WordPress force installs UpdraftPlus patch on 3 million sites
WordPress has taken the rare step of force-updating the UpdraftPlus plugin on all sites to fix a high-severity vulnerability allowing website subscribers to download the latest database backups, which often contain credentials and PII. […]
Conti ransomware gang takes over TrickBot malware operation
After four years of activity and numerous takedown attempts, the death knell of TrickBot has sounded as its top members move under new management, the Conti ransomware syndicate, who plan to replace it with the stealthier BazarBackdoor malware. […]
Popular e-cigarette store was compromised to steal credit cards
BleepingComputer has confirmed Element Vape, a prominent online seller of e-cigarettes and vaping kits was serving a credit card skimmer on its live site, likely after getting hacked. Element Vape has a presence across the U.S. and Canada and sells products in both retail outlets and on their online store. […]
US says Russian state hackers breached defense contractors
Russian-backed hackers have been targeting and compromising U.S. cleared defense contractors (CDCs) since at least January 2020 to gain access to and steal sensitive info that gives insight into U.S. defense and intelligence programs and capabilities. […]
CISA tells agencies to patch actively exploited Chrome, Magento bugs
The US Cybersecurity and Infrastructure Security Agency (CISA) has added nine new flaws to its collection of actively exploited vulnerabilities, including two recently patched zero-days impacting Google Chrome and Adobe Commerce/Magento Open Source. […]