Sucuri specialists discover a new Balada Injector campaign targeting vulnerable WordPress websites, exploiting an XSS vulnerability in the Popup Builder plugin and injecting a backdoor disguised as the wp-felody.php plugin, affecting over 1 million sites.
US lawmakers, including Senators Ron Wyden and Cynthia Lummis, are urging an investigation into the recent hack of the SEC’s social media account on X platform, raising concerns about the agency’s cybersecurity measures and failure to implement multi-factor authentication.
The US Cybersecurity and Infrastructure Security Agency (CISA) has issued advisories addressing security issues and vulnerabilities in nine industrial control systems (ICS) products used in critical infrastructure sectors, urging users and administrators to implement recommended mitigations.
German technology manufacturer Bosch successfully addresses vulnerability in smart thermostats, protecting users from potential attacks by fixing a firmware replacement vulnerability.
The Medusa ransomware group has launched a leak site and a Telegram channel to share stolen data and negotiate ransom payments, increasing their activities and posing a serious threat to cybersecurity.
GitLab has released security updates to fix two critical vulnerabilities that allow for account takeovers without user interaction by exploiting bugs in the email verification process and password reset functionality.
