Critical Vulnerabilities in WordPress Anti-Spam Plugin Put 200,000 Sites at Risk
Two severe security flaws discovered in the Anti-Spam by CleanTalk WordPress plugin could allow attackers to gain unauthorized control of over 200,000 websites. The developer has released patches while security researchers implement protective measures for affected installations.
Russian Hacking Group RomCom Exploits Firefox Zero-Days in Sophisticated Attack Campaign
A Russian cybercrime group has launched major attacks across Europe and North America by exploiting critical Firefox and Tor Browser vulnerabilities. The sophisticated campaign infected systems through maliciously crafted websites, demonstrating RomCom's advanced capabilities and evolving tactics.
Critical VPN Client Vulnerabilities Allow Attackers to Deploy Malware Through Fake Servers
Security researchers have discovered severe flaws in Palo Alto Networks' GlobalProtect and SonicWall's NetExtender VPN clients that enable attackers to execute malicious code through rogue VPN servers. The vulnerabilities could allow credential theft and system compromise through unauthorized software updates with elevated privileges.
Zero-Click Attack: RomCom Hackers Chain Firefox and Windows Flaws in Sophisticated Campaign
Russian-aligned RomCom hackers exploited two zero-day vulnerabilities in Firefox and Windows to silently compromise systems across Europe and North America. The sophisticated attack required no user interaction, highlighting the growing capabilities of state-sponsored threat actors.
Ransomware Attack on Blue Yonder Cripples Major Retail Supply Chains
A devastating ransomware attack on supply chain software provider Blue Yonder has forced major retailers like Starbucks to resort to manual operations. The incident, occurring during the peak Thanksgiving period, has disrupted warehouse management and retail operations across the U.S. and UK.
BlackBasta: The Rising Ransomware Empire Filling Conti's Void
Following Conti's downfall, BlackBasta has emerged as a formidable force in Russian ransomware operations, showcasing remarkable adaptability through custom malware tools and sophisticated attack methods. The group's targeting of healthcare sectors and potential ties to state actors signal an evolving threat landscape requiring enhanced cybersecurity measures.
Hackers Exploit Avast Driver Vulnerability to Disable Antivirus Protection
Security researchers have discovered malware that hijacks Avast's anti-rootkit driver to terminate antivirus processes on infected systems. The sophisticated attack, active since 2021, targets 142 security products and uses a bring-your-own-vulnerable-driver technique to compromise system defenses.
Avast Anti-Rootkit Driver Exploited by Hackers to Disable Windows Security
Cybercriminals have discovered a way to abuse Avast's legitimate anti-rootkit driver to bypass Windows security protections and terminate antivirus processes. The 'Bring Your Own Vulnerable Driver' technique allows attackers to gain elevated system privileges by exploiting the trusted, signed driver.
IGT Gaming Giant Hit by Cyberattack, Shuts Down Systems Amid $6.3B Merger
International Game Technology (IGT), a major gambling and lottery technology provider, faces widespread disruption after a cybersecurity breach forced system shutdowns. The attack comes at a critical time as shareholders recently approved a $6.3B merger between IGT's gaming division and Everi Holdings.
IGT Hit by Major Cyber Attack Amid $4 Billion Apollo Deal
International Game Technology (IGT) was forced to shut down multiple systems after detecting unauthorized access at its Las Vegas and Providence locations. The breach coincides with IGT's pending $4.05 billion sale to Apollo Global Management, highlighting growing cybersecurity challenges in the gaming industry.