‘SessionShark’ ToolKit Evades Microsoft Office 365 MFA
The creators of the toolkit are advertising it as an educational and ethical resource, but what it promises to provide…
OttoKit WordPress Plugin Admin Creation Vulnerability Under Active Exploitation
A newly disclosed high-severity security flaw impacting OttoKit (formerly SureTriggers) has come under active exploitation within a few hours of…
Over 1,500 PostgreSQL Servers Compromised in Fileless Cryptocurrency Mining Campaign
Exposed PostgreSQL instances are the target of an ongoing campaign designed to gain unauthorized access and deploy cryptocurrency miners. Cloud…
Over 1,000 WordPress Sites Infected with JavaScript Backdoors Enabling Persistent Attacker Access
Over 1,000 websites powered by WordPress have been infected with a third-party JavaScript code that injects four separate backdoors. “Creating…
OpenAI Operator Agent Used in Proof-of-Concept Phishing Attack
Researchers from Symantec showed how OpenAI’s Operator agent, currently in research preview, can be used to construct a basic phishing…
GitHub Uncovers New ruby-saml Vulnerabilities Allowing Account Takeover Attacks
Two high-severity security flaws have been disclosed in the open-source ruby-saml library that could allow malicious actors to bypass Security…
Microsoft: 6 Zero-Days in March 2025 Patch Tuesday
Microsoft today issued more than 50 security updates for its various Windows operating systems, including fixes for a whopping six…
ClickFix: How to Infect Your PC in Three Easy Steps
A clever malware deployment scheme first spotted in targeted attacks last year has now gone mainstream. In this scam, dubbed…