YARA-X version 1.17.0 has been released with significant performance improvements and important bug fixes. This update to the next-generation YARA rule engine enhances scanning efficiency, resolves several critical bugs affecting rule compilation and execution, and introduces optimizations that bene
A critical security vulnerability in the WP Maps Pro WordPress plugin allows unauthenticated attackers to create rogue administrator accounts on vulnerable websites. The flaw stems from improper authentication controls in the plugin’s user management functionality, enabling complete site takeover. W
A critical privilege escalation vulnerability dubbed “CIFSwitch” has been discovered in the Linux kernel’s CIFS (Common Internet File System) implementation, allowing unprivileged local users to gain root access on multiple distributions. The flaw affects kernel versions spanning several years and i
Distributed Denial of Service (DDoS) attacks have become commoditized through DDoS-as-a-Service (DDoSaaS) platforms, with attacks now available for as little as $5. These services operate like legitimate SaaS businesses, offering subscription tiers, customer support, and user-friendly interfaces. Po
A critical remote code execution (RCE) vulnerability has been discovered in Gogs, the popular self-hosted Git service. The flaw allows any authenticated user to execute arbitrary code on vulnerable servers, potentially leading to complete system compromise. Organizations running Gogs versions prior
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Drupal Core vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, confirming active exploitation in the wild. The flaw, which affects multiple versions of the popular content management system, allows
Two former executives of US-based payment processing companies have pleaded guilty to federal charges for their role in facilitating a massive tech support scam operation. The executives knowingly processed payments for fraudulent tech support schemes that defrauded thousands of victims, primarily e
Zimperium zLabs uncovered a 10-month Android malware campaign involving 250 fake apps that silently enrolled victims in premium SMS services across four countries. The operation abused Google’s SMS Retriever API and hidden WebViews to bypass user consent and intercept authentication codes.
A sophisticated Android ad fraud operation called “Trapdoor” has been discovered operating through 455 malicious apps on Google Play Store, generating fake ad clicks to defraud advertisers. The campaign remained undetected for months, affecting millions of users who unknowingly participated in large
Popular @antv npm packages were compromised to inject malicious code that steals CI/CD credentials, environment variables, and Git tokens from developer systems. Over 1.5 million weekly downloads put thousands of organizations at risk of supply chain attacks targeting their build pipelines and deplo