SEC X account hacked to hawk crypto-scams
We have seen several high-profile accounts that were taken over on X (formerly Twitter) only to be used for cryptocurrency related promotional activities, like expressing the approval of exchange-traded funds (ETFs). The latest victim in this line-up is the Securities and Exchange Commission...
7.6AI Score
Lawmakers Are Out for Blood After a Hack of the SEC’s X Account Causes Bitcoin Chaos
The US Securities and Exchange Commission is under pressure to explain itself after its X account was compromised, leading to wild swings in the bitcoin...
7.3AI Score
Here’s Some Bitcoin: Oh, and You’ve Been Served!
A California man who lost $100,000 in a 2021 SIM-swapping attack is suing the unknown holder of a cryptocurrency wallet that harbors his stolen funds. The case is thought to be the first in which a federal court has recognized the use of information included in a bitcoin transaction -- such as a...
6.8AI Score
SEC X (Twitter) Account Hacked, Spreads Fake News About Bitcoin ETFs
By Deeba Ahmed Bitcoin's price spiked near $48,000 after the fake post but later fell to around $45,700. This is a post from HackRead.com Read the original post: SEC X (Twitter) Account Hacked, Spreads Fake News About Bitcoin...
7.2AI Score
The SEC’s Official X Account Was ‘Compromised’ and Used to Post Fake Bitcoin News
The US financial regulator says its official @SECGov account was “compromised,” resulting in an “unauthorized” post about the status of Bitcoin...
7.3AI Score
Meet Ika & Sal: The Bulletproof Hosting Duo from Hell
In 2020, the United States brought charges against four men accused of building a bulletproof hosting empire that once dominated the Russian cybercrime industry and supported multiple organized cybercrime groups. All four pleaded guilty to conspiracy and racketeering charges. But there is a...
6.8AI Score
DoJ Charges 19 Worldwide in $68 Million xDedic Dark Web Marketplace Fraud
The U.S. Department of Justice (DoJ) said it charged 19 individuals worldwide in connection with the now-defunct xDedic Marketplace, which is estimated to have facilitated more than $68 million in fraud. In wrapping up its investigation into the dark web portal, the agency said the transnational...
7.1AI Score
Wordfence just launched its bug bounty program. For the first 6 months, all awarded bounties receive a 10% bonus. View the announcement to learn more now! Over the last two weeks, there were 263 vulnerabilities disclosed in 217 WordPress Plugins and 3 WordPress themes that have been added to the...
9.8CVSS
10AI Score
EPSS
WooPayments < 6.7.0 - Unauthenticated Order Deletion via IDOR
Description The plugin does not validate orders ownership which could allow unauthenticated attacker to delete orders by knowing the order ID and cart hash (i.e. they would have to create a cart that matches the items in the order they are trying to delete). Furthermore, only stores running on...
7.5CVSS
7.1AI Score
0.001EPSS
DOJ Slams XCast with $10 Million Fine Over Massive Illegal Robocall Operation
The U.S. Department of Justice (DoJ) on Tuesday said it reached a settlement with VoIP service provider XCast over allegations that it facilitated illegal telemarketing campaigns since at least January 2018, in contravention of the Telemarketing Sales Rule (TSR). In addition to prohibiting the...
6.8AI Score
Malicious code in squaredev-next-online-payments-example (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (c12aadbc7b6d08bd4746e705c7507074eb759ac60f260bdf9a59cd85d966a45b) The OpenSSF Package Analysis project identified 'squaredev-next-online-payments-example' @ 99.0.0 (npm) as malicious. It is considered malicious...
7.1AI Score
Authorization Bypass Through User-Controlled Key vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a through...
7.5CVSS
0.001EPSS
Authorization Bypass Through User-Controlled Key vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a through...
7.5CVSS
7.6AI Score
0.001EPSS
Authorization Bypass Through User-Controlled Key vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a through...
7.5CVSS
7.1AI Score
0.001EPSS
Authorization Bypass Through User-Controlled Key vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a through...
