100,000 web shops open to compromise as attackers exploit Magento bug
A critical vulnerability found in Magento, the most popular content management system for e-commerce sites, is being exploited by hackers to get their hands on users’ …
Russian APT group actively exploiting Flash, Windows 0-day flaws
APT28, believed to consist of Russian hackers, has been spotted wielding two zero-day exploits in the latest targeted attack aimed at an “international government entity …
Attackers actively downing Microsoft’s IIS web servers
Attackers are actively exploiting a DoS vulnerability (CVE-2015-1635) affecting Microsoft’s Internet Information Services (IIS) extensible web server, SANS ISC CTO …
Exploit for crashing Minecraft servers made public
After nearly two years of waiting for Mojang to fix a security vulnerability that can be used to crash Minecraft servers, programmer Ammar Askar has released a proof of …
Adobe fixes Flash Player zero-day exploited in the wild
Adobe released a new version of Flash Player (17.0.0.169) for Windows and Macintosh, and for Linux (11.2.202.457). These security updates fix a host of critical …
122 online forums compromised to redirect visitors to Fiesta exploit kit
Over a hundred forum websites have been compromised and injected with code that redirects users to sites hosting the Fiesta exploit kit, Cyphort researchers have found. These …
Large malvertising campaign linked to potentially compromised Google ad reseller
Dutch infosec firm Fox IT has spotted a lage scale malvertising campaign that seems to originate from Bulgarian Google ad reseller EngageLab. The first redirection has been …
WordPress sites compromised to redirect to Pirate Bay clone, exploit kit
Malwarebytes researchers have spotted another malware delivery campaign that uses compromised WordPress sites to redirect users to a page hosting an exploit kit. The total …
Xtube visitors redirected to exploit kit landing page
Popular adult site Xtube has been compromised to redirect visitors to sites hosting an exploit kit. “Unlike other attacks we have seen in recent times, this one does not …
Multifunctional Vawtrak malware now updated via favicons
The Vawtrak (aka Snifula) multifunctional malware has been around since mid-2013. Its information-stealing, backdoor and spying capabilities deservedly earned it the …
WordPress plugin used by millions sports critical site-hijacking flaw
Another popular Yoast WordPress plugin has been found sporting a critical vulnerability that can be exploited by attackers to take over control of the site. A week ago it was …
Exploit kits in 2015: What can we expect?
Since 2006, when the earliest exploit kit (WebAttacker) was made available in the crimeware market, these hack toolkits have become one of the preferred ways for cybercrooks …
Featured news
Sponsored
Don't miss
- Void Banshee APT exploited “lingering Windows relic” in zero-day attacks
- SYS01 info-stealer pushed via Facebook ads, LinkedIn and YouTube posts
- ChatGPTriage: How can CISOs see and control employees’ AI use?
- Managing exam pressure: Tips for certification preparation
- Firmware update hides Bluetooth fingerprints