Cybersecurity

Pro versions of three ShapedPlugin WordPress extensions were backdoored after attackers hijacked the official vendor distribution channel.The injected malware steals admin credentials, 2FA codes,...

Critical vulnerabilities in the popular open-source AI platform Dify could have allowed attackers to secretly wiretap and steal AI chat conversations from other customers'...

For the first time, CSIS used its legal "threat reduction" powers to disrupt foreign state-run botnets residing on infected Canadian devices.The Federal Court authorized...

A new malware called AryStinger has infected at least 4,300 older home routers, according to research from QiAnXin's XLab.Instead of creating a typical DDoS...

A WordPress plugin flaw exposes API keys and system data on roughly 100,000 sites.The vulnerability allows unauthenticated attackers to harvest credentials for email services.Over...

A working exploit achieves arbitrary code execution within the SecureROM of Apple's A12 and A13 chips, a flaw burned into the silicon.Affected devices, including...

Security firm Klue suffered a breach via a legacy credential, allowing hackers to steal OAuth tokens and access customer data on integrated platforms.The incident...

Malicious actors are creating a "fake reputation economy" by using coordinated reviews, social media buzz, and paid news articles to promote malware.The goal is...