According to security researchers at Defiant, malicious code injected over the past week in five WordPress plugins creates a new administrative account.

The National Institute of Standards and Technology (NIST) has launched a collaborative project to adapt its digital identity guidelines to support public benefits programs, such as those that help beneficiaries pay for food, housing, and more.

"P2PInfect" is a worm that uses the Redis in-memory database application to spread across networks in a peer-to-peer, worm-like way, building a botnet in the process.

Threat actors are using a new attack method involving specially crafted Management Saved Console (MSC) files to gain full code execution through Microsoft Management Console (MMC) and dodge security defenses.

A polyfill.io supply chain attack has affected over 100,000 websites after a Chinese company bought the domain and the script was modified to redirect users to malicious websites.

Etay Maor, Chief Security Strategist at Cato Networks, provides his insights into threat actors faking data breaches. Most likely, hackers sell fake data to make more money, according to Maor.

The Shadowserver Foundation warns that botnet attacks are exploiting a recently disclosed critical-severity vulnerability in discontinued Zyxel NAS devices. The code injection flaw can be exploited remotely without authentication.

New fraud campaigns have used the "Medusa" banking Trojan, also known as "TangleBot." Cleafy researchers recently reported that this sophisticated malware family, first discovered in 2020, has returned with significant changes.

The "Thales 2024 Cloud Security Study" found that 44 percent of organizations have had a cloud data breach, with 14 percent having experienced one in the past 12 months.

Researchers at Google's Project Zero introduced "Naptime," a framework to allow Large Language Models (LLMs) to perform vulnerability research.

Researcher Harish Santhanalakshmi Ganesan demonstrated the delivery of malware to Meta's Quest 3 headset. He took on claims that it is almost impossible to install malware on Quest 3 VR, and did it without enabling developer mode.

Indonesia’s national data center has recently been compromised by a hacking group asking for a $8 million ransom that the government won’t pay.