JDownloader site hacked to replace installers with Python RAT malware
… As arbitrary code could have been executed by the malware on infected devices, those who installed the malicious installers are advised to reinstall their operating systems. …
Search
KnowledgeDeliver flaw exploited as a zero-day to install web shells
… Exploitation was possible due to the use of “identical pre-shared ASP.NET machine keys across multiple customer deployments,” the researchers said. “KnowledgeDeliver installations deployed before Feb. …
Hackers hijack thousands of sites for ClickFix and FakeUpdate attacks
… According to Silent Push researchers, the DriveSurge threat actor primarily functions as an initial access broker IAB operating on a pay-per-install PPI model, enabling follow-on attacks. …
GitHub confirms breach of 3,800 repos via malicious VSCode extension
… More recently, in January, two malicious extensions advertised as AI-based coding assistants with 1.5 million installs exfiltrated data from compromised developer systems to servers in China . …
Hackers bypass SonicWall VPN MFA due to incomplete patching
… However, the installed endpoint detection and response EDR solution blocked the beacon and the loading of the driver. …
Avada Builder WordPress plugin flaws allow site credential theft
Avada Builder WordPress plugin flaws allow site credential theft By Bill Toulas May 15, 2026 11:56 AM Two vulnerabilities in the Avada Builder plugin for WordPress, with an estimated one million active installations, allow hackers to read arbitrary files and extract sensitive information from the d… …
GitHub links repo breach to TanStack npm supply-chain attack
… In January, two more extensions posing as AI-based coding assistants, with 1.5 million installs, were used to exfiltrate data from compromised developer systems to servers in China. …
Critical Kirki flaw exploited to hijack WordPress admin accounts
… Once an attacker gains admin-level access, they could install malicious plugins, modify website content, deploy web shells or persistent backdoors, and access private databases. …
Chinese hackers target telcos with new Linux, Windows malware
… Download Now Related Articles: New stealthy Quasar Linux malware targets software developers New GopherWhisper APT group abuses Outlook, Slack, Discord for comms JDownloader site hacked to replace installers with Python RAT malware Fake Claude AI website delivers new 'Beagle' Windows malware Threat… …
WP Maps Pro bug exploited to create admin accounts on WordPress sites
… Researchers at WordPress security company Defiant observed that threat actors are trying to exploit the vulnerability, and blocked more than 3,600 attempts over the past 24 hours. “When the request is made with a check temp parameter set to false, the function creates a new WordPress user via wp in… …