Nike Data Breach Claims Surface as WorldLeaks Leaks 1.4TB of Files Online

As users continue to assess the Under Armour data breach, WorldLeaks, the rebranded version of the Hunters International…...

A week in security (January 19 – January 25)

Last week on Malwarebytes Labs: Spammers abuse Zendesk to flood inboxes with legitimate-looking emails, but why? Fake LastPass maintenance emails target users Under Armour ransomware breach: data of 72 million customers appears on the dark web Can you use too many LOLBins to drop some RATs?...

Under Armour ransomware breach: data of 72 million customers appears on the dark web

When reports first emerged in November 2025 that sportswear giant Under Armour had been hit by the Everest ransomware group, the story sounded depressingly familiar: a big brand, a huge trove of data, and a lot of unanswered questions. Since then, the narrative around what actually happened has...

Everest Ransomware Says It Stole Data of Millions of Under Armour Users

Everest ransomware claims to have breached Under Armour, stealing 343GB of data, including customer info, product records, and internal company files...

EUVD-2024-40596

Malicious code in bioql PyPI...

EUVD-2024-26130

Malicious code in bioql PyPI...

EUVD-2024-40597

Malicious code in bioql PyPI...

CVE-2024-43947

Cross-Site Request Forgery CSRF vulnerability in Dinesh Karki WP Armour Extended.This issue affects WP Armour Extended: from n/a through 1.26...

CVE-2024-43948

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Dinesh Karki WP Armour Extended.This issue affects WP Armour Extended: from n/a through 1.26...

CVE-2024-29091

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Dnesscarkey WP Armour – Honeypot Anti Spam allows Reflected XSS.This issue affects WP Armour – Honeypot Anti Spam: from n/a through 2.1.13...

CVE-2024-43947

Cross-Site Request Forgery CSRF vulnerability in Dinesh Karki WP Armour Extended.This issue affects WP Armour Extended: from n/a through 1.26...

CVE-2024-43947

Cross-Site Request Forgery CSRF vulnerability in Dinesh Karki WP Armour Extended.This issue affects WP Armour Extended: from n/a through 1.26...

CVE-2024-43947 WordPress WP Armour Extended plugin <= 1.26 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Dinesh Karki WP Armour Extended.This issue affects WP Armour Extended: from n/a through 1.26...

CVE-2024-43947

CVE-2024-43947 is a CSRF vulnerability affecting WP Armour Extended up to version 1.26. The Red Hat and Wordfence records confirm the issue and indicate a patch/mitigation was released (the WP plugin was patched in a newer release). If using WP Armour Extended, upgrade to a fixed version to remed...

CVE-2024-43948

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Dinesh Karki WP Armour Extended.This issue affects WP Armour Extended: from n/a through 1.26...

CVE-2024-43948

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Dinesh Karki WP Armour Extended.This issue affects WP Armour Extended: from n/a through 1.26...

CVE-2024-43948 WordPress WP Armour Extended plugin <= 1.26 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Dinesh Karki WP Armour Extended.This issue affects WP Armour Extended: from n/a through 1.26...

CVE-2024-43948

CVE-2024-43948 is an XSS vulnerability in WP Armour Extended (WordPress). It stems from improper input neutralization during web page generation, enabling a reflected Cross‑Site Scripting when a user with access triggers the vulnerable page. Affected: WP Armour Extended from n/a through 1.26. CVS...

CVE-2024-43948 WordPress WP Armour Extended plugin <= 1.26 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Dinesh Karki WP Armour Extended.This issue affects WP Armour Extended: from n/a through 1.26...

WordPress plugin WP Armour Extended 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripti...