A 17-year-old Excel vulnerability returns, Microsoft Defender faces a zero-day, and SonicWall users are under attack. This week's cyber threat roundup reveals why old bugs never die and basic security still matters.
#Cybersecurity | #Zero-Day Vulnerability | #Supply Chain Attack
A hidden backdoor in the EssentialPlugin WordPress suite has unleashed malware across thousands of sites, highlighting the dangers of plugin supply chain attacks and the need for vigilant security practices.
A massive supply chain breach weaponized over 30 WordPress plugins, infecting hundreds of thousands of sites with hidden malware after a business acquisition went rogue. The attack lay dormant for eight months, revealing systemic flaws in WordPress plugin oversight.
A single compromised library led to a security crisis at OpenAI, exposing the vulnerabilities of modern software supply chains. Discover how the attack unfolded, what it means for users, and how tech giants are fighting back.
OpenAI was forced to urgently rotate its macOS code-signing certificates after a rapid supply chain attack on the Axios library exposed its build workflow. No user data was compromised, but the incident highlights the escalating risks of software supply chain breaches.
A sophisticated supply chain attack on the popular Axios JavaScript library has ensnared OpenAI and many others, highlighting the vulnerability of even the most trusted software tools to global cyber threats.
A brief but devastating compromise of CPUID’s website allowed attackers to distribute trojanized versions of CPU-Z and HWMonitor, infecting hundreds worldwide with the powerful STX RAT malware.
#Supply Chain Attack | #Remote Access Trojan | #Trojanized Software
A North Korean-linked supply chain attack on the popular Axios library forced OpenAI to revoke its macOS app certificate. This incident highlights the growing risks lurking in trusted open-source software and pushes the tech world to rethink how it secures its digital pipelines.
A sophisticated supply chain attack on CPUID.com replaced download links for popular utilities like CPU-Z and HWMonitor with malware-laden files, putting millions at risk. The breach highlights growing threats to trusted software distribution.
The GlassWorm trojan is exploiting trusted developer extensions on OpenVSX to infect VS Code, Cursor, and Windsurf. This feature investigates how a fake WakaTime plugin spreads malware, the technical tactics used, and what developers must do to stay safe.