Over 1,000 WordPress Sites Infected with JavaScript Backdoors Enabling Persistent Attacker Access
Over 1,000 websites powered by WordPress have been infected with a third-party JavaScript code that injects four separate backdoors. “Creating…
OpenAI Operator Agent Used in Proof-of-Concept Phishing Attack
Researchers from Symantec showed how OpenAI’s Operator agent, currently in research preview, can be used to construct a basic phishing…
GitHub Uncovers New ruby-saml Vulnerabilities Allowing Account Takeover Attacks
Two high-severity security flaws have been disclosed in the open-source ruby-saml library that could allow malicious actors to bypass Security…
Microsoft: 6 Zero-Days in March 2025 Patch Tuesday
Microsoft today issued more than 50 security updates for its various Windows operating systems, including fixes for a whopping six…
ClickFix: How to Infect Your PC in Three Easy Steps
A clever malware deployment scheme first spotted in targeted attacks last year has now gone mainstream. In this scam, dubbed…
Lazarus Group Uses React-Based Admin Panel to Control Global Cyber Attacks
The North Korean threat actor known as the Lazarus Group has been observed leveraging a “web-based administrative platform” to oversee…
Coyote Malware Expands Reach: Now Targets 1,030 Sites and 73 Financial Institutions
Brazilian Windows users are the target of a campaign that delivers a banking malware known as Coyote. “Once deployed, the…
Microsoft Identifies 3,000+ Publicly Disclosed ASP.NET Machine Keys Vulnerable to Code Injection
Microsoft is warning of an insecure practice wherein software developers are incorporating publicly disclosed ASP.NET machine keys from publicly accessible…