Funnel Builder WordPress plugin bug exploited to steal credit cards
A critical vulnerability in the Funnel Builder plugin for WordPress is being actively exploited to inject malicious JavaScript snippets into WooCommerce checkout pages. [...]
A critical vulnerability in the Funnel Builder plugin for WordPress is being actively exploited to inject malicious JavaScript snippets into WooCommerce checkout pages. [...]
Em 12 de maio de 2026, um repositório no GitHub apareceu com o código-fonte completo do Shai-Hulud, worm atribuído ao grupo TeamPCP. O repositório, já removido, incluía as frases “Love – TeamPCP” e “Change keys and C2 as needed”, conforme análise publicada em 13 de maio pelo Data…
During the second day of Pwn2Own Berlin 2026, competitors collected $385,750 in cash awards after exploiting 15 unique zero-day vulnerabilities in multiple products, including Windows 11, Microsoft Exchange, and Red Hat Enterprise Linux for Workstations. [...]
Hackers have injected credential-stealing malware into newly published versions of node-ipc, a popular inter-process communication package, in a new supply chain attack targeting npm. [...]
The Russian state-sponsored hacking group known as Turla has transformed its custom backdoor Kazuar into a modular peer-to-peer (P2P) botnet that's engineered for stealth and persistent access to compromised hosts. Turla, per the U.S. Cybersecurity and Infrastruc…
Hackers are hiding XWorm malware in PyInstaller files to bypass Windows security, steal data and remotely control devices through ads.
Two vulnerabilities in the Avada Builder plugin for WordPress, with an estimated one million active installations, allow hackers to read arbitrary files and extract sensitive information from the database. [...]
Stolen browser sessions and authentication tokens are becoming more valuable than stolen passwords. Flare explains how the REMUS infostealer evolved around session theft and operational scalability. [...]
Cybersecurity researchers have disclosed a set of four security flaws in OpenClaw that could be chained to achieve data theft, privilege escalation, and persistence. The vulnerabilities, collectively dubbed Claw Chain by Cyera, can permit an attacker to establish …
A OpenAI confirmou que dispositivos de dois funcionários foram comprometidos por um ataque de cadeia de suprimentos (supply-chain attack) que utilizou a biblioteca open source TanStack como vetor. Fornecedora da Apple, Foxconn é invadida e confirma roubo de 8 TB de dados 1 a …
Uma vulnerabilidade crítica no PAN-OS, sistema usado em firewalls da Palo Alto Networks, está sendo explorada em ataques reais para executar código arbitrário com privilégios root. A falha afeta dispositivos PA-Series e VM-Series em configurações específicas expostas a redes não …
O GitLab lançou atualizações de segurança emergenciais para corrigir múltiplas vulnerabilidades de alta severidade em suas edições Community Edition e Enterprise Edition autogerenciadas. As falhas podem permitir ataques de XSS e negação de serviço sem autenticação. As correções f…
In Your Biggest Security Risk Isn't Malware — It's What You Already Trust, we made a simple argument: the most dangerous activity inside most organizations no longer looks like an attack. It looks like administration. PowerShell, WMIC, netsh, Certutil, MSBuild — the same trusted …
OpenAI has disclosed that two of its employee devices in its corporate environment were impacted via the Mini Shai-Hulud supply chain attack on TanStack, but noted that no user data, production systems, or intellectual property were compromised or modified in an unauthorized mann…
Hackers are exploiting Outlook calendar invites and device code phishing to steal M365 session tokens, bypass MFA and breach enterprise accounts.
Ransomware Groups Claim Responsibility for Attacks on 3 Healthcare Providers The HIPAA Journal
Ransomware groups have claimed responsibility for attacks on Advanced Family Surgery Center in Tennessee, Orem Eye Clinic in Utah, and […] The post Ransomware Groups Claim Responsibility for Attacks on 3 Healthcare Providers appeared first on The HIPAA Journal.
On Thursday, Microsoft shared mitigations for a high-severity Exchange Server vulnerability exploited in attacks that allow threat actors to execute arbitrary code via cross-site scripting (XSS) while targeting Outlook on the web users. [...]
Microsoft has disclosed a new security vulnerability impacting on-premise versions of Exchange Server that it said has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-42897 (CVSS score: 8.1), has been described as a spoofing bug stemming from a …
A Taiwanese student experimenting with software-defined radio technology shut down three bullet trains for nearly an hour, leading to an anti-terrorism response.