Security News

Hackers abuse WordPress MU-Plugins to hide malicious code
2025-03-31 17:06

Hackers are utilizing the WordPress mu-plugins ("Must-Use Plugins") directory to stealthily run malicious code on every page while evading detection. [...]

Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp
2025-03-31 16:41

The threat actors behind the zero-day exploitation of a recently-patched security vulnerability in Microsoft Windows have been found to deliver two new backdoors called SilentPrism and DarkWisp....

North Korean hackers adopt ClickFix attacks to target crypto firms
2025-03-31 15:56

The notorious North Korean Lazarus hacking group has reportedly adopted 'ClickFix' tactics to deploy malware targeting job seekers in the cryptocurrency industry, particularly centralized finance...

Hackers Exploit WordPress mu-Plugins to Inject Spam and Hijack Site Images
2025-03-31 12:04

Threat actors are using the "mu-plugins" directory in WordPress sites to conceal malicious code with the goal of maintaining persistent remote access and redirecting site visitors to bogus sites....

Chinese FamousSparrow hackers deploy upgraded malware in attacks
2025-03-27 18:38

A China-linked cyberespionage group known as 'FamousSparrow' was observed using a new modular version of its signature backdoor 'SparrowDoor' against a US-based trade organization. [...]

The 4 WordPress flaws hackers targeted the most in Q1 2025
2025-03-27 16:29

A new report sheds light on the most targeted WordPress plugin vulnerabilities hackers used in the first quarter of 2025 to compromise sites. [...]

Hackers Repurpose RansomHub's EDRKillShifter in Medusa, BianLian, and Play Attacks
2025-03-27 14:10

A new analysis has uncovered connections between affiliates of RansomHub and other ransomware groups like Medusa, BianLian, and Play. The connection stems from the use of a custom tool that's...

Top 3 MS Office Exploits Hackers Use in 2025 – Stay Alert!
2025-03-27 10:00

Hackers have long used Word and Excel documents as delivery vehicles for malware, and in 2025, these tricks are far from outdated. From phishing schemes to zero-click exploits, malicious Office...

StreamElements discloses third-party data breach after hacker leaks data
2025-03-26 18:42

Cloud-based streaming company StreamElements confirms it suffered a data breach at a third-party service provider after a threat actor leaked samples of stolen data on a hacking forum. [...]

Update VMware Tools for Windows Now: High-Severity Flaw Lets Hackers Bypass Authentication
2025-03-26 18:26

CVE-2025-22230 is described as an "authentication bypass vulnerability" by Broadcom, allowing hackers to perform high-privilege operations without the necessary credentials.