Cybersecurity Articles

163/68 Friday, May 2, 2025 Security researchers from Wordfence have uncovered a new type of malware targeting WordPress websites by disguising itself as a legitimate anti-malware plugin. The malware often uses deceptive filenames such as WP-antymalwary-bot[.]php or addons[.]php, allowing it to remotely control infected sites. It remains hidden from the WordPress admin dashboard and injects […]

162/68 Thursday, May 1, 2025 France’s Ministry of Foreign Affairs issued a statement on Tuesday accusing APT28, a hacking group linked to Russia’s military intelligence agency (GRU), of carrying out cyberattacks on at least 12 organizations within France over the past four years. The ministry condemned the actions as “destabilizing and dishonorable behavior by a […]

161/68 Thursday, May 1, 2025 Google’s Threat Intelligence Group (GTIG) has released its 2024 annual report, revealing that 75 zero-day vulnerabilities were exploited in the wild—down from 98 in 2023, but still higher than the 63 reported in 2022. One key trend is the increasing focus on enterprise technologies, rather than only end-user platforms. In […]

160/68 Wednesday, April 30, 2025 Trend Research has uncovered a new advanced persistent threat (APT) group dubbed “Earth Kurma”, which is actively targeting government agencies and telecommunications organizations in the Philippines, Vietnam, Thailand, and Malaysia. The group employs custom malware, rootkits, and cloud storage services such as Dropbox and OneDrive to exfiltrate sensitive data, steal […]

159/68 Wednesday, April 30, 2025 A new study reveals that over half of mobile devices worldwide continue to run outdated operating systems, posing a significant cybersecurity risk. The 2025 Global Mobile Threat Report by cybersecurity firm Zimperium highlights a growing trend in cyberattacks targeting mobile devices and vulnerabilities in mobile applications. The report warns that […]

158/68 Tuesday, April 29, 2025 The CSIRT team at Orange Cyberdefense has reported that attackers exploited two vulnerabilities—one of them a zero-day—in Craft CMS to compromise servers and steal data. The vulnerabilities, which were actively exploited in the wild, were discovered during an incident response investigation involving a compromised client server. The two flaws include: […]

157/68 Tuesday, April 29, 2025 Cybersecurity researchers have issued a warning about a large-scale phishing campaign targeting WooCommerce plugin users by exploiting fake security alerts. The attackers are tricking website administrators into downloading a “critical patch” that instead installs a backdoor granting the attacker covert control over the site. Patchstack, a cybersecurity firm specializing in […]

156/68 Monday, April 28, 2025 MTN Group, the South African multinational telecommunications giant, has confirmed a data breach that resulted in unauthorized access to the personal information of some customers in certain countries. However, the company stated that its core network, billing systems, and financial services infrastructure were not affected and remain secure and fully […]

155/68 Monday, April 28, 2025 A recent report by the United Nations Office on Drugs and Crime (UNODC) highlights the growing reach of transnational crime syndicates operating out of Southeast Asia, running large-scale online scam centers that have evolved into a massive “cybercrime industry.” These operations generate tens of billions of dollars annually through various […]

154/68 Friday, April 25, 2025 Blue Shield of California has disclosed a data breach in which Protected Health Information (PHI) of more than 4.7 million members was inadvertently exposed to Google’s analytics and advertising platforms. The breach was due to a misconfiguration of Google Analytics on certain sections of the organization’s website. The incident occurred […]