT malware attacks targets US infrastructure for 11 months
A campaign delivering the AsyncRAT malware to select targets has been active for at least the past 11 months, using…
Crypto wallet founder loses $125,000 to fake airdrop website
A crypto wallet service co-founder shares with the world his agony after losing $125,000 to a crypto scam. The startup…
‘everything’ blocks devs from removing their own npm packages
Over the holidays, the npm package registry was flooded with more than 3,000 packages, including one called "everything," and others named a…
‘Operation Triangulation’ Spyware Attackers Bypass iPhone Memory Protections
The Operation Triangulation attacks are abusing undocumented functions in Apple chips to circumvent hardware-based security measures.