A security flaw in the WordPress LiteSpeed Cache plugin (CVE-2024-47374, CVSS 7.2) has been discovered, potentially allowing attackers to take control of websites by injecting malicious JavaScript through a stored cross-site scripting (XSS) vulnerability. This affects plugin versions up to 6.5.0.2, which powers over six million sites. The vulnerability occurs when the “CSS Combine” and “Generate UCSS” settings… Read More »
The new Linux malware “Perfctl” is targeting millions of servers globally by mimicking legitimate system files to evade detection. Discovered by Aqua Nautilus, the malware exploits misconfigurations and vulnerabilities, primarily for cryptomining and hijacking system resources. It has been active for several years but recently gained attention after attacking a honeypot.
In response to the U.S. government’s ban on Kaspersky products, the Russian cybersecurity firm has automatically replaced its antivirus software on American computers with UltraAV, without prior warning. The sudden switch occurred through an automatic update on September 19, 2024, following Kaspersky’s inclusion on the U.S. Entity List due to national security concerns.
US cybersecurity officials are urging millions of Americans to update their Apple devices immediately to avoid potential hacking threats.
Act quickly to retain ownership of your aging Google accounts. Commencing this week, on December 1, Google is set to eliminate inactive accounts, erasing all associated content, including Gmail messages, Photos, Calendar events, Contacts records, YouTube videos, and Drive documents.
Threat actors are capitalizing on undisclosed vulnerabilities in select routers and network video recorder (NVR) devices to construct a Mirai-based distributed denial-of-service (DDoS) botnet known as InfectedSlurs.
The National Cyber Security Centre (NCSC) and Korea’s National Intelligence Service (NIS) jointly warned about the North Korea-linked Lazarus hacking group exploiting a zero-day vulnerability in the MagicLine4NX software, developed by South Korean company Dream Security. This joint certificate program, facilitating logins and digital transactions, has become a target for supply-chain attacks.
Fidelity National Financial (FNF), a Fortune 500 insurance company, has officially acknowledged falling victim to a cybersecurity incident, as reported in an 8-K filing with the Securities and Exchange Commission (SEC). The company disclosed the forced shutdown of several systems, affecting key services related to title insurance, escrow, mortgage transactions, and technology for the real estate and mortgage… Read More »
Jump Trading Group has reportedly distanced itself from Wormhole, a crypto project under its crypto investing arm, as part of its broader retreat from the unpredictable digital-assets market.
Malicious actors have capitalized on Ethereum’s ‘Create2’ function to elude wallet security alerts, resulting in the pilfering of $60 million from 99,000 individuals within six months, as revealed by Web3 anti-scam experts at ‘Scam Sniffer.’