Thousands of WordPress sites impacted by WP3.XYZ malware campaign
More than 5,000 WordPress sites worldwide have been breached to facilitate admin account creation, malicious plugin injection, and data exfiltration as part…
Author: tuffbrownboy
Telefónica breached via infostealer, social engineering
Threat actors who infiltrated BayMark’s systems from Sep. 24 to Oct. 14 were able to steal individuals’ names, birthdates, Social…
Allstate car insurer sued for tracking drivers without permission
Texas Attorney General Ken Paxton has filed a lawsuit against Allstate and its data subsidiary Arity for unlawfully collecting, using,…
January Windows updates may fail if Citrix SRA is installed
Microsoft is warning that the January 2025 Windows 11 and Windows 10 cumulative updates may fail if Citrix Session Recording Agent…
WP3.XYZ malware attacks add rogue admins to 5,000+ WordPress sites
A new malware campaign has compromised more than 5,000 WordPress sites to create admin accounts, install a malicious plugin, and steal…
US govt says North Korea stole over $659 million in crypto last year
North Korean state-backed hacking groups have stolen over $659 million worth of cryptocurrency in multiple crypto-heists, according to a joint…
Windows 10 KB5049981 update released with new BYOVD blocklist
Microsoft has released the KB5049981 cumulative update for Windows 10 22H2 and Windows 10 21H2, which contains an updated Kernel…
Microsoft January 2025 Patch Tuesday fixes 8 zero-days, 159 flaws
Tag CVE ID CVE Title Severity .NET CVE-2025-21171 .NET Remote Code Execution Vulnerability …
Windows 11 KB5050009 & KB5050021 cumulative updates released
Microsoft has released the Windows 11 KB5050009 and KB5050021 cumulative updates for versions 24H2 and 23H2 to fix security vulnerabilities…
Google OAuth flaw lets attackers gain access to abandoned accounts
A weakness in Google’s OAuth “Sign in with Google” feature could enable attackers that register domains of defunct startups to…