Threat actors, likely supported by the Russian government, hacked multiple high-value mail servers around the world by exploiting XSS vulnerabilities, a class of bug that was among the most commonly exploited in decades past. XSS is short for cross-site scripting. Vulnerabilities result from programming errors found in webserver software that, when exploited, allow attackers to… Read More »
Getty Images reader comments 11 with A relentless team of pro-Russia hackers has been exploiting a zero-day vulnerability in widely used webmail software in attacks targeting governmental entities and a think tank, all in Europe, researchers from security firm ESET said on Wednesday. The previously unknown vulnerability resulted from a critical cross-site scripting error in… Read More »
reader comments 16 with Thousands of sites running the WordPress content management system have been hacked by a prolific threat actor that exploited a recently patched vulnerability in a widely used plugin. The vulnerable plugin, known as tagDiv Composer, is a mandatory requirement for using two WordPress themes: Newspaper and Newsmag. The themes are available… Read More »
reader comments 104 with 81 posters participating Share this story A crime forum is holding a quasi-judicial proceeding against the makers of DarkSide, the ransomware that shut down Colonial Pipeline two weeks ago, to hear claims from former affiliates who say the makers skipped town without paying. Or at least that’s what members of crime… Read More »
Getty Images reader comments 40 with 25 posters participating Share this story Cisco has patched its Jabber conferencing and messaging application against a critical vulnerability that made it possible for attackers to execute malicious code that would spread from computer to computer with no user interaction required. Again. The vulnerability, which was first disclosed in… Read More »