WP Statistics, a plugin installed on more than 600,000 WordPress websites, has an SQL-injection security vulnerability that could let site visitors make off with all kinds of sensitive information from web databases.

Security analysts at ESET identified 158 privacy and security issues in 58 Android stalkerware apps that could lead to account and device hijacking, data manipulation, and remote code execution, among others.

Researchers claim that the Cobalt Strike penetration testing kit, along with the Metasploit framework, was abused to host over 25% of malicious C2 servers deployed in 2020. Do you have a prepared strategy to protect organizations from this threat?

Researchers uncovered a new botnet malware purposed for DDoS attacks on gaming and other sectors. The malware operators created a Discord server and YouTube channel for its demonstration.

In the first week of May, security researchers raised an alarm about a decade-old supply chain flaw in the PHP package manager that could have put millions of websites at risk.

The attack on the Doncaster-based insurance company was just a few days after the Colonial Pipeline’s initial compromise on May 7 and one day before the ransomware gang claimed to be shutting up shop.

Microsoft notes that from December 2020 to February 2021, the Phorpiex bot loader was encountered in 160 countries, with Mexico, Kazakhstan, and Uzbekistan being the top targeted countries.

The company has confirmed that tens of thousands of customer records, including financial information, were exposed to external actors due to the Codecov supply chain breach.

Left unchecked, a BGP route hijack or leak can cause a drastic surge in misdirected internet traffic that eventually leads to global congestion and a Denial of Service (DoS).

Since the DarkSide ransomware operation shut down a week ago, multiple affiliates have complained about not getting paid for past services and issued a claim for bitcoins in escrow at a hacker forum.