Plugins on WordPress.org backdoored in supply chain attack

Hackers Slip Backdoor into WordPress Plugins in Latest Supply-Chain Attack

itsecuritynews.info - 28/Jun 08:09

Security researchers announced on Monday that there had been a supply chain attack on up to 36,000 WordPress plugins running on a wide range of...

Multiple WordPress Plugins Compromised: Hackers Create Rogue Admin Accounts

itsecuritynews.info - 25/Jun 04:08

Multiple WordPress plugins have been backdoored to inject malicious code that makes it possible to create rogue administrator accounts with the aim of...

Developer Accounts Compromised Due to Credential Reuse in WordPress.org Supply Chain Attack

itsecuritynews.info - 26/Jun 22:09

On June 24th, 2024, the Wordfence Threat Intelligence Team became aware of a WordPress plugin, Social Warfare, that was infected with malware through...

Over 110,000 Websites Affected by Hijacked Polyfill Supply Chain Attack

itsecuritynews.info - 26/Jun 05:06

Google has taken steps to block ads for e-commerce sites that use the Polyfill.io service after a Chinese company acquired the domain and modified the...

Polyfill.io JavaScript supply chain attack impacts over 100K sites

bleepingcomputer.com - 25/Jun 18:10

Over 100,000 sites have been impacted in a supply chain attack by the Polyfill.io service after a Chinese company acquired the domain and the script...

If you’re using Polyfill.io code on your site – like 100,000+ are – remove it immediately

itsecuritynews.info - 26/Jun 00:04

Scripts turn malicious, infect webpages after Chinese CDN swallows domain The polyfill.io domain is being used to infect more than 100,000 websites...

‘Perfect 10’ Apple Supply Chain Bug — Millions of Apps at Risk of CocoaPods RCE

itsecuritynews.info - 17:04

Tim looks grim: 10 year old vulnerabilities in widely used dev tool include a CVSS 10.0 remote code execution bug. The post ‘Perfect 10’ Apple...

We analyzed the entire web and found a cybersecurity threat lurking in plain sight

techxplore.com - 29/Jun 13:10

Our latest research has found that clickable links on websites can often be redirected to malicious destinations. We call these "hijackable...

Shutter Launches First Threshold Encrypted Mempool for Ethereum-like Networks on Gnosis Chain to Combat US$900M Crypto Trading Problem

cryptonomist.ch - 19/Jun 10:00

Mainz, Germany, June 19th, 2024, Chainwire Shutter, an open-source protocol initially developed by brainbot and focused on preventing malicious...

Cloudflare: We never authorized polyfill.io to use our name

bleepingcomputer.com - 27/Jun 09:18

Cloudflare, a lead provider of content delivery network (CDN) services, cloud security, and DDoS protection has warned that it has not authorized...

Rubriques :