lemmydev2

Comments

During our investigation of an SEO spam infection (spam content designed to manipulate search engine results), we discovered a nicely crafted plugin that named itself after the infected domain, helping it evade detection. While this tactic was simple, it easily blended in with other legitimate plugins, making it harder to spot during the troubleshooting process. The plugin was designed to appear harmless, with a folder name that mimicked the site’s domain. This unique customization made the plugin easy to overlook, as it appeared to be a legitimate component made specifically for the site. Continue reading Fake Spam Plugin Uses Victim’s Domain Name to Evade Detection at Sucuri Blog.

Two flaws in TeleMessage are 'frequent attack vectors for malicious cyber actors' The US security watchdog CISA has warned that malicious actors are actively exploiting two flaws in the Signal clone TeleMessage TM SGNL, and has directed federal agencies to patch the flaws or discontinue use of the app by July 22.…

In the past, the bulletproof group has been affiliated with many well-known ransomware and malware groups, such as BianLian and Lumma Stealer.

The second max score this week for Netzilla - not a good look If you're running the Engineering-Special (ES) builds of Cisco Unified Communications Manager or its Session Management Edition, you need to apply Cisco's urgent patch after someone at Switchzilla made a big mistake.…

Manila-based call centre targeted in vishing attack; names, contact details and frequent flyer numbers stolen.

A likely China-nexus threat actor has been exploiting unpatched Ivanti vulnerabilities to gain initial access to victim networks and then patching the systems to block others from breaking in to the same network.

More than 40 fake extensions in Firefox's official add-ons store are impersonating popular cryptocurrency wallets from trusted providers to steal wallet credentials and sensitive data. [...]

Not long ago, travelers worried about bad weather. Now, they’re worried the rental they booked doesn’t even exist. With AI-generated photos and fake reviews, scammers are creating fake listings so convincing, people are losing money before they even pack a bag. The FTC reported that Americans lost $274 million to vacation and travel fraud in 2024. Why travelers fall for it Travel is expensive and people are doing everything they can to find cheaper deals. … More → The post Scammers are trick­ing travelers into booking trips that don’t exist appeared first on Help Net Security.

An information-sharing system used by EU border forces to flag illegal immigrants and suspected criminals in real time was rife with software and security vulnerabilities, according to emails and confidential audit reports obtained by Bloomberg News and investigative newsroom Lighthouse Reports.

The International Criminal Court contained a “sophisticated and targeted” cybersecurity incident that it first identified last week, the organization said in a statement Monday.

The Berlin Commissioner for Data Protection has formally requested Google and Apple to remove the DeepSeek AI application from the application stores due to GDPR violations. [...]