Security Affairs.
- Get link
- X
- Other Apps
"Attackers actively exploit critical zero-day in Alone WordPress Theme.'
Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents. Accessed on 03 August 2025, 1448 UTC.
Content and Source: Email subscription via https://feedly.com.
https://feedly.com/i/subscription/feed%2Fhttp%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2Ffeed
Please check subscription link or scroll down to read your selections. Thanks for joining us today.
Russ Roberts (https://www.hawaiicybersecurityjournal.net).
48
Most popular
IoC > 2 IPs
87by Pierluigi Paganini / 2d
•2 TTPs
Hackers exploit a critical vulnerability, tracked as CVE-2025-5394 (CVSS score of 9.8), in the Alone WordPress theme to hijack sites. Threat actors are actively exploiting a critical flaw, tracked as CVE-2025-5394 (CVSS score of 9.8), in the “ Alone – Charity Multipurpose Non-profit WordPress Theme ” to compromise websites. On May 30th, 2025, security researcher Thái An reported the bug via WordP
7 TTPs
by Pierluigi Paganini / 1h
•Akira ransomware targets SonicWall VPN
Akira ransomware targets fully patched SonicWall VPNs in suspected zero-day attacks, with multiple intrusions seen in late July 2025. Arctic Wolf Labs researchers reported that Akira ransomware is exploiting SonicWall SSL VPNs in a likely zero-day attack, targeting even fully patched devices. Arctic Wolf Labs observed multiple intrusions via VPN access in late July 2025. Evidence suggests a likel
by Pierluigi Paganini / 1h
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Endgame Gear mouse config tool infected users with malware Auto-Color Backdoor: How Darktrace Thwarted a Stealthy Linux Intrusion Sealed Chain of Deception: Actors leveraging Node.JS to Launch JSCeal Decrypted: FunkSec Ransomware Threat actor use
Yesterday
by Pierluigi Paganini / 5h
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. New Linux backdoor Plague bypasses auth via malicious PAM module China Presses Nvidia Over Alleged Backdoors in H20 Chips Amid Tech Tensions Malicio
7 TTPs
51by Pierluigi Paganini / 15h
•Undetectable Linux backdoor exploits PAM
A stealthy Linux backdoor named Plague, hidden as a malicious PAM module, allows attackers to bypass auth and maintain persistent SSH access. Nextron Systems researchers discovered a new stealthy Linux backdoor called Plague, hidden as a malicious PAM (Pluggable Authentication Module) module. It silently bypasses authentication and grants persistent SSH access. A Pluggable Authentication Module (
Nvidia H20 demand exceeds supply
by Pierluigi Paganini / 16h
China questioned Nvidia over suspected backdoors in its H20 chips, adding to rising tensions in the tech fight between the U.S. and Beijing. China’s internet watchdog has summoned Nvidia over concerns that its H20 AI chips may contain hidden backdoors. Nvidia H20 chips are AI GPUs tailored for the Chinese market, based on Hopper architecture. They deliver strong AI performance but with reduced fe
Aug 1, 2025
11 TTPs
by Pierluigi Paganini / 1d
•AI malware drains cryptocurrency funds
AI-generated npm package @kodane/patch-manager drained Solana wallets; 1,500+ downloads before takedown on July 28, 2025. AI-generated npm package @kodane/patch-manager was flagged for hiding malicious software to drain Solana wallets. The package was uploaded on July 28, 2025, and it was downloaded more than 1,500 times before takedown. “The package @kodane/patch-manager, is a sophisticated cryp
by Pierluigi Paganini / 1d
Meta backs Pwn2Own Ireland 2025 in Cork, offering up to $1M for WhatsApp exploits; targets include phones and wearables, Oct 21–24 via Zero Day Initiative. Meta is sponsoring ZDI’s Pwn2Own Ireland 2025 hacking competition, where participants can earn big prizes for smartphone, WhatsApp and wearable device exploits. Participants can earn up to $1 million for a WhatsApp exploit that allows attacker
