As many as 200,000 WordPress websites face a critical security vulnerability in the popular Ultimate Member plugin, posing a significant risk to site owners and administrators. Tracked as CVE-2023-3460 with a CVSS score of 9.8, this flaw allows attackers to…
Recently, cyber attackers have become increasingly proficient at exploiting unknown vulnerabilities and deploying innovative tactics that organizations may not anticipate. One such alarming case involves the BlackCat ransomware group, ALPHV. They have been found to operate malicious advertising (malvertising) campaigns…
In the rapidly evolving world of cyber threats, attackers are constantly finding new ways to maximize their gains with minimal effort. One such technique is proxyjacking, a method that has recently gained popularity among cybercriminals. This article aims to shed…
Charming Kitten, a nation-state actor linked to Iran’s Islamic Revolutionary Guard Corps (IRGC), has recently enhanced its cyber arsenal with an upgraded version of the PowerStar backdoor malware. The threat actor, known for its social engineering tactics and personalized spear-phishing…
In recent reports, security researchers have unveiled an updated version of the Rustbucket malware, a sophisticated threat targeting macOS systems. This variant, attributed to the North Korean threat actor BlueNoroff, exhibits new persistence capabilities and utilizes dynamic network infrastructure to…
A new malware tool called EvilExtractor has emerged in the cybercrime world. Developed by Kodex as an “educational” tool, it was discovered by FortiGuard Labs being used as an info stealer. EvilExtractor targets Windows operating systems and extracts data and…
A recent investigation by Symantec’s Threat Hunter Team has revealed that the Lazarus hacking group, notorious for its links to North Korea, breached not just 3CX, but also two critical infrastructure organizations in the power and energy sector, and two…