Security News

Hackers are conducting widescale attacks on WordPress sites to inject scripts that force visitors' browsers to bruteforce passwords for other sites. They then hack X accounts, create YouTube videos, or take out Google and X advertisements to promote the sites and steal visitor's cryptocurrency.

The Main Intelligence Directorate of Ukraine's Ministry of Defense claims that it breached the servers of the Russian Ministry of Defense and stole sensitive documents. Software used by the Russian Ministry of Defense for protecting and encrypting data.

The U.S. Cybersecurity and Infrastructure Security Agency revealed today that attackers who hack Ivanti VPN appliances using one of multiple actively exploited vulnerabilities may be able to maintain root persistence even after performing factory resets. The authoring organizations encourage network defenders to assume that user and service account credentials stored within the affected Ivanti VPN appliances are likely compromised, hunt for malicious activity on their networks using the detection methods and indicators of compromise within this advisory, run Ivanti's most recent external ICT, and apply available patching guidance provided by Ivanti as version updates become available.

The U.S. Cybersecurity and Infrastructure Security Agency revealed today that attackers who breached Ivanti appliances using one of multiple actively exploited vulnerabilities can maintain root persistence even after performing factory resets. CISA found that the Ivanti ICT failed to detect compromise while investigating multiple hacking incidents involving hacked Ivanti appliances.

According to a wave of online reports from Anycubic customers, someone hacked their 3D printers to warn that the devices are exposed to attacks. This vulnerability allegedly enables potential attackers to control any Anycubic 3D printer affected by this vulnerability using the company's MQTT service API. The file received by the impacted devices also asks Anycubic to open-source their 3D printers because the company's software "Is lacking."

Epic Games said they found zero evidence of a cyberattack or data theft after the Mogilevich extortion group claimed to have breached the company's servers. "We are investigating but there is currently zero evidence that these claims are legitimate," Epic Games told BleepingComputer in a statement.

Last week, someone posted something like 570 files, images and chat logs from a Chinese company called I-Soon. I-Soon sells hacking and espionage services to Chinese national and local government.

Attackers are exploiting a maximum severity authentication bypass vulnerability to breach unpatched ScreenConnect servers and deploy LockBit ransomware payloads on compromised networks. Today, Sophos X-Ops revealed that threat actors have been deploying LockBit ransomware on victims' systems after gaining access using exploits targeting these two ScreenConnect vulnerabilities.

The Information Technology Industry Council, which represents a laundry list of heavy hitters, expressed dissatisfaction over the proposed reporting rules, describing them as adding "Another hue of color to the kaleidoscope of incident reporting regimes" being passed by the US federal government of late. ITIC said the eight-hour reporting requirement was "Unduly burdensome and inconsistent" with other reporting rules, adding that the 72-hour update period "Does not reflect the shifting urgency throughout an incident response."

AnyDesk Software GmbH, the German company behind the widely used remote desktop application of the same name, has confirmed they've been hacked and their production systems have been compromised.The statement was published on Friday evening and lacks technical details about the breach.