Over 3,300 WordPress websites have been compromised through vulnerabilities in the Popup Builder plugin. Security researchers at Sucuri have identified the flaw, CVE-2023-6000, in versions 4.2.3 and older of the plugin. It has led to a surge in malicious activities across the internet. The
Latest News
Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to vpnMentor about a non-password protected database that contained over 2.3 million documents belonging to Kids Empire, an US operator of recreational centers. The publicly exposed database contained 2,363,222 documents in .PDF
Fidelity Investments Life Insurance Company (FILI) has announced a significant data breach affecting approximately 28,000 customers, following a cyberattack on third-party service provider Infosys McCamish Systems (IMS). The breach, which occurred between October 29 and November 2, 2023, involved
PetSmart has recently informed its customers of a credential stuffing attack, prompting an immediate reset of passwords for affected accounts. The pet retail giant currently has over 60 million customers. The attack leveraged usernames and passwords exposed in prior breaches to gain unauthorized
UnitedHealth Group has reportedly paid a ransom of $22 million to the ALPHV/Blackcat ransomware gang to regain access to data and systems encrypted during a cyberattack on its subsidiary, Change Healthcare. The payment was disclosed through a post on a Russian cybercriminal forum by an affiliate of
American Express (Amex) has notified its customers of a data breach that affected a third-party merchant processor, leading to the exposure of sensitive credit card information. The breach was first reported on March 4, with American Express taking quick action to inform impacted cardholders and
The North Korean threat actor Lazarus Group exploited a previously unknown vulnerability in the Windows operating system to help perform cyberattacks. This exploit, discovered by researchers at cybersecurity firm Avast, allowed the hackers to gain kernel-level access. According to Bleeping
Cencora, a pharmaceutical giant formerly known as AmerisourceBergen, has confirmed that it experienced a significant cyberattack earlier this month. According to Cencora’s SEC filing, the attack was discovered on February 21, 2024 and involved the exfiltration of data from its IT systems, which may
What Does it Mean for Personal Privacy, Secure Communication, and Access to Information? Russian sources have announced that a ban on VPN services will go into effect on March 1st. The ban encompasses advertisements and websites that provide information about how to bypass blocked resources in
Despite recent global law enforcement efforts, the notorious LockBit ransomware gang has made a swift comeback and launched a new leak site on the dark web. This move comes after a coordinated crackdown on the criminal group, which involved the FBI, the UK's National Crime Agency, Europol, and