web hacks
Tens of thousands WordPress sites defaced, SEO spam to follow
Attackers are actively exploiting the recently patched unauthenticated privilege escalation vulnerability in WordPress’ REST API to deface websites. Sucuri, the company …
6000+ compromised online shops – and counting
A week ago, RiskIQ researchers revealed that over 100 online shops have, at one point in the last six months, been injected with malicious JavaScript code that exfiltrates …
100+ online shops compromised with payment data-stealing code
Since March 2016 (and possibly even earlier), someone has been compromising a variety of online shops and injecting them with malicious JavaScript code that exfiltrates …
Phineas Fisher records, publishes latest attack
Phineas Fisher, the hacker behing the Gamma International and Hacking Team breaches and data leaks, is at it again. This time his target was Sindicat de Mossos …
The gravest dangers for CMS-based websites
Over a third of all websites on the Internet are powered by one of these four key open source platforms: WordPress, Joomla!, Drupal and Magento. This makes the life of …
Solutions for the hijacked websites problem
According to a group of researchers from Google and University of California Berkeley, roughly 16,500 new sites get hijacked each week and start serving drive-by-malware or …
Hack the Pentagon: Hackers asked to help secure public-facing systems
The US Department of Defense (DoD) has invited hackers participate in “Hack the Pentagon”, a program aimed at finding vulnerabilities in some of the …
CTB Locker ransomware now also encrypts websites
The well-known crypto ransomware CTB Locker is back. After a considerable slowdown in distribution, it is being pushed onto users again, and this time its executable has been …
Linux Mint hack: Backdoored ISOs, stolen forums database
The web properties of the project developing Linux Mint have been compromised, and the attacker managed to put up a backdoored version of the distro for download for a little …
UK job recruiters network hit by hacker, user info dumped online
TEAM (The Employment Agents Movement), the largest network of independent recruiters in the UK, has been hit by a Saudi Arabian hacker that goes by the online handle JM511.The …
Best practice application security: Does it exist?
Unfortunately and unsurprisingly, website breaches have become an everyday occurrence. In fact, hacked websites have become so common that typically only the biggest data …
TV5Monde makes new security blunders in wake of hack
Last week’s hack attack against TV5Monde resulted in the compromise of its website, social media accounts, the outage of its email server, and a temporary program …
Featured news
Resources
Don't miss
- Mastering the cybersecurity tightrope of protection, detection, and response
- PRevent: Open-source tool to detect malicious code in pull requests
- Darcula allows tech-illiterate crooks to create, deploy DIY phishing kits targeting any brand
- Hackers pose as employers to steal crypto, login credentials
- Unknown and unsecured: The risks of poor asset visibility