Security News

A new Android backdoor malware named 'Wpeeper' has been spotted in at least two unofficial app stores mimicking the Uptodown App Store, a popular third-party app store for Android devices with over 220 million downloads. Wpeeper stands out for its novel use of compromised WordPress sites to act as relays for its actual command and control servers, acting as an evasion mechanism.

The ransomware attack on Change Healthcare occurred in late February 2024, leading to severe operational disruptions on Optum's Change Healthcare platform. The healthcare org recently admitted that it paid a ransom to protect people's data post-compromise, but no details about the attack or who carried it out were officially disclosed.

Roku warns that 576,000 accounts were hacked in new credential stuffing attacks after disclosing another incident that compromised 15,000 accounts in early March. The company said the attackers used login information stolen from other online platforms to breach as many active Roku accounts as possible in credential stuffing attacks.

On the first day of Pwn2Own Vancouver 2024, contestants demoed Windows 11, Tesla, and Ubuntu Linux zero-day vulnerabilities and exploit chains to win $732,500 and a Tesla Model 3 car. Synacktiv won the Tesla Model 3 and $200,000 after hacking the Tesla ECU with Vehicle CAN BUS Control in under 30 seconds using an integer overflow.

Hackers hijacked the official contact email for the Belgian Grand Prix event and used it to lure fans to a fake website promising a €50 gift voucher. The Spa Gran Prix is a Formula 1 World Championship race held at the Circuit de Spa-Francorchamps in Stavelot, Belgium.

The International Monetary Fund disclosed a cyber incident on Friday after unknown attackers breached 11 IMF email accounts earlier this year. The IMF has found no evidence that the attackers gained access to other systems or resources outside of the breached email accounts.

Roku has disclosed a data breach impacting over 15,000 customers after hacked accounts were used to make fraudulent purchases of hardware and streaming subscriptions. On Friday, Roku first disclosed the data breach, warning that 15,363 customer accounts were hacked in a credential stuffing attack.

Threat actors are conducting brute-force attacks against WordPress sites by leveraging malicious JavaScript injections, new findings from Sucuri reveal. The attacks, which take the form of...

Hackers are conducting widescale attacks on WordPress sites to inject scripts that force visitors' browsers to bruteforce passwords for other sites. They then hack X accounts, create YouTube videos, or take out Google and X advertisements to promote the sites and steal visitor's cryptocurrency.

The Main Intelligence Directorate of Ukraine's Ministry of Defense claims that it breached the servers of the Russian Ministry of Defense and stole sensitive documents. Software used by the Russian Ministry of Defense for protecting and encrypting data.