A new malware campaign called “EtherHiding” has emerged, using BSC contracts to host parts of a malicious code chain. The campaign starts by hijacking WordPress sites and tricking users into downloading fake browser updates that are actually malware.

Six high-severity vulnerabilities, including five that can be exploited remotely, have been addressed by the patches, which could potentially lead to denial of service (DoS) attacks.

Through its Ransomware Vulnerability Warning Pilot (RVWP) program, the CISA has released two new resources to help identify and fix vulnerabilities exploited by ransomware groups.

Conveyor, a startup using large language models (LLMs) like OpenAI’s ChatGPT, has raised $12.5 million in funding led by Cervin Ventures to automate the security review response process for companies.

The website bug allowed unauthorized access to land deed records by guessing sequential application numbers, highlighting the lack of robust security measures on the website.

Void Rabisu employs various tactics, such as signing malware with bought certificates, using malicious advertisements, and exploiting vulnerabilities, including zero-day vulnerabilities.

A new vulnerability in the User Submitted Posts WordPress plugin (versions 20230902 and below) has been discovered by the Patchstack team. The vulnerability has been assigned CVE-2023-45603.

The State Department has undergone a significant cybersecurity overhaul, prioritizing a zero-trust security architecture and implementing key performance indicators and guidance from various federal agencies.

The Vietnamese government is suspected of being behind a targeted campaign using social media to spread links containing commercial spyware, with potential targets including members of the U.S. Congress and European officials.

Cybersecurity has become a top concern for small and medium enterprises (SMEs) and nearly half (48%) of SMEs have experienced at least one cyber incident in the past year, according to a survey from Sage.