Doctor Web discovered a malicious Linux program that exploits websites running WordPress CMS. It exploits 30 vulnerabilities in a number of plugins and themes for this platform. If the site uses outdated versions of one of these vulnerable add-ons are successfully exploited, the targeted page is injected with a malicious JavaScript that is downloaded from […]
Vulnerability in TikTok Android app
Microsoft discovered a high-severity vulnerability in the TikTok Android application, which could have allowed attackers to compromise users’ accounts with a single click. The vulnerability, which would have required several issues to be chained together to exploit, has been fixed and we did not locate any evidence of in-the-wild exploitation. Attackers could have leveraged the vulnerability […]
Log4j2 Vulnerability exploited to Target Israeli Organization
MERCURY Leveraging Log4j 2 Vulnerabilities in Unpatched Systems to Target Israeli Organizations On July 23 and 25, 2022, MERCURY was observed using exploits against vulnerable SysAid Server instances as its initial access vector. Based on observations from past campaigns and vulnerabilities found in the targets’ environment, Microsoft assess that the exploits used were most likely related to […]