Category: security
Chinese government hackers allegedly spent years undetected in foreign phone networks
Security researchers Sygnia discover attack after responding to a separate incident The attack was attributed to a Chinese state-sponsored threat actor Weaver Ant group lurked for years, stealing sensitive data and moving laterally Chinese state-sponsored threat actors allegedly spent four years lurking in the IT infrastructure of a “major” Asian…
Read More
Critical security flaw in Next.js could spell big trouble for JavaScript users
Researchers spot critical vulnerability in Next.js If authorizations happen in middleware, they could be bypassed in older versions A patch, and a temporary workaround, are both available, so update now Experts have warned there is a critical severity flaw in the Next.js open source web development framework which allows threat…
Read More
Fake file converters are stealing info, pushing ransomware, FBI warns
The FBI warns about web-based file conversion projects being malicious Some are dropping malware, others stealing sensitive data FBI urges victims to report the attacks Free online file converters, joiners, and similar productivity tools are actually covers for data scraping and malware/ransomware distribution campaigns, the FBI is warning. The Bureau’s…
Read More
Coinbase targeted after recent Github attacks
Researchers claim primary target of a recent cascading supply chain attack was Coinbase The cryptocurrency exchange was not compromised, but hundreds of other projects might suffer The attack went through a GitHub Action tool The endgame of the recent cascading supply chain attack on GitHub was to breach Coinbase, one…
Read More
North Korea unveils new military unit targeting AI attacks
North Korea has established a new AI hacking department The new group will be called ‘Research Center 227’ North Korea carried out many cyber offensives in 2024, including a fake interview campaign The Democratic People’s Republic of Korea (North Korea) has established “Research Center 227” according to reports from Daily…
Read More
This top WordPress plugin could be hiding a worrying security flaw, so be on your guard
WP Ghost, a popular security plugin, carried a 9.6-severity flaw It allows threat actors to execute malicious code, remotely The developers released a patch, and users should update now WP Ghost, a popular security WordPress plugin, was carrying a vulnerability that allowed threat actors to launch Remote Code Execution (RCE)…
Read More