Cybersecurity researchers have uncovered a malicious WordPress plugin capable of creating unauthorized administrator accounts and injecting harmful JavaScript code designed to siphon credit card information. This activity is linked to a broader Magecart campaign specifically targeting e-commerce platforms, as reported by Sucuri. According to security analyst Ben Martin, the rogue…
Key Takeaways: 59% of organizations have reported Managed File Transfer (MFT) security incidents, largely due to governance and encryption shortfalls. The GoAnywhere zero-day exploit laid bare serious vulnerabilities exploited by attackers to deploy ransomware. Implementing robust governance and integrated security measures can significantly lessen breach risks and enhance visibility. Recent…
Palo Alto Networks Releases Critical Software Patches for Expedition Tool Palo Alto Networks has announced the rollout of crucial software patches aimed at mitigating multiple security vulnerabilities in its Expedition migration tool. Among these flaws, a significant one has been identified that permits authenticated attackers to gain access to sensitive…
Cyberattack on Iranian National Media Uncovered: Wiper Malware Deployed In late January 2022, a sophisticated cyberattack against the Islamic Republic of Iran Broadcasting (IRIB), a key player in the country’s national media landscape, was confirmed to involve the deployment of wiper malware alongside tailored malicious implants. This incident underscores the…
Data Breach Notification, Data Privacy, Data Security Australian Clinical Labs Fined $5.8 Million for 2022 Data Theft Incident Marianne Kolbasuk McGee (HealthInfoSec) • October 9, 2025 An Australian court has mandated a $5.8 million penalty against Australian Clinical Labs for deficiencies in data management during a data theft incident in…
In September 2025, SonicWall disclosed a data breach affecting its cloud backup service, initially indicating that fewer than 5% of its clients were impacted. However, this assessment has evolved as SonicWall, in collaboration with incident response firm Mandiant, has confirmed that attackers accessed backup configuration files for all customers utilizing…
In a recent development highlighting the growing concerns surrounding youth involvement in cybercrime, two adolescents linked to the notorious LAPSUS$ hacking group received sentences for their participation in a series of high-profile cyberattacks on various corporations. Among the targeted firms were prominent names such as Microsoft, Uber, and Rockstar Games.…
Security Flaw in Oracle E-Business Suite Exposes Multiple Organizations to Cyber Threats On October 10, 2025, a report from Google Threat Intelligence Group (GTIG) and Mandiant confirmed a significant zero-day exploitation of a security vulnerability in Oracle’s E-Business Suite (EBS) software. This flaw has potentially affected numerous organizations since its…
Critical Vulnerability in Aviatrix Controller Exploited for Malicious Activities A recently uncovered severe security vulnerability in the Aviatrix Controller, a cloud networking platform, has drawn significant attention due to its active exploitation in the wild. Security firm Wiz has reported ongoing incidents where attackers are leveraging this critical flaw to…
