I am not a robot: ClickFix used to deploy StealC and Qilin
The fake human verification process led to infostealer and ransomware infections
The fake human verification process led to infostealer and ransomware infections
Related
OttoKit WordPress Plugin with 100K+ Installs Hit by Exploits Targeting Multiple Flaws
A second security flaw impacting the OttoKit (formerly SureTriggers) WordPress plugin has come under active exploitation in the wild. The vulnerability, tracked as CVE-2025-27007 (CVSS score: 9.8), is a privilege escalation bug impacting all versions of the plugin prior to and including version 1.0.82. “This is due to the create_wp_connection() function missing a capability check…
Hackers exploit Four-Faith router flaw to open reverse shells
Threat actors are exploiting a post-authentication remote command injection vulnerability in Four-Faith routers tracked as CVE-2024-12856 to open reverse shells back to the attackers. […]
Those ‘Summarize With AI’ Buttons May Lying to You
Microsoft uncovered AI recommendation poisoning in 31 companies across 14 industries, and turnkey tools make it trivially easy to pull off.
Intergenerational Mentoring: Key to Cybersecurity’s AI Future
As threats evolve and technology changes, our ability to work together across generations will determine our success.
Commvault: Vulnerability Patch Works as Intended
The security researcher who questioned the effectiveness of a patch for recently disclosed bug in Commvault Command Center did not test patched version, the company says.
New macOS XCSSET Variant Targets Firefox with Clipper and Persistence Module
Cybersecurity researchers have discovered an updated version of a known Apple macOS malware called XCSSET that has been observed in limited attacks. “This new variant of XCSSET brings key changes related to browser targeting, clipboard hijacking, and persistence mechanisms,” the Microsoft Threat Intelligence team said in a Thursday report. “It employs sophisticated encryption and obfuscation