5.9CVSS
7.7AI Score
0.001EPSS
6.5CVSS
7AI Score
0.0004EPSS
9.8CVSS
7AI Score
0.001EPSS
GLSA-202312-07 : QtWebEngine: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202312-07 (QtWebEngine: Multiple Vulnerabilities) Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity:...
8.8CVSS
9AI Score
0.771EPSS
German Authorities Dismantle Dark Web Hub 'Kingdom Market' in Global Operation
German law enforcement has announced the disruption of a dark web platform called Kingdom Market that specialized in the sales of narcotics and malware to "tens of thousands of users." The exercise, which involved collaboration from authorities from the U.S., Switzerland, Moldova, and Ukraine,...
7.1AI Score
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a through...
9.8CVSS
0.001EPSS
Authorization Bypass Through User-Controlled Key vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a through...
7.5CVSS
8AI Score
0.001EPSS
Authorization Bypass Through User-Controlled Key vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a through...
7.5CVSS
0.001EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a through...
9.8CVSS
9.8AI Score
0.001EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Adastra Crypto Cryptocurrency Payment & Donation Box – Accept Payments in any Cryptocurrency on your WP Site for Free.This issue affects Cryptocurrency Payment & Donation Box – Accept Payments in.....
7.2CVSS
7.4AI Score
0.001EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Adastra Crypto Cryptocurrency Payment & Donation Box – Accept Payments in any Cryptocurrency on your WP Site for Free.This issue affects Cryptocurrency Payment & Donation Box – Accept Payments in.....
7.2CVSS
0.001EPSS
Authorization Bypass Through User-Controlled Key vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a through...
7.5CVSS
7.1AI Score
0.001EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Adastra Crypto Cryptocurrency Payment & Donation Box – Accept Payments in any Cryptocurrency on your WP Site for Free.This issue affects Cryptocurrency Payment & Donation Box – Accept Payments in.....
7.2CVSS
8AI Score
0.001EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a through...
9.8CVSS
7.9AI Score
0.001EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Adastra Crypto Cryptocurrency Payment & Donation Box – Accept Payments in any Cryptocurrency on your WP Site for Free.This issue affects Cryptocurrency Payment & Donation Box – Accept Payments in.....
5.5CVSS
7.6AI Score
0.001EPSS
CVE-2023-35915 WordPress WooCommerce Payments Plugin <= 5.9.0 is vulnerable to SQL Injection
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a through...
7.6CVSS
10AI Score
0.001EPSS
Authorization Bypass Through User-Controlled Key vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a through...
7.5CVSS
8.2AI Score
0.001EPSS
FBI issues advisory over Play ransomware
The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) have released a joint Cybersecurity Advisory (CSA) about Play ransomware. According to the FBI, Play made around 300.....
7.7AI Score
Mr. Cooper leaks personal data of 14 million loan and mortgage customers
A major mortgage and loan company based in Dallas, working under the name Mr. Cooper Group Inc. has released more information on a recent breach. In a data breach notification, the company didn't say what type of cyberattack caused the compromise of customer data, calling it a rather...
7.5AI Score
Behind the Scenes of Matveev's Ransomware Empire: Tactics and Team
Cybersecurity researchers have shed light on the inner workings of the ransomware operation led by Mikhail Pavlovich Matveev, a Russian national who was indicted by the U.S. government earlier this year for his alleged role in launching thousands of attacks across the world. Matveev, who resides...
7.5AI Score
Double-Extortion Play Ransomware Strikes 300 Organizations Worldwide
The threat actors behind the Play ransomware are estimated to have impacted approximately 300 entities as of October 2023, according to a new joint cybersecurity advisory from Australia and the U.S. "Play ransomware actors employ a double-extortion model, encrypting systems after exfiltrating data....
9.8CVSS
7.8AI Score
0.973EPSS
Rhadamanthys Malware: Swiss Army Knife of Information Stealers Emerges
The developers of the information stealer malware known as Rhadamanthys are actively iterating on its features, broadening its information-gathering capabilities and also incorporating a plugin system to make it more customizable. This approach not only transforms it into a threat capable of...
8AI Score
Ten Years Later, New Clues in the Target Breach
On Dec. 18, 2013, KrebsOnSecurity broke the news that U.S. retail giant Target was battling a wide-ranging computer intrusion that compromised more than 40 million customer payment cards over the previous month. The malware used in the Target breach included the text string "Rescator," which also.....
7.1AI Score
Wordfence Intelligence Weekly WordPress Vulnerability Report (December 4, 2023 to December 10, 2023)
Wordfence just launched its bug bounty program. Through December 20th 2023, all researchers will earn 6.25x our normal bounty rates when Wordfence handles responsible disclosure for our Holiday Bug Extravaganza! Register as a researcher and submit your vulnerabilities today! Last week, there were.....
9.8CVSS
9.6AI Score
EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo allows Stored XSS.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a...
6.5CVSS
5.8AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo allows Stored XSS.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a...
5.4CVSS
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo allows Stored XSS.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a...
5.4CVSS
6.9AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo allows Stored XSS.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a...
6.5CVSS
6.6AI Score
0.0004EPSS
Security Bulletin: Multiple publicly disclosed libcurl vulnerabilities affect IBM Safer Payments
Summary Libcurl is used by IBM Safer Payments as part of the AVRO support for Kafka. These vulnerabilities have been addressed. Vulnerability Details ** CVEID: CVE-2023-32001 DESCRIPTION: **cURL libcurl could allow a remote authenticated attacker to bypass security restrictions, caused by a race...
5.9CVSS
7.2AI Score
0.002EPSS
SpyLoan Scandal: 18 Malicious Loan Apps Defraud Millions of Android Users
Cybersecurity researchers have discovered 18 malicious loan apps for Android on the Google Play Store that have been collectively downloaded over 12 million times. "Despite their attractive appearance, these services are in fact designed to defraud users by offering them high-interest-rate loans...
7.1AI Score
WooCommerce Payments < 6.5.0 - Contributor+ Cross-Site Scripting
Description The plugin does not validate and escape some of its block attributes before outputting them back in a page/post where the block is rendered, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...
5.4CVSS
5.8AI Score
0.0004EPSS
In Bitcoin Core through 26.0 and Bitcoin Knots before 25.1.knots20231115, datacarrier size limits can be bypassed by obfuscating data as code (e.g., with OP_FALSE OP_IF), as exploited in the wild by Inscriptions in 2022 and 2023. NOTE: although this is a vulnerability from the perspective of the...
5.3CVSS
0.001EPSS
In Bitcoin Core through 26.0 and Bitcoin Knots before 25.1.knots20231115, datacarrier size limits can be bypassed by obfuscating data as code (e.g., with OP_FALSE OP_IF), as exploited in the wild by Inscriptions in 2022 and 2023. NOTE: although this is a vulnerability from the perspective of the...
5.3CVSS
5.4AI Score
0.001EPSS
In Bitcoin Core through 26.0 and Bitcoin Knots before 25.1.knots20231115, datacarrier size limits can be bypassed by obfuscating data as code (e.g., with OP_FALSE OP_IF), as exploited in the wild by Inscriptions in 2022 and 2023. NOTE: although this is a vulnerability from the perspective of the...
5.3CVSS
7.3AI Score
0.001EPSS
In Bitcoin Core through 26.0 and Bitcoin Knots before 25.1.knots20231115, datacarrier size limits can be bypassed by obfuscating data as code (e.g., with OP_FALSE OP_IF), as exploited in the wild by Inscriptions in 2022 and 2023. NOTE: although this is a vulnerability from the perspective of the...
5.7AI Score
0.001EPSS
N. Korea's Kimsuky Targeting South Korean Research Institutes with Backdoor Attacks
The North Korean threat actor known as Kimsuky has been observed targeting research institutes in South Korea as part of a spear-phishing campaign with the ultimate goal of distributing backdoors on compromised systems. "The threat actor ultimately uses a backdoor to steal information and execute.....
7.3AI Score