Aggregator

A new variant of the Snake Keylogger malware is being used to actively target Windows users located in China, Turkey, Indonesia, Taiwan, and Spain. Fortinet FortiGuard Labs said the new version of the malware has been behind over 280 million blocked infection attempts worldwide since the start of the year. "Typically delivered through phishing emails containing malicious attachments or links,

Two OpenSSH vulnerabilities could allow machine-in-the-middle (MitM) and denial-of-service (DoS) attacks under certain conditions. The Qualys Threat Research Unit (TRU) has discovered two vulnerabilities in OpenSSH. The first, tracked as CVE-2025-26465 (CVSS score: 6.8) can be exploited by an attacker to conduct an active machine-in-the-middle attack on the OpenSSH client when the VerifyHostKeyDNS option is enabled. The […]

A vulnerability was found in yaycommerce YaySMTP and Email Logs Plugin up to 2.6.2 on WordPress. It has been declared as problematic. Affected by this vulnerability is the function wp_kses_post of the component Any SMTP Service. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2025-0916. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in enituretechnology Small Package Quotes Plugin up to 5.2.18 on WordPress and classified as critical. This issue affects some unknown processing. The manipulation of the argument edit_id/dropship_edit_id leads to sql injection. The identification of this vulnerability is CVE-2024-13534. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in enituretechnology Small Package Quotes Plugin up to 1.3.5 on WordPress. It has been classified as critical. Affected is an unknown function. The manipulation of the argument edit_id leads to sql injection. This vulnerability is traded as CVE-2024-13533. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability has been found in xpeedstudio ElementsKit Elementor Addons Plugin up to 3.4.0 on WordPress and classified as critical. This vulnerability affects the function get_megamenu_content. The manipulation leads to improper access controls. This vulnerability was named CVE-2025-0968. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in enituretechnology Small Package Quotes Plugin up to 4.3.1 on WordPress. This affects an unknown part. The manipulation of the argument edit_id/dropship_edit_id leads to sql injection. This vulnerability is uniquely identified as CVE-2024-13491. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in enituretechnology LTL Freight Quotes Plugin up to 3.3.7 on WordPress. Affected by this issue is some unknown functionality. The manipulation of the argument edit_id/dropship_edit_id leads to sql injection. This vulnerability is handled as CVE-2024-13485. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as critical was found in enituretechnology LTL Freight Quotes Plugin up to 2.2.10 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation of the argument edit_id/dropship_edit_id leads to sql injection. This vulnerability is known as CVE-2024-13483. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as critical has been found in enituretechnology LTL Freight Quotes Plugin up to 3.3.4 on WordPress. Affected is an unknown function. The manipulation of the argument edit_id/dropship_edit_id leads to sql injection. This vulnerability is traded as CVE-2024-13481. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in enituretechnology LTL Freight Quotes Plugin up to 3.2.4 on WordPress. It has been rated as critical. This issue affects some unknown processing. The manipulation of the argument dropship_edit_id/edit_id leads to sql injection. The identification of this vulnerability is CVE-2024-13479. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in enituretechnology LTL Freight Quotes Plugin up to 3.6.4 on WordPress. It has been declared as critical. This vulnerability affects unknown code. The manipulation of the argument dropship_edit_id/edit_id leads to sql injection. This vulnerability was named CVE-2024-13478. The attack can be initiated remotely. There is no exploit available.

Today, CISA—in partnership with the Federal Bureau of Investigation (FBI) and Multi-State Information Sharing and Analysis Center (MS-ISAC)—released a joint Cybersecurity Advisory, #StopRansomware: Ghost (Cring) Ransomware. This advisory provides network defenders with indicators of compromise (IOCs), tactics, techniques, and procedures (TTPs), and detection methods associated with Ghost ransomware activity identified through FBI investigations.

Ghost actors conduct these widespread attacks targeting and compromising organizations with outdated versions of software and firmware on their internet facing services. These malicious ransomware actors are known to use publicly available code to exploit Common Vulnerabilities and Exposures (CVEs) where available patches have not been applied to gain access to internet facing servers. The known CVEs are CVE-2018-13379, CVE-2010-2861, CVE-2009-3960, CVE-2021-34473, CVE-2021-34523, CVE-2021-31207.

CISA encourages network defenders to review this advisory and apply the recommended mitigations. See #StopRansomware and the #StopRansomware Guide for additional guidance on ransomware protection, detection, and response. Visit CISA’s Cross-Sector Cybersecurity Performance Goals for more information on the CPGs, including added recommended baseline protections.

Venture capital firm Insight Partners, which counts Recorded Future, SentinelOne and Wiz in its portfolio, confirmed an intrusion into its systems via a social engineering attack

Russian threat actors have been launching phishing campaigns that exploit the legitimate "Linked Devices" feature in the Signal messaging app to gain unauthorized access to accounts of interest. [...]

As the 2025 U.S. tax season reaches its peak, cybersecurity analysts report a dramatic escalation in phishing campaigns exploiting IRS and federal tax themes. Between January 1 and February 18, threat actors registered 158 unique domains mimicking official IRS subdomains like “irs.gov.*”, deploying advanced social engineering tactics through SMS phishing (smishing) and social media platforms. […]

The post New IRS and Tax-Themed Cyber Attacks Fueled With New Domain Registrations appeared first on Cyber Security News.