Author Info

Two critical vulnerabilities in the popular WordPress plugin "Spam Protection, Anti-Spam, and FireWall" have been identified, potentially affecting more than 200,000 sites. These flaws could allow attackers to install and activate malicious plugins, leading to remote code execution. CVE-2024-10542 and CVE-2024-10781 Both vulnerabilities hold a CVSS severity

The Python Package Index (PyPI) maintainers have quarantined the "aiocpa" library after discovering its latest update contained malicious code designed to steal private keys through a Telegram bot. Package Details "aiocpa" is recognized as a synchronous and asynchronous Crypto Pay API client, with its initial release

Microsoft is advancing its commitment to passwordless security by testing updates to the WebAuthn API that will allow third-party passkey providers to authenticate on Windows 11. This development enhances the existing Windows Hello experience by integrating alternative biometric authentication options, such as facial recognition and fingerprints, which offer stronger security

Recent findings reveal that cybercriminals are exploiting an outdated Avast Anti-Rootkit driver to bypass security systems by disabling critical defense mechanisms. This approach allows threat actors to gain control of targeted computers, putting sensitive data and systems at risk. Malware Tactics The attack utilizes a variant of an AV Killer,

The European Union is on the cusp of formally appointing a new team of 26 commissioners tasked with executing President Ursula von der Leyen's policy agenda for the next five years. While the final vote is expected next week, it appears highly likely that the new European Commission

Researchers from Microsoft have uncovered that a North Korean hacking group, known as Sapphire Sleet, has pilfered over $10 million in cryptocurrency through an elaborate LinkedIn-driven social engineering scheme. Over six months, operatives associated with the hermit nation executed operations leveraging fake LinkedIn profiles while pretending to be both recruiters

A recent data breach involving the UK Ministry of Justice has exposed sensitive prison layouts on the dark web, sparking significant security concerns. Over the past fortnight, plans of prisons in England and Wales have reportedly been leaked, as revealed by *The Times*. The breach affects confidential layouts from various

Microsoft has launched a much-debated feature, Recall, to Windows Insiders participating in the Dev Channel. This AI-enhanced tool is initially available for PCs powered by Snapdragon processors equipped with Copilot+. The release marks a significant step in Microsoft's strategy to integrate advanced AI functionalities into its operating systems.

Russian APT28 Hackers Exploit US Company Wi-Fi from Afar In a remarkable demonstration of their capabilities, Russian cyber espionage group APT28, also known as Fancy Bear and linked to Russia's military intelligence agency GRU, successfully infiltrated a U.S. company's Wi-Fi network from a distant location.