Hackers Exploit WordPress mu-Plugins to Inject Spam and Hijack Site Images
https://squeet.me/display/962c3e10-c5bdebec-73bf66ccda45e846
Recherches récentes
Options de recherche
#vulnerability
30 messages22 participants5 messages aujourd’hui
Hackers Exploit WordPress mu-Plugins to Inject Spam and Hijack Site Images
“Threat actors are using the “mu-plugins” directory in WordPress sites to conceal malicious code with the goal of maintaining persistent remote access and redirecting site visitors to bogus sites.mu-plugins, short for must-use plugins, refers to plu ...continues
See https://gadgeteer.co.za/hackers-exploit-wordpress-mu-plugins-to-inject-spam-and-hijack-site-images/
GadgeteerZA · Hackers Exploit WordPress mu-Plugins to Inject Spam and Hijack Site Images“Threat actors are using the “mu-plugins” directory in WordPress sites to conceal malicious code with the goal of maintaining persistent remote access and
Vulnerability CVE-2025-22457 has received a comment on Vulnerability-Lookup:
PoC for CVE-2025-22457
http://vulnerability.circl.lu/comment/1140d063-7d5a-4971-8e08-9514c03dfef7
vulnerability.circl.luComment - PoC for CVE-2025-22457Vulnerability-Lookup - Fast vulnerability lookup correlation from different sources.
You can now share your thoughts on vulnerability CVE-2025-0127 in Vulnerability-Lookup:
https://vulnerability.circl.lu/vuln/CVE-2025-0127
Palo Alto Networks - Cloud NGFW
vulnerability.circl.lucvelistv5 - CVE-2025-0127Vulnerability-Lookup - Fast vulnerability lookup correlation from different sources.
OttoKit WordPress Plugin Vulnerability has been Patched
This vulnerability is tracked as CVE-2025-3102 with a
CVSS score of 8.1.
Pulse ID: 67f86f3e478f6cc0306f815b
Pulse Link: https://otx.alienvault.com/pulse/67f86f3e478f6cc0306f815b
Pulse Author: cryptocti
Created: 2025-04-11 01:24:14
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.
#Acting Coach Eric Morris’ #Vulnerability Exercises
https://castingfrontier.com/blog/acting-coach-eric-morris-vulnerability-exercises/?lid=1lusc65l8zoh
Casting Frontier · Acting Coach Eric Morris' Vulnerability Exercises - Casting FrontierHere are three exercises acting instructor Eric Morris uses with his students to help them tap into their vulnerability and expressiveness.
Orgs using the SonicWall Netextender should upgrade to the latest version 10.3.2
There are three vulnerabilities fixed for Improper Privilege Management, Local Privilege Escalation and Improper Link Resolution Before File Access.
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0006
@cR0w
psirt.global.sonicwall.comSecurity Advisory
PipeMagic Trojan Exploits Windows Zero-Day Vulnerability to Deploy Ransomware
Pulse ID: 67f71a9514c00a52486bcf28
Pulse Link: https://otx.alienvault.com/pulse/67f71a9514c00a52486bcf28
Pulse Author: cryptocti
Created: 2025-04-10 01:10:45
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.
Two new blogs:
1. "#Disasters that never happened: 6 preventive actions" https://www.preventionweb.net/drr-community-voices/disasters-never-happened-6-preventive-actions
2. "Mental Health #FirstAid for #Bangladesh"
https://www.psychologytoday.com/us/blog/disaster-by-choice/202504/mental-health-first-aid-in-bangladesh-10-years-of-progress
#DisastersAvoided #DRR #DisastersAreNotNatural #NoNaturalDisasters (so we avoid the phrases #NaturalDisaster #NaturalDisasters) #SendaiFramework #Switch2Sendai #SFDRR #DisasterRisk #DisasterRiskReduction #Health #MentalHealth #MHFA #MentalHealthAwareness #GlobalHealth #PublicHealth #vulnerability #resilience
www.preventionweb.net · Disasters that never happened: Six preventive actionsWhat if the next big flood, wildfire, or heatwave didn't make headlines? Not because it didn't happen, but because communities, governments and local authorities were so well-prepared that a disaster was avoided?
Exploitation of CLFS zero-day leads to ransomware activity
A zero-day elevation of privilege vulnerability in Windows Common Log File System (CLFS) has been exploited against targets in IT, real estate, finance, software, and retail sectors across multiple countries. The exploit, deployed by PipeMagic malware and attributed to Storm-2460, enables privilege escalation and ransomware deployment. The vulnerability, CVE-2025-29824, was patched on April 8, 2025. The attack involves downloading malicious MSBuild files, using PipeMagic, and exploiting CLFS to inject payloads into system processes. Post-exploitation activities include credential theft and ransomware deployment, with similarities to RansomEXX. Microsoft recommends immediate patching and provides mitigation strategies, detection methods, and hunting queries to counter this threat.
