More than 20,000 WordPress sites are vulnerable to malicious code injection, phishing scams, and other cyber threats due to a high-severity cross-site scripting (XSS) bug affecting the WordPress Email Template Designer. The template designer is WP HTML Mail, a plugin that allowed users to design custom emails. Wordfence researcher Chloe

Italian luxury brand Moncler has suffered a cyberattack in which cybercriminals stole data and published it on the dark web. The company confirmed the attack on Tuesday, stating that it had suffered from a data breach after being attacked by the AlphV/BlackCat ransomware operation in December. The attack caused a

Chainalysis has recently warned that a rise in cheap and easy to use malware has resulted in a rise of cryptocurrency theft. Crytocurrency has been a popular target for cybercriminals, whether they are stealing it via cryptocurrency exchanges or demanding it as an extortion payment in ransomware attacks. The growing

Kambiz Attar Kashani, a 44 year-old with dual citizenship to the US and Iran, has been charged with violating sanctions by exporting IT goods and services to the latter country. Kashani was arrested last Friday on charges of conspiring to illegal export to the Central Bank of Iran. Kashani reportedly

According to a new report from Citizen Lab, attackers can access audio and files uploaded to the MY2022 mobile app, which is required for use by all winter games attendees. Attackers can even access health details of the athletes, according to Citizen Labs. The mobile app focuses on managing communications

Project Zero researcher Natalie Silvanovich published a new analysis of security flaws present in the Zoom video chat platform. The vulnerabilities were uncovered as part of an investigation after a zero-click attack was demonstrated at Pwn2Own. Silvanovich, inspired by the demonstration, located two different bugs. The first is a buffer

NATO signed a deal on Monday to strengthen its cyber support for Ukraine after a hacking attack against Kyiv. These attacks have prompted fears that Russia could be plotting an invasion. Ukraine said Sunday that it had evidence Moscow was behind last week’s attack on government websites, however the Kremlin

The PCI Security Standards Council announced an update of the PCI Card Production and Provisioning Security Requirements. The update allows payment card vendors to secure components and sensitive data involved in the production of payment cards. These standards protect against fraud via the compromise of card materials.  Card production includes

Microsoft researchers have revealed evidence of a malware operation targeting multiple organizations in Ukraine in the wake of last week’s cyber attack on Ukrainian government websites. The new attack is deploying Master Boot Records (MBR) wiper malware disguised as ransomware. According to Microsoft, the malware first appeared on the victimized

14 members of the REvil ransomware group have been arrested by the Russian government. A joint effort between the Federal Security Service of the Russian Federation and the Ministry of Internal Affairs of Russia led to the arrest of the members of the cybercrime group. Several assets were seized in