Funnel Builder WordPress plugin bug exploited to steal credit cards
A critical vulnerability in the Funnel Builder plugin for WordPress is being actively exploited to inject malicious JavaScript…
Fonte
bleepingcomputer.com
33articoli totali nell'archivio
Microsoft Exchange, Windows 11 hacked on second day of Pwn2Own
During the second day of Pwn2Own Berlin 2026, competitors collected $385,750 in cash awards after exploiting 15 unique zero-day…
Popular node-ipc npm package compromised to steal credentials
Hackers have injected credential-stealing malware into newly published versions of node-ipc, a popular inter-process…
Avada Builder WordPress plugin flaws allow site credential theft
Two vulnerabilities in the Avada Builder plugin for WordPress, with an estimated one million active installations, allow hackers…
Microsoft backpedals: Edge to stop loading passwords into memory
Microsoft is updating the Edge web browser to ensure it no longer loads saved passwords into process memory in clear text at…
Inside the REMUS Infostealer: Session Theft, MaaS, and Rapid Evolution
Stolen browser sessions and authentication tokens are becoming more valuable than stolen passwords. Flare explains how the REMUS…
Microsoft to automatically roll back faulty Windows drivers
Microsoft is introducing a new capability that will allow it to remotely roll back problematic Windows drivers delivered through…
Microsoft warns of Exchange zero-day flaw exploited in attacks
On Thursday, Microsoft shared mitigations for a high-severity Exchange Server vulnerability exploited in attacks that allow…
TeamPCP hackers advertise Mistral AI code repos for sale
The TeamPCP hacker group is threatening to leak source code from the Mistral AI project unless a buyer is found for the data.
Hackers exploit auth bypass flaw in Burst Statistics WordPress plugin
Hackers are leveraging a critical authentication bypass vulnerability in the WordPress plugin Burst Statistics to obtain…
Cisco warns of new critical SD-WAN flaw exploited in zero-day attacks
Cisco is warning that a critical Catalyst SD-WAN Controller authentication bypass flaw, tracked as CVE-2026-20182, was actively…
Windows 11 and Microsoft Edge hacked at Pwn2Own Berlin 2026
On the first day of Pwn2Own Berlin 2026, security researchers collected $523,000 in cash awards after exploiting 24 unique…
18-year-old NGINX vulnerability allows DoS, potential RCE
An 18-year-old flaw in the NGINX open-source web server, discovered using an autonomous scanning system, can be exploited for…
Cyber-Enabled Cargo Crime: How Cybercrime Tradecraft is Used to Steal Freight
Cargo theft now starts with phishing emails and stolen credentials, not hijackings, to reroute and steal freight from supply…
KongTuke hackers now use Microsoft Teams for corporate breaches
Initial access broker KongTuke has moved to Microsoft Teams for social engineering attacks, taking as little as five minutes to…
Dell confirms its SupportAssist software causes Windows BSOD crashes
Dell confirmed that its SupportAssist software is causing blue-screen crashes on some Windows systems following a wave of user…
US charges suspected Dream Market admin arrested in Germany
The alleged main administrator of Dream Market Incognito Market, one of the largest dark web marketplaces before its shutdown,…
New Fragnesia Linux flaw lets attackers gain root privileges
Linux distros are rolling out patches for a new high-severity kernel privilege escalation vulnerability (known as Fragnasia and…
West Pharmaceutical says hackers stole data, encrypted systems
West Pharmaceutical Services disclosed that it was the target of a cyberattack that resulted in data exfiltration and system…
Iranian hackers targeted major South Korean electronics maker
The Iran-linked hacking group MuddyWater (a.k.a. Seedworm, Static Kitten) launched a broad cyber-espionage campaign targeting at…
New critical Exim mailer flaw allows remote code execution
A critical vulnerability affecting certain configurations of the Exim open-source mail transfer agent could be exploited by an…
Windows BitLocker zero-day gives access to protected drives, PoC released
A cybersecurity researcher has published proof-of-concept (PoC) exploits for two unpatched Microsoft Windows vulnerabilities…
Webinar tomorrow: Why security alone won't stop modern attacks
Tomorrow's webinar examines why prevention alone is no longer enough against modern cyberattacks. The session explores how…
Microsoft fixes BitLocker recovery issue only for Windows 11 users
Microsoft has addressed a known issue causing some Windows 11 systems to boot into BitLocker recovery after installing the April…
Microsoft fixes Windows Autopatch bug installing restricted drivers
Microsoft has fixed a Windows Autopatch bug that caused driver updates restricted by administrative policies to be deployed on…
Foxconn confirms cyberattack claimed by Nitrogen ransomware gang
Foxconn, the world's largest electronics manufacturer, says some of its North American factories are now working to resume normal…
73 Seconds to Breach, 24 Hours to Patch: The Case for Autonomous Validation
Attackers can compromise systems in minutes while patching and response still take hours or days. Picus Security breaks down why…
Microsoft releases Windows 10 KB5087544 extended security update
Microsoft has released the Windows 10 KB5087544 extended security update to fix the May 2026 Patch Tuesday vulnerabilities and…
Windows 11 KB5089549 & KB5087420 cumulative updates released
Microsoft has released Windows 11 KB5089549 and KB5087420 cumulative updates for versions 25H2/24H2 and 23H2 to fix security…
Microsoft May 2026 Patch Tuesday fixes 120 flaws, no zero-days
Today is Microsoft's May 2026 Patch Tuesday, with security updates for 120 flaws and no zero-days disclosed this month.
Instructure reaches 'agreement' with ShinyHunters to stop data leak
Instructure, the edtech giant behind the widely popular Canvas learning management system (LMS), has reached an "agreement" with…
Shai Hulud attack ships signed malicious TanStack, Mistral npm packages
Hundreds of packages across npm and PyPI have been compromised in a new Shai-Hulud supply-chain campaign delivering…