Author: ddtig

In a significant update to bolster user security against evolving cyber threats, Google has announced the rollout of a new Infostealer Protection feature for its Chrome browser. This latest enhancement is specifically designed to combat the theft of session cookies by malicious infostealer malware, a tactic increasingly used by attackers to gain unauthorized access to…

Security researchers have uncovered a sophisticated, executive-focused phishing campaign tracked as Venom Phishing, designed to steal Microsoft 365 login credentials from C‑suite leaders, financial officers, and senior management. The attack uses hyper‑targeted social engineering, fake Microsoft login portals, and identity impersonation to bypass standard email security and trick high‑value targets into surrendering passwords and session…

A critical security flaw, identified as a zero-day vulnerability, in the widely used Ninja Forms plugin for WordPress is currently being actively exploited by malicious actors to compromise websites. The vulnerability, which allows for unauthenticated Remote Code Execution (RCE), has been described by security researchers as “severe” and “under active attack,” putting potentially millions of…

Security researchers have uncovered a new macOS-focused information-stealing campaign that employs a refined ClickFix attack chain, abusing the built-in Script Editor application to bypass Apple’s latest security safeguards and deploy Atomic Stealer malware stealthily. This campaign marks a significant evolution of social engineering tactics targeting Mac users, moving away from Terminal-based command execution to leverage…

A major supply chain attack has been uncovered targeting users of the popular Smart Slider plugin for WordPress and Joomla. Cybersecurity researchers have discovered that the plugin’s official update mechanism was compromised to push trojanized versions of the software to unsuspecting users, potentially giving attackers backdoor access to thousands of websites. The Compromise: A Trojan…

Cybersecurity researchers have uncovered a new strain of advanced malware, dubbed LucidRook, which is being used in highly targeted attacks against non-governmental organizations (NGOs), universities, and research institutions. The malware, characterized by its stealth, modular design, and ability to evade detection, appears to be the work of a sophisticated threat actor focused on espionage and…