Skip to main content

Security News

Filter by:

CISA warns of critical Oracle, Mitel flaws exploited in attacks

CISA has warned U.S. federal agencies to secure their systems against critical vulnerabilities in Oracle WebLogic Server and Mitel MiCollab systems that are actively exploited in attacks. [...]
Bleepingcomputer 8 Jan 2025 1828 Views

MediaTek rings in the new year with a parade of chipset vulns

Manufacturers should have had ample time to apply the fixes MediaTek kicked off the first full working week of the new year by disclosing a bevy of security vulnerabilities, including a critical remote code execution bug affecting 51 chipsets.…
The Register 6 Jan 2025 7921 Views

Windows 10 users urged to upgrade to avoid "security fiasco"

​Cybersecurity firm ESET is urging Windows 10 users to upgrade to Windows 11 or Linux to avoid a "security fiasco" as the 10-year-old operating system nears the end of support in October 2025. [...]
Bleepingcomputer 6 Jan 2025 1645 Views

Cryptocurrency wallet drainers stole $494 million in 2024

Scammers stole $494 million worth of cryptocurrency in wallet drainer attacks last year that targeted more than 300,000 wallet addresses. [...]
Bleepingcomputer 5 Jan 2025 1626 Views

Hackers exploit Four-Faith router flaw to open reverse shells

Threat actors are exploiting a post-authentication remote command injection vulnerability in Four-Faith routers tracked as CVE-2024-12856 to open reverse shells back to the attackers.
Bleeping Computer 31 Dec 2024 1937 Views

16 Chrome Extensions Hacked, Exposing Over 600,000 Users to Data Theft

A new attack campaign has targeted known Chrome browser extensions, leading to at least 16 extensions being compromised and exposing over 600,000 users to data exposure and credential theft. The attack targeted publishers of browser extensions on the Chrome Web Store via a phishing campaign and...
The Hacker News 30 Dec 2024 13154 Views

It's only a matter of time before LLMs jump start supply-chain attacks

'The greatest concern is with spear phishing and social engineering' Interview  Now that criminals have realized there's no need to train their own LLMs for any nefarious purposes - it's much cheaper and easier to steal credentials and then jailbreak existing ones - ...
The Register 30 Dec 2024 6522 Views

Premium WPLMS WordPress plugins address seven critical flaws

Two WordPress plugins required by the premium WordPress WPLMS theme, which has over 28,000 sales, are vulnerable to more than a dozen critical-severity vulnerabilities. [...]
Bleepingcomputer 24 Dec 2024 2212 Views

Google Chrome uses AI to analyze pages in new scam detection feature

Google is using artificial intelligence to power a new Chrome scam protection feature that analyzes brands and the intent of pages as you browse the web. [...]
Bleepingcomputer 21 Dec 2024 2145 Views

US Ban on TP-Link Routers More About Politics Than Exploitation Risk

While a number of threat groups have used TP-Link bugs to infiltrate networks, a proposed ban of the company's popular routers is more about geopolitics than actual cybersecurity — and that may not be a bad thing. [...]
Dark Reading 21 Dec 2024 1887 Views