Chinese hackers exploit Fortinet VPN zero-day to steal credentials
Chinese threat actors use a custom post-exploitation toolkit named 'DeepData' to exploit a zero-day vulnerability in Fortinet's FortiClient Windows VPN client…
Schneider Electric confirms dev platform breach after hacker steals data
Schneider Electric has confirmed a developer platform was breached after a threat actor claimed to steal 40GB of data from…
Hackers exploit Roundcube webmail flaw to steal email, credentials
Threat actors have been exploiting a vulnerability in the Roundcube Webmail client to target government organizations in the Commonwealth of…
Automattic blocks WP Engine’s access to WordPress resources
WordPress.org has banned WP Engine from accessing its resources and stopped delivering plugin updates to websites hosted on the platform,…
Android malware ‘Necro’ infects 11 million devices via Google Play
A new version of the Necro malware loader for Android was installed on 11 million devices through Google Play in…
WordPress.org to require 2FA for plugin developers by October
Starting October 1st, WordPress.org accounts that can push updates and changes to plugins and themes will be required to activate two-factor…
Malware infiltrates Pidgin messenger’s official plugin repository
The Pidgin messaging app removed the ScreenShareOTR plugin from its official third-party plugin list after it was discovered that it…
Hackers are exploiting critical bug in LiteSpeed Cache plugin
Hackers have already started to exploit the critical severity vulnerability that affects LiteSpeed Cache, a WordPress plugin used for accelerating…
Litespeed Cache bug exposes millions of WordPress sites to takeover attacks
A critical vulnerability in the LiteSpeed Cache WordPress plugin can let attackers take over millions of websites after creating rogue…
Plugins on WordPress.org backdoored in supply chain attack
A threat actor modified the source code of at least five plugins hosted on WordPress.org to include malicious PHP scripts that…