WordPress custom field plugin bug exposes over 1M sites to XSS attacks
Security researchers warn that the 'Advanced Custom Fields' and 'Advanced Custom Fields Pro' WordPress plugins, with millions of installs, are…
Google Ads Abused to Lure Corporate Workers to LOBSHOT Backdoor
The cyberattack campaign, similar to one to spread the Rhadamanthys Stealer, is part of a larger trend by attackers to…
1M+ WordPress Sites Hacked via Zero-Day Plug-in Bugs
A wide-ranging campaign to inject malicious code into WordPress-run websites has been ongoing for at least five years.
Microsoft PowerToys adds Windows Registry preview feature
Microsoft PowerToys, a set of free utilities for Windows 10 users, has introduced a new feature allowing users to preview…
Massive Balada Injector campaign attacking WordPress sites since 2017
An estimated one million WordPress websites have been compromised during a long-lasting campaign that exploits "all known and recently discovered…
WordPress force patching WooCommerce plugin with 500K installs
Automattic, the company behind the WordPress content management system, is force installing a security update on hundreds of thousands of websites running…
Hackers use new PowerMagic and CommonMagic malware to steal data
Security researchers have discovered attacks from an advanced threat actor that used "a previously unseen malicious framework" called CommonMagic and…
Why You Should Opt Out of Sharing Data With Your Mobile Provider
A new breach involving data from nine million AT&T customers is a fresh reminder that your mobile provider likely collects…
Microsoft enables LSA protection by default in Windows Canary build
Microsoft says the latest Windows 11 build that is rolling out to Insiders in the Canary channel will try to…
How to Reduce Code Risk Using Pipelineless Security
The exposure and exploitation of hardcoded secrets continues to drive software supply chain attacks. One solution: zero new hardcoded secrets.