Posts

The Hacker News - Funnel Builder Flaw Under Active Exploitation Enables WooCommerce Checkout Skimming

A critical security vulnerability impacting the Funnel Builder plugin for WordPress has come under active exploitation in the wild to inject malicious JavaScript code into WooCommerce checkout pages with the goal of stealing payment data. Details of the activity were published by Sansec this week. The vulnerability currently does not have an official CVE identifier. It from The Hacker News https://thehackernews.com/2026/05/funnel-builder-flaw-under-active.html
Post a Comment
Read more

Schneier - Friday Squid Blogging: Bigfin Squid

Article about the bigfin squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Blog moderation policy. from Schneier on Security https://www.schneier.com/blog/archives/2026/05/friday-squid-blogging-bigfin-squid.html
Post a Comment
Read more

The Hacker News - Turla Turns Kazuar Backdoor Into Modular P2P Botnet for Persistent Access

The Russian state-sponsored hacking group known as Turla has transformed its custom backdoor Kazuar into a modular peer-to-peer (P2P) botnet that's engineered for stealth and persistent access to compromised hosts. Turla, per the U.S. Cybersecurity and Infrastructure Security Agency (CISA), is assessed to be affiliated with Center 16 of Russia's Federal Security Service (FSB) from The Hacker News https://thehackernews.com/2026/05/turla-turns-kazuar-backdoor-into.html
Post a Comment
Read more

KnowBe4 - Why Integrate Threat Intelligence Feeds into Email Security?

Image
It's getting harder to distinguish legitimate emails from malicious ones as phishing messages mimic real conversations, use trusted domains and increasingly leverage AI to scale and refine attacks. from KnowBe4 Blog https://blog.knowbe4.com/why-integrate-threat-intelligence-feeds-into-email-security
Post a Comment
Read more

The Hacker News - Four OpenClaw Flaws Enable Data Theft, Privilege Escalation, and Persistence

Cybersecurity researchers have disclosed a set of four security flaws in OpenClaw that could be chained to achieve data theft, privilege escalation, and persistence. The vulnerabilities, collectively dubbed Claw Chain by Cyera, can permit an attacker to establish a foothold, expose sensitive data, and plant backdoors. A brief description of the flaws is below - from The Hacker News https://thehackernews.com/2026/05/four-openclaw-flaws-enable-data-theft.html
Post a Comment
Read more

KnowBe4 - Traffic-Themed SMS Phishing Targets Users Around the World

Image
Researchers at Bitdefender are tracking 40 separate SMS phishing (smishing) campaigns impersonating transport authorities, toll operators, and parking services around the world. The researchers have observed more than 79,000 scam text messages with over 29,000 unique variants. The attacks are targeting users in multiple languages. from KnowBe4 Blog https://blog.knowbe4.com/traffic-themed-sms-phishing-global-campaigns
Post a Comment
Read more

The Hacker News - Stealer Backdoor Found in 3 Node-IPC Versions Targeting Developer Secrets

Cybersecurity researchers are sounding the alarm about what has been described as "malicious activity" in newly published versions of node-ipc. According to Socket and StepSecurity, three different versions of the npm package have been confirmed as malicious - node-ipc@9.1.6 node-ipc@9.2.3 node-ipc@12.0.1 "Early analysis indicates that node-ipc@9.1.6, node-ipc@9.2.3, and node-ipc@12.0.1 from The Hacker News https://thehackernews.com/2026/05/stealer-backdoor-found-in-3-node-ipc.html
Post a Comment
Read more