admin

Two significant security vulnerabilities in the popular Woffice WordPress theme that could allow attackers to gain unauthorized control or access have been patched. The Woffice theme, a premium product developed by Xtendify with over 15,000 sales, provides team and project management functionality for WordPress.  According to a report by Patchstack, the first vulnerability is a privilege

Russian state threat actor Secret Blizzard has leveraged resources and tools used by other cyber groups to support the Kremlin’s military efforts in Ukraine, according to Microsoft. These campaigns have consistently led to the download of Secret Blizzard’s custom malware on devices associated with the Ukrainian military. The analysis is the second part of research

A significant cyber operation exploiting vulnerabilities in improperly configured public websites has been linked to the Nemesis and ShinyHunters hacking groups, exposing sensitive data, including customer information, infrastructure credentials and proprietary source code. According to independent cybersecurity researchers Noam Rotem and Ran Locar, the attackers orchestrated a large-scale internet scan targeting vulnerable endpoints within Amazon Web Services

A federal appeals court has upheld a law that could see TikTok banned across the US unless its Chinese parent company, ByteDance, divests its ownership. The decision was issued by a three-judge panel from the US Court of Appeals for the District of Columbia Circuit on Friday, marking a significant setback for the video-sharing platform

Ransomware group Brain Cipher claimed to have breached Deloitte UK and threatened to publish the data it had stolen earlier this week. However, despite the claims, a Deloitte spokesperson told Infosecurity that its investigation indicates that the allegations relate to a single client’s system which sits outside of the Deloitte network. “No Deloitte systems have

A propaganda campaign conducted primarily on TikTok boosted a far-right candidate who topped the votes in the first round of Romania’s presidential election, according to Romanian authorities. Cǎlin Georgescu, a far-right candidate with pro-Kremlin views, was predicted to receive minimal support in the country’s presidential election, with only 1% of the vote in pre-election polls

The US Federal Communications Commission (FCC) is looking to expanding cybersecurity requirements for US telecommunications firms following the Salt Typhoon cyber-attack which impacted at least eight US communications firms. As part of its “decisive action” the FCC has released a Notice of Rulemaking in which communications firms could be subject to an annual certification requirement

Two severe vulnerabilities in Veeam Service Provider Console (VSPC) software have been patched, including one with a near-maximum CVSS score of 9.9. The issues, designated as CVE-2024-42448 and CVE-2024-42449, were identified during internal testing by Veeam. Both flaws pose significant risks to system integrity, requiring immediate attention from affected service providers. Details of the Vulnerabilities

The Federal Trade Commission (FTC) has banned data brokers Gravy Analytics and Mobilewalla from collecting, using or selling sensitive location data that reveals Americans’ visits to places like healthcare facilities, military bases and religious institutions. The settlements, announced on Tuesday, also require both companies to delete previously collected data and impose strict controls to prevent future

Houston-based ENGlobal Corporation, a contractor specializing in engineering and automation services for the energy sector and US government, announced Monday that a ransomware attack has disrupted its operations. The company disclosed the incident on Monday in aregulatory filing with the US Securities and Exchange Commission (SEC). The breach was identified on November 25 2024, prompting ENGlobal

A new report by a French government agency has accused Azerbaijan of manipulating online users in France’s overseas constituencies and Corsica. In a new report published on December 2, France’s technical agency responsible for monitoring foreign digital interference, VIGINUM, released findings about the Baku Initiative Group (BIG), a state-sponsored organization based in Azerbaijan. From July

UK cybercrime victims are being failed by the justice system, with perpetrators hardly ever facing charges and convictions, according to a report by The Cyber Helpline, a charity supporting individuals impacted by cybercrime and other online harms. The analysis The Funnel of Justice, found that victims of cybercrime in England and Wales are seven-times less

Romania’s national security council has warned that cyber-attacks are being used to influence the fairness of the country’s live presidential election. The Supreme Council of National Defense revealed it was presented with assessments on the actions of state and non-state cyber actors targeting election infrastructure and processes in a meeting on Thursday, November 28. While

An infamous ransomware group has claimed to have compromised sensitive data from a children’s hospital in Liverpool, UK. On November 28, INC Ransom posted on its data leak site that it has obtained large-scale data patient records, donor reports and procurement data for 2018-2024 from Alder Hey Children’s NHS Foundation Trust. The Trust quickly acknowledged

A new cyber-attack technique leveraging the Godot Gaming Engine to execute undetectable malware has been reported by Check Point Research. Using maliciously crafted GDScript code, threat actors deployed malware via “GodLoader,” bypassing most antivirus detections and infecting over 17,000 devices since June 2024. In a statement, the Godot security team said, “Based on the report, affected users