Skip to main content

Security News

Filter by:

Backdoor slipped into multiple WordPress plugins in ongoing supply-chain attack

Malicious updates available from WordPress.org create attacker-controlled admin account.
Ars Technica 25 Jun 2024 39 Views

Facebook PrestaShop module exploited to steal credit cards

Hackers are exploiting a flaw in a premium Facebook module for PrestaShop named pkfacebook to deploy a card skimmer on vulnerable e-commerce sites and steal people's payment credit card details. [...]
Bleepingcomputer 23 Jun 2024 122 Views

Warning: New Adware Campaign Targets Meta Quest App Seekers

A new campaign is tricking users searching for the Meta Quest (formerly Oculus) application for Windows into downloading a new adware family called AdsExhaust. [...]
The Hacker News 22 Jun 2024 128 Views

ONNX phishing service targets Microsoft 365 accounts at financial firms

A new phishing-as-a-service (PhaaS) platform called ONNX Store is targeting Microsoft 365 accounts for employees at financial firms using QR codes in PDF attachments.
Bleeping Computer 19 Jun 2024 389 Views

VMware fixes critical vCenter RCE vulnerability, patch now

VMware has issued a security advisory addressing critical vulnerabilities in vCenter Server, including remote code execution and local privilege escalation flaws.
Bleeping Computer 19 Jun 2024 509 Views

Google warns of actively exploited Pixel firmware zero-day

Google has released patches for 50 security vulnerabilities impacting its Pixel devices and warned that one of them had already been exploited in targeted attacks as a zero-day. [...]
Bleepingcomputer 13 Jun 2024 474 Views

New Attack Technique 'Sleepy Pickle' Targets Machine Learning Models

The security risks posed by the Pickle format have once again come to the fore with the discovery of a new "hybrid machine learning (ML) model exploitation technique" dubbed Sleepy Pickle. [...]
The Hacker News 13 Jun 2024 1025 Views

Phishing emails abuse Windows search protocol to push malicious scripts

A new phishing campaign uses HTML attachments that abuse the Windows search protocol (search-ms URI) to push batch files hosted on remote servers that deliver malware. [...]
Bleepingcomputer 13 Jun 2024 461 Views

Arm Warns of Actively Exploited Zero-Day Vulnerability in Mali GPU Drivers

Arm is warning of a security vulnerability impacting Mali GPU Kernel Driver that it said has been actively exploited in the wild. Tracked as CVE-2024-4610, the use-after-free issue impacts the following products - Bifrost GPU Kernel Driver (all versions...
The Hacker News 11 Jun 2024 2110 Views

Netgear WNR614 flaws allow device takeover, no fix available

Researchers found half a dozen vulnerabilities of varying severity impacting Netgear WNR614 N300, a budget-friendly router that proved popular among home users and small businesses. [...]
Bleepingcomputer 11 Jun 2024 513 Views