RomCom malware spread via Google Ads for ChatGPT, GIMP, more

A new campaign distributing the RomCom backdoor malware is impersonating the websites of well-known or fictional software, tricking users into downloading and launching malicious installers. [...]

https://www.bleepingcomputer.com/news/security/romcom-malware-spread-via-google-ads-for-chatgpt-gimp-more/

 Microsoft finds macOS bug that lets hackers bypass SIP root restrictions

Apple has recently addressed a vulnerability that lets attackers with root privileges bypass System Integrity Protection (SIP) to install "undeletable" malware and access the victim's private data by circumventing Transparency, Consent, and Control (TCC) security checks. [...]

https://www.bleepingcomputer.com/news/security/microsoft-finds-macos-bug-that-lets-hackers-bypass-sip-root-restrictions/

Latest news and stories from BleepingComputer.com
Barracuda zero-day abused since 2022 to drop new malware, steal data

Network and email security firm Barracuda today revealed that a recently patched zero-day vulnerability had been exploited for at least seven months to backdoor customers' Email Security Gateway (ESG) appliances with custom malware and steal data. [...]

Latest news and stories from BleepingComputer.com
WordPress plugin ‘Gravity Forms’ vulnerable to PHP object injection

The premium WordPress plugin 'Gravity Forms,' currently used by over 930,000 websites, is vulnerable to unauthenticated PHP Object Injection. [...]

Latest news and stories from BleepingComputer.com
Microsoft finds macOS bug that lets hackers bypass SIP root restrictions

Apple has recently addressed a vulnerability that lets attackers with root privileges bypass System Integrity Protection (SIP) to install "undeletable" malware and access the victim's private data by circumventing Transparency, Consent, and Control (TCC) security checks. [...]

Latest news and stories from BleepingComputer.com
RomCom malware spread via Google Ads for ChatGPT, GIMP, more

A new campaign distributing the RomCom backdoor malware is impersonating the websites of well-known or fictional software, tricking users into downloading and launching malicious installers. [...]

 WordPress plugin ‘Gravity Forms’ vulnerable to PHP object injection

The premium WordPress plugin 'Gravity Forms,' currently used by over 930,000 websites, is vulnerable to unauthenticated PHP Object Injection. [...]

https://www.bleepingcomputer.com/news/security/wordpress-plugin-gravity-forms-vulnerable-to-php-object-injection/

 Barracuda zero-day abused since 2022 to drop new malware, steal data

Network and email security firm Barracuda today revealed that a recently patched zero-day vulnerability had been exploited for at least seven months to backdoor customers' Email Security Gateway (ESG) appliances with custom malware and steal data. [...]

https://www.bleepingcomputer.com/news/security/barracuda-zero-day-abused-since-2022-to-drop-new-malware-steal-data/

 WordPress force installs critical Jetpack patch on 5 million sites

Automattic, the company behind the open-source WordPress content management system, has started force installing a security patch on millions of websites today to address a critical vulnerability in the Jetpack WordPress plug-in. [...]

https://www.bleepingcomputer.com/news/security/wordpress-force-installs-critical-jetpack-patch-on-5-million-sites/

Latest news and stories from BleepingComputer.com
WordPress force installs critical Jetpack patch on 5 million sites

Automattic, the company behind the open-source WordPress content management system, has started force installing a security patch on millions of websites today to address a critical vulnerability in the Jetpack WordPress plug-in. [...]

Latest news and stories from BleepingComputer.com
Stealthy SeroXen RAT malware increasingly used to target gamers

A stealthy remote access trojan (RAT) named 'SeroXen' has recently gained popularity as cybercriminals begin using it for its low detection rates and powerful capabilities. [...]

 Dark Pink hackers continue to target govt and military organizations

The Dark Pink APT hacking group continues to be very active in 2023, observed targeting government, military, and education organizations in Indonesia, Brunei, and Vietnam. [...]

https://www.bleepingcomputer.com/news/security/dark-pink-hackers-continue-to-target-govt-and-military-organizations/

 7 Stages of Application Testing: How to Automate for Continuous Security

There are seven main stages of a complex pen testing process that must be followed in order to effectively assess an application's security posture. Learn more from OutPost24 about these stages and how PTaaS can find flaws in web applications, [...]

https://www.bleepingcomputer.com/news/security/7-stages-of-application-testing-how-to-automate-for-continuous-security/

 Toyota finds more misconfigured servers leaking customer info

Toyota Motor Corporation has discovered two additional misconfigured cloud services that leaked car owners' personal information for over seven years. [...]

https://www.bleepingcomputer.com/news/security/toyota-finds-more-misconfigured-servers-leaking-customer-info/

 Stealthy SeroXen RAT malware increasingly used to target gamers

A stealthy remote access trojan (RAT) named 'SeroXen' has recently gained popularity as cybercriminals begin using it for its low detection rates and powerful capabilities. [...]

https://www.bleepingcomputer.com/news/security/stealthy-seroxen-rat-malware-increasingly-used-to-target-gamers/

Latest news and stories from BleepingComputer.com
Toyota finds more misconfigured servers leaking customer info

Toyota Motor Corporation has discovered two additional misconfigured cloud services that leaked car owners' personal information for over seven years. [...]

Latest news and stories from BleepingComputer.com
7 Stages of Application Testing: How to Automate for Continuous Security

There are seven main stages of a complex pen testing process that must be followed in order to effectively assess an application's security posture. Learn more from OutPost24 about these stages and how PTaaS can find flaws in web applications, [...]

Latest news and stories from BleepingComputer.com
Dark Pink hackers continue to target govt and military organizations

The Dark Pink APT hacking group continues to be very active in 2023, observed targeting government, military, and education organizations in Indonesia, Brunei, and Vietnam. [...]

 Hackers exploit critical Zyxel firewall flaw in ongoing attacks

Hackers are performing widespread exploitation of a critical-severity command injection flaw in Zyxel networking devices, tracked as CVE-2023-28771, to install malware. [...]

https://www.bleepingcomputer.com/news/security/hackers-exploit-critical-zyxel-firewall-flaw-in-ongoing-attacks/

 Terminator antivirus killer is a vulnerable Windows driver in disguise

A threat actor known as Spyboy is promoting a Windows defense evasion tool called "Terminator" on the Russian-speaking forum RAMP (short for Russian Anonymous Marketplace). [...]

https://www.bleepingcomputer.com/news/security/terminator-antivirus-killer-is-a-vulnerable-windows-driver-in-disguise/

 Kali Linux 2023.2 released with 13 new tools, pre-built HyperV image

Kali Linux 2023.2, the second version of 2023, is now available with a pre-built Hyper-V image and thirteen new tools, including the Evilginx framework for stealing credentials and session cookies. [...]

https://www.bleepingcomputer.com/news/security/kali-linux-20232-released-with-13-new-tools-pre-built-hyperv-image/