New Vulnerability in Popular WordPress Plugin Exposes Over 2 Million Sites to Cyberattacks
Users of Advanced Custom Fields plugin for WordPress are being urged to update version 6.1.6 following the discovery of a security flaw
Stay informed on the latest cyberattack trends, threats, and news with expert analysis and updates. Secure your digital landscape now.
Search across headline titles and summaries.
Background for this topic.
Cyberattack is an intentional attempt to compromise computer systems, networks, or digital devices by exploiting vulnerabilities or using malicious software. Common techniques include malware deployment, phishing to steal credentials, ransomware to encrypt data for extortion, and denial-of-service attacks that disrupt availability. These actions aim to gain unauthorized access, manipulate data, or cause operational disruption.
For security professionals, cyberattacks represent critical risks requiring proactive defense measures such as patching known vulnerabilities, monitoring network traffic for anomalies, and enforcing strong authentication. Understanding attacker methods helps prioritize defenses on exposed systems and sensitive data. Effective detection and containment depend on timely threat intelligence and coordinated response to limit damage and restore normal operations.
Users of Advanced Custom Fields plugin for WordPress are being urged to update version 6.1.6 following the discovery of a security flaw
Sweeping changes implemented since the May 2021 cyberattack are helping -- but more work remains to be done, security experts say.
The North Korean state-sponsored threat actor known as Kimsuky has been discovered using a new reconnaissance tool called ReconShark as part of an ongoing global campaign
Insurers unsuccessfully argued Merck's $1.4B in losses following NotPetya cyberattack fell under wartime exclusion.
Almost half of MSP clients fell victim to a cyberattack within the last 12 months. In the SMB world, the danger is especially acute as only 50% of SMBs have a dedicated internal IT person to take care of cybersecurity. No wonder cybercriminals are targeting SMBs so heavily. No wonder SMBs are increasingly willing to pay a subscription or retainer to gain access to expert C-level cyber-assistance
The cyberattack campaign, similar to one to spread the Rhadamanthys Stealer, is part of a larger trend by attackers to use malvertising as initial access for ransomware and other threat activity.
Mandiant CEO Kevin Mandia explains why a recently revealed targeted attack by a cyber-espionage group out of China rivals the SolarWinds attack in its complexity, and weighs in on how defenders can best leverage generative AI.
Just when we'd got used to three-numbered versions, such as "13.3.1", here comes an update suffix, bringing you "13.3.1 (a)"...
Patient data 'was and is never endangered' German IT services provider Bitmarck has shut down all of its customer and internal systems, including entire datacenters in some cases, following a cyberattack. …
The ALPHV ransomware operation, aka BlackCat, has published screenshots of internal emails and video conferences stolen from Western Digital, indicating they likely had continued access to the company's systems even as the company responded to the breach. [...]