Hackers abuse WordPress MU-Plugins to hide malicious code
Hackers are utilizing the WordPress mu-plugins ("Must-Use Plugins") directory to stealthily run malicious code on every page while evading detection.…
North Korean hackers adopt ClickFix attacks to target crypto firms
The notorious North Korean Lazarus hacking group has reportedly adopted 'ClickFix' tactics to deploy malware targeting job seekers in the…
Phishing-as-a-service operation uses DNS-over-HTTPS for evasion
A newly discovered phishing-as-a-service (PhaaS) operation that researchers call Morphing Meerkat, has been using the DNS over HTTPS (DoH) protocol to…
Microsoft fixes button that restores classic Outlook client
Microsoft resolved an issue that caused the new Outlook email client to crash when users clicked a button designed to…
New Ubuntu Linux security bypasses require manual mitigations
Three security bypasses have been discovered in Ubuntu Linux's unprivileged user namespace restrictions, which could be enable a local attacker…
Oracle Health breach compromises patient data at US hospitals
A breach at Oracle Health impacts multiple US healthcare organizations and hospitals after a threat actor stole patient data from…
Microsoft fixes Remote Desktop issues caused by Windows updates
Microsoft has fixed a known issue that caused problems with Remote Desktop and RDS connections after installing Windows updates released…
Hijacked Microsoft web domain injects spam into SharePoint servers
The legacy domain for Microsoft Stream was hijacked to show a fake Amazon site promoting a Thailand casino, causing all…
Chinese FamousSparrow hackers deploy upgraded malware in attacks
A China-linked cyberespionage group known as 'FamousSparrow' was observed using a new modular version of its signature backdoor 'SparrowDoor' against a US-based…
Oracle customers confirm data stolen in alleged cloud breach is valid
Despite Oracle denying a breach of its Oracle Cloud federated SSO login servers and the theft of account data for 6…