Pulse ID: 67f6b1c7251291d51de23a7a
Pulse Link: https://otx.alienvault.com/pulse/67f6b1c7251291d51de23a7a
Pulse Author: AlienVault
Created: 2025-04-09 17:43:35
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.
HackerOne Bug Bounty Disclosure: -click-cross-site-scripting-via-custom-configuration-in-safelistsanitizer-leonsirio - https://www.redpacketsecurity.com/hackerone-bugbounty-disclosure-click-cross-site-scripting-via-custom-configuration-in-safelistsanitizer-leonsirio/
RedPacket Security · HackerOne Bug Bounty Disclosure: -click-cross-site-scripting-via-custom-configuration-in-safelistsanitizer-leonsirio - RedPacket SecurityCompany Name: Ruby on Rails
WhatsApp flaw can let attackers send a file that looks like JPEG but is malicious program, update now
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/whatsapp-flaw-can-let-attackers-send-a-file-that-looks-like-jpeg-but-is-malicious-program-update-now-6-i-3-i-k/gD2P6Ple2L
BeyondMachinesWhatsApp flaw can let attackers send a file that looks like JPEG but is malicious program, update nowMeta has patched a critical vulnerability (CVE-2025-30401) in WhatsApp's Windows application where the mismatch between how attachments are displayed (based on MIME type) versus how they're executed (based on filename extension) allows attackers to send files appearing harmless but containing malicious code that executes when opened.
WhatsApp for Windows Spoofing Flaw Opens Door to Remote Malware Attacks
#WhatsApp #CyberSecurity #WindowsSecurity #CVE202530401 #Infosec #DataProtection #Meta #Vulnerability #RemoteCodeExecution
Exploitation of CLFS zero-day leads to ransomware activity
A zero-day elevation of privilege vulnerability in the Windows Common Log File System (CLFS) has been exploited against targets in various sectors across multiple countries. The exploit, deployed by PipeMagic malware and attributed to Storm-2460, enables privilege escalation and ransomware deployment. Post-exploitation activities include credential theft and file encryption. The vulnerability, tracked as CVE-2025-29824, has been patched. Mitigation strategies include applying security updates, enabling cloud-delivered protection, and implementing advanced security measures. Multiple detection methods and hunting queries are provided for identifying and responding to this threat.
Pulse ID: 67f5d9cac64a676c99e7a36c
Pulse Link: https://otx.alienvault.com/pulse/67f5d9cac64a676c99e7a36c
Pulse Author: AlienVault
Created: 2025-04-09 02:22:02
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.
NEW - 
DCG Domain Blocklist available - last updated 2025/04/08
1689244 - Domains blocked with that build !
Supercharging your content blocker to increase privacy and security.
All available lists:
- uBlockOrigin
- Hosts format & Hosts format with wildcards
- dnsmasq with wildcards
Ready to use lists combined from many permissively licensed sources.
https://divested.dev/pages/dnsbl
#divested #DivestedComputingGroup
#fsf #FUTO #Fedora #codeberg #hardening #linuxtech #cybersec #cybersecurity #infosec #antivirus #hackernews
#opensource #linuxsecurity #vulnerabilities #vulnerability #alpinelinux #router #skynet #foss #freeyourmind
divested.devDnsbl - Divested Computing
WhatsApp Vulnerability Could Facilitate Remote Code Execution https://www.securityweek.com/whatsapp-vulnerability-could-facilitate-remote-code-execution/ #Vulnerabilities #vulnerability #WhatsApp #Meta #MIME
WhatsApp Vulnerability Could Facilitate Remote Code Execution https://www.securityweek.com/whatsapp-vulnerability-could-facilitate-remote-code-execution/ #Vulnerabilities #vulnerability #WhatsApp #Meta #MIME
https://www.europesays.com/1977645/ West Africa’s early heat wave signals climate change’s impact #Climate #ClimateChange #GlobalWarming #health #heat #HeatWave #impacts #Justice #Vulnerability #water #WestAfrica #WestAfricaHeat
Vulnerability-Lookup before 2.7.1 allows stored XSS via a user bio in website/web/views/user.py.
CVE-2025-32413
vulnerability.circl.lucvelistv5 - CVE-2025-32413Vulnerability-Lookup - Fast vulnerability lookup correlation from different sources.
HackerOne Bug Bounty Disclosure: information-disclouser-from-url-parameter-access-lead-to-account-takeover-eneri - https://www.redpacketsecurity.com/hackerone-bugbounty-disclosure-information-disclouser-from-url-parameter-access-lead-to-account-takeover-eneri/
RedPacket Security · HackerOne Bug Bounty Disclosure: information-disclouser-from-url-parameter-access-lead-to-account-takeover-eneri - RedPacket SecurityCompany Name: KHealth