1+ hour, 33+ min ago  (674+ words) These servers are regularly targeted by China-linked UNC6508 for initial access and backdoor deployment. The majority of internet-accessible REDCap servers are running outdated software versions, making them prime targets for state-sponsored threat actors, according to internet intelligence firm Censys. A browser-based…...

1+ day, 11+ hour ago  (629+ words) The flaws allow attackers to execute arbitrary PHP code and gain root privileges on shared hosting servers. Threat actors are targeting vulnerabilities in Joomla and the Lite Speed c Panel plugin for code execution and privilege escalation. Affecting the Joomla…...

3+ day, 9+ hour ago  (698+ words) The platform used more than 9, 000 phishing sites, stealing nearly 4 million credit cards and causing roughly $1. 9 billion in losses. The FBI and Google have announced the takedown of Outsider Enterprise, a large phishing-as-a-service (Phaa S) platform that caused billions of dollars in…...

1+ week, 3+ day ago  (690+ words) The Meta-owned communications app is filing a federal court contempt order against NSO. Meta-owned communications app Whats App says it recently detected and disrupted a spear-phishing attempt linked to spyware company NSO Group. The attack is allegedly in defiance of…...

1+ week, 3+ day ago  (512+ words) The social media giant has informed authorities about the impact of the recent attack involving an account recovery support tool. Meta says roughly 20, 000 Instagram accounts may have been hacked in a recent attack abusing an AI-powered account recovery support tool....

2+ week, 7+ hour ago  (607+ words) Relying on social engineering, the hacking group engages in credential phishing, malware distribution, and fraud activities. A Chinese-speaking cybercrime group tracked as TA4922 has been escalating activities and expanding to new geographies, Proofpoint reports. Relying on social engineering, the hacking group…...

2+ week, 1+ day ago  (661+ words) Threat actors are exploiting vulnerable Kirki and Burst Statistics deployments to elevate privileges and take over websites. Hundreds of thousands of websites are potentially exposed to attacks exploiting two vulnerabilities in the Kirki and Burst Statistics Word Press plugins, Defiant…...

2+ week, 1+ day ago  (676+ words) The attackers had access to a senior executive's email account for 150 days and exfiltrated data for months. Hackers gained access to the email account of a senior executive at a major global stock exchange and exfiltrated data for months. The…...

2+ week, 1+ day ago  (797+ words) The default HTTP/2 configuration of major web servers is vulnerable to an attack chain combining a compression bomb and a Slowloris-style hold. Known denial-of-service (Do S) techniques can be chained together in a new exploit that can knock major web servers…...

2+ week, 2+ day ago  (697+ words) A stack-based buffer overflow bug can be exploited for remote code execution on a vulnerable device. A critical-severity vulnerability in multiple HP Poly Voice Vo IP phone models can be exploited for remote code execution (RCE) with root privileges, allowing…...