PythonAnywhere Cloud Platform Abused for Hosting Ransomware

/in

Razr ransomware is exploiting PythonAnywhere to distribute and encrypt files with AES-256. ANY.RUN’s analysis reveals its behaviour, C2…

Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – ​Read More

Pidgin Users Beware! Malicious Plugin Discovered with Keylogger

/in

The plugin, which was added to Pidgin’s third-party plugins list on July 6th, was flagged by a user, 0xFFFC0000, on August 16th, who reported suspicious behavior, including the unauthorized capture and sharing of screenshots.

Cyware News – Latest Cyber News – ​Read More

Researchers Discover Over 20 Supply Chain Vulnerabilities in MLOps Platforms

/in

Inherent vulnerabilities stem from the underlying formats and processes of the technology, allowing attackers to exploit features like automatic code execution in ML models and certain dataset formats.

Cyware News – Latest Cyber News – ​Read More

Tech Support Scam Found Hijacking Microsoft Search Queries Through Google Ads

/in

Two deceptive campaigns were identified recently using Google ads and Microsoft’s infrastructure. The first scam involves a fake helpdesk page on Microsoft Learn whereas the second one hijacks Microsoft search queries through a Google ad.

Cyware News – Latest Cyber News – ​Read More

Identity of Notorious Hacker USDoD Revealed

/in

USDoD, the hacker known for high-profile data leaks, is a man from Brazil, according to CrowdStrike and others.

The post Identity of Notorious Hacker USDoD Revealed appeared first on SecurityWeek.

SecurityWeek – ​Read More

Seattle Airport Blames Outages on Potential Cyberattack

/in

The Port of Seattle, including the SEA Airport, is experiencing system outages likely caused by a cyberattack.

The post Seattle Airport Blames Outages on Potential Cyberattack appeared first on SecurityWeek.

SecurityWeek – ​Read More

Researchers Discover Several Potential Attack Vectors in Bicycles With Shimano Di2 Wireless Gear-Shifting System

/in

Researchers found a vulnerability in the Shimano Di2 system’s proprietary protocol, making it susceptible to a replay attack. They demonstrated that an attacker could intercept and replay commands using off-the-shelf software-defined radio.

Cyware News – Latest Cyber News – ​Read More

Google Warns of Exploited Chrome Vulnerability

/in

Google flags another high-severity vulnerability patched with the latest Chrome 128 release as exploited in the wild.

The post Google Warns of Exploited Chrome Vulnerability appeared first on SecurityWeek.

SecurityWeek – ​Read More

Centreon Issues Critical Security Update to Fix SQL Injection Vulnerabilities That Threaten IT Monitoring

/in

These vulnerabilities, known as CVE-2024-32501, CVE-2024-33852, CVE-2024-33853, CVE-2024-33854, CVE-2024-5725, and CVE-2024-39841, pose a significant risk to organizations relying on Centreon for IT infrastructure monitoring.

Cyware News – Latest Cyber News – ​Read More

Critical SSTI Flaw in WPML Plugin Exposes Millions of WordPress Sites to RCE Attacks

/in

This vulnerability allows authorized users to inject and execute malicious code through the plugin’s shortcode feature, potentially leading to data theft and website takeover.

Cyware News – Latest Cyber News – ​Read More