Security Guard Magazine
    Thumbnail
    WordPress Russia malware cybercrime

    Malicious PhishWP Plugin Targets WordPress E-commerce Payment Data Through Fake Checkouts

    January 07, 2025 • 1 min read

    A sophisticated WordPress plugin called PhishWP has emerged on Russian cybercrime forums, creating deceptive payment gateways to steal customer payment data through fake checkout pages. The malware includes advanced features like OTP functionality and real-time data transmission via Telegram, highlighting growing e-commerce security threats.

    Thumbnail
    WordPress malware cybersecurity PHP

    Critical Security Flaw in Popular WordPress Backup Plugin Threatens Millions of Sites

    January 06, 2025 • 1 min read

    A severe vulnerability discovered in UpdraftPlus WordPress plugin puts over 3 million websites at risk of code execution attacks. The high-severity flaw affects all versions up to 1.24.11 and requires immediate updating to the patched version.

    Thumbnail
    Android malware Telegram Russia

    New Android Malware 'FireScam' Masquerades as Telegram Premium to Steal User Data

    January 06, 2025 • 1 min read

    A sophisticated Android malware dubbed FireScam is targeting users by impersonating Telegram Premium through a fake Russian app store. The malware steals sensitive data, monitors device activity, and maintains persistent remote control while employing advanced evasion techniques.

    Thumbnail
    Docker cryptocurrency malware cybersecurity

    Cryptocurrency Mining Malware Infiltrates Home Server Through Exposed Docker Container

    January 05, 2025 • 1 min read

    A cybersecurity researcher's personal server was hijacked by Kinsing malware after briefly exposing a Docker database container online. The incident highlights critical security lessons for home server administrators and the growing sophistication of threats targeting personal networks.

    Thumbnail
    Windows LDAP malware Microsoft

    Critical Windows Domain Controller Exploit Revealed: LDAPNightmare PoC Triggers System Crashes

    January 03, 2025 • 1 min read

    A new proof-of-concept exploit called LDAPNightmare demonstrates how attackers can crash Windows domain controllers through LDAP vulnerability CVE-2024-49113. The exploit forces system reboots by crashing LSASS, with potential for remote code execution if systems remain unpatched.

    Thumbnail
    cybersecurity RFC MITRE malware

    New Guidelines Aim to Standardize Cyber Threat Actor Naming Conventions

    January 02, 2025 • 1 min read

    Security experts have released comprehensive recommendations to address the chaos in naming malicious cyber threat actors, targeting issues like multiple aliases and ambiguous naming practices. The new RFC document provides practical guidelines for organizations to improve threat intelligence sharing and analysis.

    Thumbnail
    Chrome 2FA malware cybersecurity

    Google Chrome Extension Vulnerability Exposes Millions to 2FA Bypass Attacks

    January 02, 2025 • 1 min read

    A sophisticated phishing campaign targeting Chrome extensions has compromised two-factor authentication protection for millions of users since December 2023. The attacks, including a major breach at Cyberhaven, allow hackers to steal and reuse authentication cookies to bypass security measures.

    Thumbnail
    Chrome cybersecurity malware 2FA

    Chrome Extension Breach: Cyberhaven Attack Exposes Millions to Cookie Theft Risk

    December 30, 2024 • 1 min read

    A sophisticated phishing attack on Cyberhaven led to the compromise of their Chrome extension, potentially affecting 400,000 corporate customers during the 2023 holiday season. The incident highlights critical vulnerabilities in two-factor authentication systems and the need for enhanced security measures like passkeys.

    Thumbnail
    Chrome malware cybersecurity Facebook

    Massive Chrome Extension Hack Compromises Data of 600,000+ Users

    December 29, 2024 • 1 min read

    Sixteen popular Chrome browser extensions were compromised through sophisticated phishing attacks, potentially exposing sensitive data of over 600,000 users. The breach, discovered by Cyberhaven, specifically targeted Facebook business accounts and involved malicious code injection into legitimate extensions.

    Thumbnail
    IoT cybersecurity China malware

    Critical Security Flaw Exposes Thousands of Four-Faith Routers to Remote Attacks

    December 28, 2024 • 1 min read

    A high-severity vulnerability in Four-Faith routers allows attackers to execute system commands on over 15,000 exposed devices still using default credentials. Security researchers have observed active exploitation attempts in the wild, with no patches currently available from the manufacturer.

  • Previous
  • 3
  • 4
  • 5
  • 6
  • 7
  • Next

Free Security Guards Resource and Information Magazine