IoC > 1 domain
by Pierluigi Paganini / 2d
•21 TTPs
Storm2603 exploits SharePoint vulnerabilities
Storm-2603 group exploits SharePoint flaws and uses a custom C2 framework, AK47 C2, with HTTP- and DNS-based variants named AK47HTTP and AK47DNS. Check Point Research is tracking a ToolShell campaign exploiting four Microsoft SharePoint flaws, linking it to China-nexus groups APT27 , APT31 , and a new cluster, Storm-2603. The researchers pointed out that Storm-2603’s goals remain unclear. Storm-2
Jul 31, 2025
by Pierluigi Paganini / 2d
CISA releases Thorium, an open-source tool for malware and forensic analysis, now available to analysts in government, public, and private sectors. CISA has released Thorium , a new open-source platform designed to support malware and forensic analysis. The platform was designed in collaboration with Sandia National Laboratories , the US Agency presented it as a scalable, open-source platform for
18 TTPs
by Pierluigi Paganini / 2d
•Russian hackers target Moscow embassies
Russia-linked Secret Blizzard targets foreign embassies in Moscow via ISP-level AitM attacks, deploying custom ApolloShadow malware. Microsoft researchers uncovered a cyberespionage campaign by the Russia-linked APT group Secret Blizzard (aka Turla , Snake , Uroburos , Waterbug , Venomous Bear and KRYPTON ) targeting foreign embassies in Moscow. The threat actor uses an adversary-in-the-middle (A
Jul 30, 2025
2 TTPs
by Pierluigi Paganini / 3d
Critical flaws in Dahua cameras let hackers take control remotely. The vendor has released patches, users should update firmware asap. Bitdefender cybersecurity experts discovered serious vulnerabilities in Dahua smart cameras that could have allowed hackers to take full control of the devices remotely. Fortunately, the vulnerabilities have been patched, but users are urged to update their firmwa
7 TTPs
by Pierluigi Paganini / 3d
•FunkSec AI ransomware rapidly spreads
Researchers have released a decryptor for the ransomware FunkSec, allowing victims to recover their encrypted files for free. Researchers at Avast developed a decryptor for the FunkSec ransomware. Gen Digital researchers released a decryptor for the FunkSec ransomware after cooperating with law enforcement to neutralize the threat. “Researchers at Avast developed a decryptor for the FunkSec ranso
32by Pierluigi Paganini / 3d
Apple addressed a high-severity vulnerability that has been exploited in zero-day attacks targeting Google Chrome users. Apple released security updates to address a high-severity vulnerability, tracked as CVE-2025-6558 (CVSS score of 8.8), that has been exploited in zero-day attacks targeting Google Chrome users. The vulnerability is an insufficient validation of untrusted input in ANGLE and GPU
by Pierluigi Paganini / 4d
PyPI warns of phishing emails from noreply@pypj[.]org posing as “[PyPI] Email verification” to redirect users to fake package sites. PyPI warns of an active phishing attack using fake “[PyPI] Email verification” messages from noreply@pypj[.]org, aiming to lure users to spoofed PyPI sites. PyPI, short for the Python Package Index, is the official repository for Python software packages. It’s where
3 TTPs
by Pierluigi Paganini / 4d
•US seizes crypto linked ransomware
FBI Dallas seized 20 BTC from Chaos ransomware affiliate “Hors,” tied to cyberattacks on Texas firms, on April 15, 2025. The FBI division in Dallas seized about 20 Bitcoins on April 15, 2025, from a wallet belonging to a Chaos ransomware affiliate named as “Hors.” The Hors affiliate is responsible for multiple cyberattacks on Texas companies. “On Thursday, July 24, 2025, the United States filed a
Jul 29, 2025
9 TTPs
by Pierluigi Paganini / 4d
Hackers exploited a SAP NetWeaver bug to deploy upgraded Auto-Color Linux malware in an attack on U.S. chemicals firm. Cybersecurity firm Darktrace reported that threat actors exploited a SAP NetWeaver flaw, tracked as CVE-2025-31324 , to deploy Auto-Color Linux malware in a U.S. chemicals firm attack. “In April 2025, Darktrace identified an Auto-Color backdoor malware attack taking place on the
Orange suffers cyberattack disruption
by Pierluigi Paganini / 4d
Orange, France’s largest telecom provider, reported a cyberattack on one of its internal systems, impacting its operations in Europe and Africa. Orange is a leading French multinational telecommunications operator providing services to individuals, businesses, and governments across Europe, Africa, and the Middle East. Formerly known as France Télécom until rebranding in 2013, the company now ser
2 TTPs
by Pierluigi Paganini / 4d
The dating safety app Tea was hacked, leaking images, posts, and comments of thousands of users who shared anonymous “red flag” reports on men. Tea is a women-only dating safety app launched in 2023 that lets users assess and review potential partners using real-time safety tools, not matchmaking. The app has over 1.6 million members in the U.S., it allows them to perform background checks on men
2 TTPs
by Pierluigi Paganini / 5d
•Cyberattack disrupts Aeroflot flights
A cyberattack claimed by Ukrainian group Silent Crow and Belarusian Cyber-Partisans crippled Aeroflot ’s systems, canceling over 100 flights. On July 28, 2025, a cyberattack claimed by Ukrainian group Silent Crow and Belarusian Cyber-Partisans crippled the systems of Russian state-owned carrier Aeroflot. Over 100 flights were cancelled following the attack, which also caused delays. The attack pa
Jul 28, 2025
2 TTPs
by Pierluigi Paganini / 5d
Seychelles Commercial Bank on Friday said it had recently identified and contained a cybersecurity incident. A hacker claims to have stolen and sold the personal data of clients of Seychelles Commercial Bank. The bank, which provides personal and corporate services on Seychelles, one of the world’s smallest countries, notified customers of a hack, but said only personal information – not money –
2 TTPs
by Pierluigi Paganini / 5d
Microsoft found a macOS flaw letting attackers access private data from protected areas like Downloads and Apple Intelligence caches. Microsoft Threat Intelligence researchers discovered a macOS vulnerability that could allow attackers to steal private data of files normally protected by Transparency, Consent, and Control (TCC) . Apple’s Transparency, Consent, and Control framework in macOS is de
6 TTPs
by Pierluigi Paganini / 5d
U.S. U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Cisco ISE and PaperCut NG/MF flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Cisco ISE and PaperCut NG/MF flaws to its Known Exploited Vulnerabilities (KEV) catalog . Below are the descriptions for these flaws: CVE-2025-20281 Cisco Identity Services E
3 TTPs
by Pierluigi Paganini / 6d
•CVE-2025-24000
Critical vulnerability in Post SMTP plugin risks full site takeover, over 400k sites use it, and nearly half remain unpatched. A critical vulnerability, tracked as CVE-2025-24000 (CVSS of 8.8) in the Post SMTP WordPress plugin, used by 400k sites, allows full site takeover. The plugin Post SMTP is an email delivery plugin that allows site owners to configure custom mailer services, and includes t
14 TTPs
by Pierluigi Paganini / 6d
•Scattered Spider targets VMware hypervisors
Scattered Spider targets VMware ESXi in North America using social engineering, mainly fake IT help desk calls instead of software exploits. The cybercrime group Scattered Spider (aka 0ktapus , Muddled Libra , Octo Tempest , and UNC3944 ) is targeting VMware ESXi hypervisors in retail, airline, and transportation sectors across North America. According to Google’s Mandiant team, the group uses so
Jul 27, 2025
- Get link
- X
- Other Apps
Comments
Post a Comment
Please leave a comment about our recent post.