-
Plugins on WordPress.org backdoored in supply chain attack
A threat actor modified the source code of at least five plugins hosted on WordPress.org to include malicious PHP scripts that create new accounts with administrative privileges on websites running them.
- June 25, 2024
- 03:25 PM
2
-
Russian Sandworm hackers targeted 20 critical orgs in Ukraine
Russian hacker group Sandworm aimed to disrupt operations at around 20 critical infrastructure facilities in Ukraine, according to a report from the Ukrainian Computer Emergency Response Team (CERT-UA).
- April 22, 2024
- 08:30 AM
0
-
Intel and Lenovo servers impacted by 6-year-old BMC flaw
An almost 6-year-old vulnerability in the Lighttpd web server used in Baseboard Management Controllers has been overlooked by many device vendors, including Intel and Lenovo.
- April 11, 2024
- 12:50 PM
- 0
-
Red Hat warns of backdoor in XZ tools used by most Linux distros
Today, Red Hat warned users to immediately stop using systems running Fedora development and experimental versions because of a backdoor found in the latest XZ Utils data compression tools and libraries.
- March 29, 2024
- 01:50 PM
- 2
-
Sponsored Content
Ransomware Groups, Targeting Preferences, and the Access Economy
The cybercrime ecosystem has created a supply chain of stolen accounts and breached networks that are used to fuel ransomware attacks and data breaches. Learn more from Flare about how this supply chain has led to an explosion of cybercrime.
- February 20, 2024
- 10:01 AM
- 0
-
North Korean hackers linked to defense sector supply-chain attack
In an advisory today Germany's federal intelligence agency (BfV) and South Korea's National Intelligence Service (NIS) warn of an ongoing cyber-espionage operation targeting the global defense sector on behalf of the North Korean government.
- February 19, 2024
- 03:24 PM
- 0
-
Ledger dApp supply chain attack steals $600K from crypto wallets
Ledger is warnings users not to use web3 dApps after a supply chain attack on the 'Ledger dApp Connect Kit' library was found pushing a JavaScript wallet drainer that stole $600,000 in crypto and NFTs.
- December 14, 2023
- 11:22 AM
- 0
-
UK and South Korea: Hackers use zero-day in supply-chain attack
A joint advisory by the National Cyber Security Centre (NCSC) and Korea's National Intelligence Service (NIS) discloses a supply-chain attack executed by North Korean hackers involving the MagicLineThe National Cyber Security Centre (NCSC) and Korea's National Intelligence Service (NIS) warn that the North Korean Lazarus hacking grou
- November 24, 2023
- 12:28 PM
- 0
-
Hackers breach healthcare orgs via ScreenConnect remote access
Security researchers are warning that hackers are targeting multiple healthcare organizations in the U.S. by abusing the ScreenConnect remote access tool.
- November 10, 2023
- 02:57 PM
- 0
-
Lazarus hackers breached dev repeatedly to deploy SIGNBT malware
The North Korean Lazarus hacking group repeatedly compromised a software vendor using flaws in vulnerable software despite multiple patches and warnings being made available by the developer.
- October 27, 2023
- 12:15 PM
- 0
-
Free Download Manager releases script to check for Linux malware
The developers of Free Download Manager (FDM) have published a script to check if a Linux device was infected through a recently reported supply chain attack.
- September 20, 2023
- 03:02 PM
- 0
-
Free Download Manager site redirected Linux users to malware for years
A reported Free Download Manager supply chain attack redirected Linux users to a malicious Debian package repository that installed information-stealing malware.
- September 12, 2023
- 11:25 AM
- 5
-
Carderbee hacking group hits Hong Kong orgs in supply chain attack
A previously unidentified APT hacking group named 'Carderbee' was observed attacking organizations in Hong Kong and other regions in Asia, using legitimate software to infect targets' computers with the PlugX malware.
- August 22, 2023
- 06:00 AM
- 0
-
Rust devs push back as Serde project ships precompiled binaries
Serde, a popular Rust (de)serialization project, has decided to ship its serde_derive macro as a precompiled binary. This has generated a fair amount of concern among some developers who highlight the future legal and technical issues this may pose, along with a potential for supply chain attacks.
- August 19, 2023
- 09:55 AM
- 0
-
Amazon AWS distances itself from Moq amid data collection controversy
Amazon AWS has withdrawn its association with open source project Moq after the project drew sharp criticism for its quiet addition of data collection features, as first reported by BleepingComputer.
- August 11, 2023
- 10:04 AM
- 2
-
Popular open source project Moq criticized for quietly collecting data
Open source project Moq (pronounced "Mock") has drawn sharp criticism for quietly including a controversial dependency in its latest release. Moq's 4.20.0 release from this week included another project, SponsorLink, which caused an uproar among open source software consumers, who likened the move to a breach of trust.
- August 09, 2023
- 01:42 PM
- 4
-
Millions of GitHub repos likely vulnerable to RepoJacking, researchers say
Millions of GitHub repositories may be vulnerable to dependency repository hijacking, also known as "RepoJacking," which could help attackers deploy supply chain attacks impacting a large number of users.
- June 22, 2023
- 11:45 AM
- 0
-
PyPI announces mandatory use of 2FA for all software publishers
The Python Package Index (PyPI) has announced that it will require every account that manages a project on the platform to have two-factor authentication (2FA) turned on by the end of the year.
- May 28, 2023
- 10:09 AM
- 0
-
Lazarus hackers now push Linux malware via fake job offers
A new Lazarus campaign considered part of "Operation DreamJob" has been discovered targeting Linux users with malware for the first time.
- April 20, 2023
- 11:43 AM
- 0
-
Hackers compromise 3CX desktop app in a supply chain attack
A digitally signed and trojanized version of the 3CX Voice Over Internet Protocol (VOIP) desktop client is reportedly being used to target the company's customers in an ongoing supply chain attack.
- March 29, 2023
- 06:46 PM
- 0
0
-
Remove the Theonlinesearch.com Search Redirect
Filed Under: Adware -
Remove the Smartwebfinder.com Search Redirect
Filed Under: Adware -
How to remove the PBlock+ adware browser extension
Filed Under: Adware -
Remove the Toksearches.xyz Search Redirect
Filed Under: Adware -
Remove the Smashapps.net Search Redirect
Filed Under: Adware
-
Version: 5.1.5.1165M+ Downloads
-
Version: 1.33.07554,224 Downloads
-
Version: 0.8141,953 Downloads
-
Version: NA103,249 Downloads
-
Version: NA150,238 Downloads
