Lucene search
K

7 matches found

CVE
CVE
added 7 hours ago9 views

CVE-2026-12375

The CVE concerns the uncanny-automator-pro WordPress plugin prior to version 7.3.0.6. The distribution/update infrastructure was compromised, injecting a backdoor into affected installations. The backdoor allows unauthenticated attackers to obtain an administrator session on compromised sites and...

6AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/18 3:41 a.m.7 views

CVE-2026-10023

The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.0.3 via the changeorderstatus, addordernote, deleteordernote,...

4.3CVSS5.6AI score0.0025EPSS
Exploits0References11
Microsoft Secure
Microsoft Secure
added 2026/01/22 5:14 a.m.8 views

Resurgence of a multi‑stage AiTM phishing and BEC campaign abusing SharePoint

Microsoft Defender Researchers uncovered a multi‑stage adversary‑in‑the‑middle AiTM phishing and business email compromise BEC campaign targeting multiple organizations in the energy sector, resulting in the compromise of various user accounts. The campaign abused SharePoint file‑sharing services...

5.7AI score
Exploits0
Talos Blog
Talos Blog
added 2023/06/06 12:1 p.m.12 views

Adversaries increasingly using vendor and contractor accounts to infiltrate networks

Cisco Talos Incident Response Talos IR has repeatedly observed attackers targeting and using compromised vendor and contractor accounts VCAs during recent emergency response engagements. While high-profile software supply chain compromise events garner significant media attention e.g., the recent...

7.2AI score
Exploits0
Microsoft Malware Protection
Microsoft Malware Protection
added 2021/05/06 4:0 p.m.193 views

Business email compromise: How Microsoft is combating this costly threat

Amongst all cybercrime, phishing attacks continue to be the most prevalent today. With over 90 percent of attacks coming via email, it’s important that every organization has a plan to prevent these threats from reaching users. At Microsoft, we’re passionate about providing our customers with...

7.1AI score
Exploits0
Imperva Blog
Imperva Blog
added 2021/04/20 12:38 p.m.158 views

5 Ways Your Software Supply Chain is Out to Get You, Part 1: Vendor Compromise

Is 2021 the year of the software supply chain attack? In late 2020, an incredible story broke: US government agencies, including Commerce, Treasury, and Homeland Security, had been severely compromised through a malicious backdoor surreptitiously implanted into network management software supplie...

0.2AI score
Exploits0
ThreatPost
ThreatPost
added 2019/09/25 9:37 p.m.73 views

Magecart Group Targets Routers Behind Public Wi-Fi Networks

A faction of the Magecart threat group is testing code that targets routers used to provide free or paid Wi-Fi services in public spaces and hotels. If successful, attackers would able to compromise these commercial-grade routers and be able to siphon payment data of users joining Wi-Fi networks ...

7.3AI score
Exploits0References9
Rows per page
Query Builder