WordPress WooCommerce Anti-Fraud plugin <= 7.2.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Austin Ginder in WordPress Plugin WooCommerce Anti-Fraud versions = 7.2.6...

Malicious code in xp-anti-fraud-js-lib (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis f4628140ad8ca2bfe8fde97530e932f9f26df49b3841157bc7f8aa50535e77f7 The OpenSSF Package Analysis project identified 'xp-anti-fraud-js-lib...

MAL-2025-6240 Malicious code in xp-anti-fraud-js-lib (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis f4628140ad8ca2bfe8fde97530e932f9f26df49b3841157bc7f8aa50535e77f7 The OpenSSF Package Analysis project identified 'xp-anti-fraud-js-lib...

New Grandoreiro Banking Malware Variants Emerge with Advanced Tactics to Evade Detection

New variants of a banking malware called Grandoreiro have been found to adopt new tactics in an effort to bypass anti-fraud measures, indicating that the malicious software is continuing to be actively developed despite law enforcement efforts to crack down on the operation. "Only part of this ga...

Grandoreiro, the global trojan with grandiose goals

Grandoreiro is a well-known Brazilian banking trojan — part of the Tetrade umbrella — that enables threat actors to perform fraudulent banking operations by using the victim's computer to bypass the security measures of banking institutions. It's been active since at least 2016 and is now one of...

New Leak Shows Business Side of China’s APT Menace

A new data leak that appears to have come from one of Chinas top private cybersecurity firms provides a rare glimpse into the commercial side of Chinas many state-sponsored hacking groups. Experts say the leak illustrates how Chinese government agencies increasingly are contracting out foreign...

Hackers Targeting Italian Corporate Banking Clients with New Web-Inject Toolkit DrIBAN

Italian corporate banking clients are the target of an ongoing financial fraud campaign that has been leveraging a new web-inject toolkit called drIBAN since at least 2019. "The main goal of drIBAN fraud operations is to infect Windows workstations inside corporate environments trying to alter...

Mobile subscription Trojans and their little tricks

Billing fraud is one of the most common sources of income for cybercriminals. There are currently a number of known mobile Trojans specializing in secretly subscribing users to paid services. They usually pay for legitimate services in a users name and scammers take a cut from the money billed...

Arrests of members of Tetrade seed groups Grandoreiro and Melcoz

Spains Ministry of the Interior has announced the arrest of 16 individuals connected to the Grandoreiro and Melcoz also known as Mekotio cybercrime groups. Both are originally from Brazil and form part of the Tetrade umbrella, operating for a few years now in Latin America and Western Europe...

WooCommerce Anti-Fraud <= 3.2 - Unauthenticated Order Status Manipulation

The WooCommerce Anti-Fraud WordPress plugin was affected by an issue where an unauthenticated user could change the order status of any order, as there were no checks when changing the order status. The orderid was also predictable. On an individual level, if you have already received your order,...

WooCommerce Anti-Fraud <= 3.2 - Unauthenticated Order Status Manipulation

The WooCommerce Anti-Fraud WordPress plugin was affected by an issue where an unauthenticated user could change the order status of any order, as there were no checks when changing the order status. The orderid was also predictable. On an individual level, if you have already received your order,...

WordPress WooCommerce Anti-Fraud premium plugin <= 3.2 - Unauthenticated order status manipulation

Unauthenticated order status manipulation issue found by Brian Henry in WordPress WooCommerce Anti-Fraud premium plugin versions = 3.2. Solution Update the WordPress WooCommerce Anti-Fraud premium plugin to the latest available version at least 3.3...

Mail.ru: Получение гарантированного дохода и бонусов без фактического исполнения заказов, при этом используя аккаунты не существующих людей.

Reported demonstrated a possibility to bypass an anti-fraud protection in Citymobil taxi service...

Top 10 Most Innovative Cybersecurity Companies After RSA 2020

The RSA Conference, the world's leading information security conference and exposition, held its 29th annual event in San Francisco last week. According to the organizers, over 36,000 attendees, 704 speakers, and 658 exhibitors gathered at the Moscone Center to discuss privacy, Machine Learning,...

Hacker Scheme Threatens AdSense Customers with Account Suspension

A new e-mail based extortion attack threatens users of Google’s AdSense banner-ad program with creating online behavior that will warrant them an account suspension—perhaps a permanent one–from Google if they don’t pay the attackers in bitcoin. The scam—revealed in a post by security writer and...

‘StrandHogg’ Vulnerability Allows Malware to Pose as Legitimate Android Apps

Researchers have discovered a new Android vulnerability that could allow malware to pose as popular apps and ask for various permissions, potentially allowing hackers to listen in on users, take photos, read and send SMS messages, and basically take over various functions as if they are the...

Cyberthreats to financial institutions 2020: Overview and predictions

Kaspersky Security Bulletin 2019. Advanced threat predictions for 2020 Cybersecurity of connected healthcare 2020: Overview and predictions 5G technology predictions 2020 Corporate security prediction 2020 Key events 2019 Large-scale anti-fraud bypass: Genesis digital fingerprints market uncovere...

Scammers Prey on Instagram Vanity and 'Verified Account' Status

UPDATE A new Instagram phishing scam circulating the internet lures victims in with promises of exclusive “verified account” status – and then makes away with their personal information. The scam centers around Instagram’s labeling of verified accounts, which indicates that the account user is a...

Crooks are selling “Digital Doppelgangers” to bypass anti-fraud protection

By Waqas Financial Crimes to Reach an Unprecedented High by 2023 if Dark Web marketplaces like Genesis are allowed to Operate- Researchers Claim. According to the latest research from Juniper Research, cybercriminals have developed a wide range of advanced tools to help users evade machine...

Digital Doppelgangers

Carding exists for over 20 years. And it is not dead yet. It is alive, and even more – it is being actively developed by cybercriminals. The "good" old method of entering stolen credit card information into online store forms to buy goods and services or using online payment system accounts for t...