Category: Shorts

WordPress Update Fixes Critical Jetpack Plugin Flaw on Millions of Sites WordPress has issued an automatic update to address a critical flaw in the Jetpack plugin that’s installed on over five million sites. This vulnerability could be used by authors on a site to manipulate any files in the WordPress installation, Jetpack said in an…

Zyxel Devices Being Exploited by Active Mirai Botnet Variant for D Palo Alto Networks Unit 42 has detailed a new wave of IoT-enabled DDoS attacks being committed by a botnet variant called IZ1H9 since April 2023. The intrusions leverage remote code execution flaws in internet-exposed IoT devices, including Zyxel to ensnare them into a network…

N. Korean ScarCruft Hackers Exploit LNK Files to Spread Rok ScarCruft, active since at least 2012, is a cyber espionage group that operates on behalf of the North Korean government. The group is believed to be a subordinate element within North Korea’s Ministry of State Security. Attack chains mounted by the group have leaned heavily…

BlackCat Ransomware Strikes Quickly and Stealthily The threat actors behind the BlackCat ransomware have come up with an improved variant that prioritizes speed and stealth. This new strain of the ransomware, also called Alphav and Noberus, is the first Rust-language-based ransomware strain spotted in the wild. It also shares overlaps with the now-defunct Black Matter…

How Wazuh Enhances IT Hygiene for Cyber Security Resilience Wazuh improves an organization’s IT hygiene using several capabilities to alert administrators of vulnerabilities, suggest remediation steps, and respond to threats. The Wazuh Vulnerability Detector capability lets you discover security vulnerabilities in the operating system and applications installed on monitored endpoints. By leveraging the capabilities of…

PyPI malicious packages using compiled Python code to evade detection Researchers have discovered a new attack on the Python Package Index (PyPI) repository that uses compiled Python code to sidestep detection by application security tools. The vulnerability relates to the fshec2 package and its three files -init, main, and full.pyc. PYC files are compiled bytecode…

Unmasking the XE Group: Experts Reveal Identity of Suspected Cybercrime Researchers unmask the identity of one of the individuals who is believed to be associated with the e-crime actor XE Group. This group, also known as XeThanh, previously documented by Malwarebytes and Volexity, has a history of carrying out cyber criminal activities since at least…

Meta confirms that Quest 3 won’t replace Quest 2 for quite a while As another data point, the latest Steam Hardware Survey shows over 45 percent of VR headset users there are connecting a Quest 2 to their gaming PC, compared to just over 2 percent using the original Quest. Won’t Meta stop supporting the…

iOS Zero-Click Hack with Stealthy Root-Privilege Malware Kaspersky antivirus company discovers that an unknown APT is using iOS devices as part of a sophisticated and long-running mobile campaign dubbed Operation Triangulation. The malware infects the devices with zero-click exploits via the iMessage platform, and the malware runs with root privileges, gaining complete control over the…

Evasive QBot Malware Uses Short-lived Residential IP Addresses for Dynamic Attacks An analysis of the evasive and tenacious malware known as QBot has revealed that 25% of its command-and-control servers are only active for a day and 50% of them don’t remain active for more than a week. The malware arrives on victims’ devices via…