Featured
Critical WordPress Security Plugin Flaw Exposes Millions of Sites to Admin Takeover
A severe vulnerability in a widely-used WordPress security plugin puts millions of websites at risk of complete administrative compromise. Site owners are urged to immediately update their plugins and audit admin accounts as researchers warn of potential unauthorized access and data exposure.
Chinese Hackers Deploy DEEPDATA Malware to Target Fortinet VPN Users
Security researchers uncover sophisticated malware operation by BrazenBamboo targeting FortiClient through an unpatched vulnerability. The attack uses a modular framework to steal VPN credentials and sensitive data, with potential links to Chinese cyber espionage activities.
EPA Report Reveals Critical Cybersecurity Gaps in US Water Infrastructure
A concerning EPA watchdog investigation has uncovered major cybersecurity vulnerabilities in drinking water systems serving 193 million Americans. The report highlights inadequate security protocols and emergency response planning, raising alarms about potential cyber attacks that could disrupt or contaminate water supplies.
New Chrome Malware Bypasses Cookie Encryption, Exposing User Data
A sophisticated new malware strain can circumvent Google Chrome's cookie encryption mechanisms, allowing cybercriminals to silently harvest sensitive login credentials and session data. The concerning development highlights vulnerabilities in browser security and prompts recommendations for enhanced user protection.
WhatsApp Zero-Day Exploit: NSO Group's Continued Attacks After Legal Battle Begins
Israeli spyware firm NSO Group allegedly exploited a new WhatsApp vulnerability in 2019, even after being sued by Meta for a previous security breach. The revelation from unsealed court documents highlights growing tensions between tech companies and surveillance software vendors while raising concerns about user privacy protection.
Malicious GitHub Commits Target Security Researcher in Identity Fraud Attack
Multiple open-source projects on GitHub were compromised by unauthorized code commits falsely attributed to security researcher Stephen Lacy. The attack exploited commit verification weaknesses to damage the researcher's reputation, prompting GitHub to investigate and the community to implement stricter authentication measures.
Chinese Hackers Infiltrate US Law Enforcement Wiretap Systems in Major Security Breach
Chinese state-sponsored hackers gained unauthorized access to sensitive US law enforcement surveillance infrastructure for months, compromising major telecom providers and exposing millions of Americans' data. The FBI and CISA identified the threat actors as 'Salt Typhoon' and are working with affected companies to strengthen defenses.
T-Mobile Hit by Data Breach in Latest Attack on Telecom Giants
T-Mobile confirms unauthorized access to its systems in a recent cybersecurity incident, marking the latest in a series of attacks targeting major telecommunications providers. The company is working with security experts and law enforcement while advising customers to change passwords and enable two-factor authentication.
Five Eyes Intelligence Agencies Expose 2023's Most Dangerous Cybersecurity Vulnerabilities
FBI, CISA, NSA and international partners reveal alarming rise in zero-day attacks among 2023's most exploited vulnerabilities. The joint report highlights critical flaws in major systems, with Citrix and Cisco vulnerabilities topping the list of threats to global infrastructure.