Security News

Filter by:

Hackers exploit Four-Faith router flaw to open reverse shells

Threat actors are exploiting a post-authentication remote command injection vulnerability in Four-Faith routers tracked as CVE-2024-12856 to open reverse shells back to the attackers.
Bleeping Computer 31 Dec 2024 344 Views

16 Chrome Extensions Hacked, Exposing Over 600,000 Users to Data Theft

A new attack campaign has targeted known Chrome browser extensions, leading to at least 16 extensions being compromised and exposing over 600,000 users to data exposure and credential theft. The attack targeted publishers of browser extensions on the Chrome Web Store via a phishing campaign and...
The Hacker News 30 Dec 2024 1847 Views

It's only a matter of time before LLMs jump start supply-chain attacks

'The greatest concern is with spear phishing and social engineering' Interview  Now that criminals have realized there's no need to train their own LLMs for any nefarious purposes - it's much cheaper and easier to steal credentials and then jailbreak existing ones - ...
The Register 30 Dec 2024 1120 Views

Premium WPLMS WordPress plugins address seven critical flaws

Two WordPress plugins required by the premium WordPress WPLMS theme, which has over 28,000 sales, are vulnerable to more than a dozen critical-severity vulnerabilities. [...]
Bleepingcomputer 24 Dec 2024 969 Views

Google Chrome uses AI to analyze pages in new scam detection feature

Google is using artificial intelligence to power a new Chrome scam protection feature that analyzes brands and the intent of pages as you browse the web. [...]
Bleepingcomputer 21 Dec 2024 1020 Views

US Ban on TP-Link Routers More About Politics Than Exploitation Risk

While a number of threat groups have used TP-Link bugs to infiltrate networks, a proposed ban of the company's popular routers is more about geopolitics than actual cybersecurity — and that may not be a bad thing. [...]
Dark Reading 21 Dec 2024 934 Views

HubSpot phishing targets 20,000 Microsoft Azure accounts

A phishing campaign targeting automotive, chemical, and industrial manufacturing companies in Germany and the UK is abusing HubSpot to steal Microsoft Azure account credentials.
Bleeping Computer 19 Dec 2024 1368 Views

Ongoing phishing attack abuses Google Calendar to bypass spam filters

An ongoing phishing scam is abusing Google Calendar invites and Google Drawings pages to steal credentials while bypassing spam filters.
Bleeping Computer 19 Dec 2024 1374 Views

Critical security hole in Apache Struts under exploit

You applied the patch that could stop possible RCE attacks last week, right? A critical security hole in Apache Struts 2, patched last week, is now being exploited using publicly available proof-of-concept (PoC) code.…
The Register 18 Dec 2024 3723 Views

New fake Ledger data breach emails try to steal crypto wallets

A new Ledger phishing campaign is underway that pretends to be a data breach notification asking you to verify your recovery phrase, which is then stolen and used to steal your cryptocurrency. [...]
Bleepingcomputer 18 Dec 2024 1321 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY