Thousands of WordPress sites impacted by WP3.XYZ malware campaign
More than 5,000 WordPress sites worldwide have been breached to facilitate admin account creation, malicious plugin injection, and data exfiltration as part…
Category: Ransomware
Telefónica breached via infostealer, social engineering
Threat actors who infiltrated BayMark’s systems from Sep. 24 to Oct. 14 were able to steal individuals’ names, birthdates, Social…
Ransomware attack compromises OneBlood data
Unauthorized access to OneBlood’s network between July 14 and 29 resulted in the exfiltration of individuals’ names and Social Security…
Celebrity investors, creator metrics, and Chrome extension compromise – ESW #389
“Data-loss prevention startup Cyberhaven says hackers published a malicious update to its Chrome extension that was capable of stealing customer…
Data breach compromises STIIIZY customers’ data
Information compromised in the breach included not only names, birthdates, email addresses, and phone numbers, but also Social Security numbers,…
FunkSec ransomware chases notoriety with AI-assisted code
FunkSec ransomware is a relatively new ransomware-as-a-service (RaaS) group with hacktivist ties that appears to use AI to assist its…
New Banshee Stealer variant continues attacks on macOS devices
A new version of the Banshee macOS stealer was observed — the malware steals browser credentials, cryptocurrency wallets, and other…
Over 360K impacted by Medusind breach
Information compromised in the breach included not only names, birthdates, email addresses, and phone numbers, but also Social Security numbers,…
Massive T-Mobile breach prompts lawsuit from Washington state
Infiltration of the hospital’s network earlier that month resulted in the compromise of files, one of which had individuals’ names,…
Four ways to mitigate the abuse of generic top-level domains
COMMENTARY: Domain mirroring, or a domain impersonation attack, remains one of the oldest tricks in the phishing playbook. It’s when…