May 01, 2025Ravie LakshmananMalware / Web Skimming Cybersecurity researchers have shed light on a new campaign targeting WordPress sites that disguises the malware as a security plugin. The plugin, which goes by the name “WP-antymalwary-bot.php,” comes with a variety of features to maintain access, hide itself from the admin dashboard, and execute remote code. “Pinging … Read more
By Byron V. Acohido APIs have become foundational to digital business operations, serving as the behind-the-scenes glue that connects apps, platforms and partners. Related: OWASP’s Top 10 Web App Security Risks But this growing reliance has opened a new front in cybersecurity—one where attackers are quietly exploiting weaknesses buried deep in business logic. In this … Read more
COMMENTARY: The shift to cloud-based email has been a game changer for organizations worldwide, with Microsoft 365 (M365) emerging as a dominant platform for business communication.However, this widespread adoption has also made M365 an attractive target for cybercriminals, who now leverage the platform itself to launch highly-deceptive attacks. Unlike traditional phishing schemes that rely on … Read more
Mar 19, 2025Ravie LakshmananVulnerability / Network Security Cybersecurity researchers have disclosed details of two critical flaws impacting mySCADA myPRO, a Supervisory Control and Data Acquisition (SCADA) system used in operational technology (OT) environments, that could allow malicious actors to take control of susceptible systems. “These vulnerabilities, if exploited, could grant unauthorized access to industrial control … Read more
Everyday workers are now being pitched to turn against their employers and join ransomware attacks. Researchers with security vendor GroupSense report that, as an addendum to their normal ransomware notifications, malware operators are now pitching victims on the prospect of infecting additional machines on their company network. The offer comes as part of the notification … Read more