🚀 Medial Secures Investment on Shark Tank India - Fueling the Future of Professional Social Networking. 🔥

Startup Showcase

Premium Content

Try our Valuation Calculator →

News on Medial

This popular WordPress site builder has a serious security issue — and hackers are already taking advantage

Techradar

Techradar · 1y ago

This popular WordPress site builder has a serious security issue — and hackers are already taking advantage

A critical vulnerability has been discovered in the Brick Builder Theme, a popular WordPress theme with 25,000 active installations. The vulnerability allows for remote code execution, putting websites at risk of being attacked by hackers. The issue has since been patched, but hackers have already started targeting vulnerable sites to disable security plugins. Users are urged to update their theme to version 1.9.6.1 as soon as possible to avoid exploitation. WordPress, being a popular website builder, is frequently targeted by hackers, making it crucial for users to regularly update their plugins for optimal security.

Related News

This WordPress plugin vulnerability has put millions of websites at risk

Techradar

Techradar · 1y ago

This WordPress plugin vulnerability has put millions of websites at risk

The LiteSpeed Cache WordPress plugin, used by millions of websites to improve performance, has been found vulnerable to a cross-site scripting (XSS) attack. This flaw could allow attackers to steal sensitive information and gain unauthorized access to websites. Security researchers at Patchstack discovered the vulnerability and reported it to the plugin's developers. A patch has been released, and users are advised to update to version 5.7.0.1 or higher. WordPress, being the most popular website builder, often faces security threats, especially through vulnerable themes and plugins.

Thousands of WordPress sites have been hacked through tagDiv plugin vulnerability

Arstechnica

Arstechnica · 1y ago

Thousands of WordPress sites have been hacked through tagDiv plugin vulnerability

Thousands of WordPress sites have been hacked due to a recently patched vulnerability in the widely-used plugin called tagDiv Composer, which is a requirement for popular WordPress themes Newspaper and Newsmag. The vulnerability allowed for cross-site scripting (XSS) attacks, enabling hackers to inject malicious code and redirect visitors to scams and fraudulent sites. Security firm Sucuri has been tracking the malware campaign, named Balada, since 2017, estimating that it has compromised over 1 million sites in the past six years. It is recommended for WordPress site administrators to check for signs of infection and remove any malicious scripts or backdoors.

Thousands of WordPress sites facing malware infection following major plugin hack

Techradar

Techradar · 1y ago

Thousands of WordPress sites facing malware infection following major plugin hack

Over 3,000 WordPress websites were compromised after failing to patch a known vulnerability quickly enough, according to cybersecurity researchers Sucuri and PublicWWW. The threat actors took advantage of a cross-site scripting (XSS) flaw in the popular Popup Builder plugin. This allowed them to deploy malicious code and redirect visitors to phishing sites and malware-laden pages. Sucuri claims that 1,170 websites were compromised, while PublicWWW estimates the figure at around 3,300. Webmasters are advised to update their plugins, check their site's code for malicious entries, scan for hidden backdoors, and block specific domains associated with the attacks.

Unpatchable 0-day in surveillance cam is being exploited to install Mirai

Arstechnica

Arstechnica · 11m ago

Unpatchable 0-day in surveillance cam is being exploited to install Mirai

Hackers are taking advantage of a critical vulnerability in a popular security camera to distribute the Mirai malware. The attacks are directed at the AVM1203 surveillance device by AVTECH, a Taiwanese manufacturer. The vulnerability, which has been present for five years, allows the execution of malicious code. The AVM1203 is no longer supported, so there is no patch available. The Mirai malware enables hackers to control infected Internet of Things (IoT) devices to carry out distributed denial-of-service attacks. Users are advised to replace the affected camera and avoid using default credentials on IoT devices.

Ivanti VPN security flaws are being attacked again by Chinese hackers

Techradar

Techradar · 1y ago

Ivanti VPN security flaws are being attacked again by Chinese hackers

Chinese hackers are reportedly utilizing the recently discovered security flaws in Ivanti VPN to deploy malware. The hackers, known as UNC5325, are employing living-off-the-land techniques to avoid detection while dropping novel malware. This malware can withstand factory resets, system upgrades, and patches. Another threat actor, UNC3886, may also be taking advantage of the vulnerabilities. Users are advised to take immediate action, apply the latest security advisory from Ivanti, and use external integrity checkers and updated hardening guides. The flaws were initially reported in January 2024, and subsequent investigation revealed the use of an unsupported operating system by Ivanti.

Hackers are exploiting ConnectWise flaws to deploy LockBit ransomware, security experts warn | TechCrunch

TechCrunch · 1y ago

Hackers are exploiting ConnectWise flaws to deploy LockBit ransomware, security experts warn | TechCrunch

Security experts are warning that hackers are taking advantage of vulnerabilities in the widely used remote access tool ConnectWise ScreenConnect to deploy the LockBit ransomware. Two high-risk flaws in the tool, including an authentication bypass vulnerability and a path traversal vulnerability, are being actively exploited by hackers. Despite recent law enforcement action against the LockBit gang, it appears that some affiliates are still able to operate. The exact number of affected users is unknown, but the Shadowserver Foundation has reported widespread exploitation of the vulnerabilities, with over 8,200 servers remaining vulnerable.

Thousands of Fortinet devices could face attack following security issue

Techradar

Techradar · 1y ago

Thousands of Fortinet devices could face attack following security issue

Hackers have access to nearly 150,000 vulnerable Fortinet FortiOS and FortiProxy instances that allow for the execution of malicious code without authentication. Although a critical vulnerability was patched a month ago, many administrators have not installed the necessary fixes, leaving their systems open to exploitation. The vulnerability has already been added to the Cybersecurity and Infrastructure Security Agency’s Known Exploited Vulnerabilities list, suggesting active abuse by hackers. Fortinet products are particularly popular among small and medium-sized businesses, making them attractive targets for cybercriminals.

Millions at risk as popular WordPress database plugin is targeted by hackers

Techradar

Techradar · 1y ago

Millions at risk as popular WordPress database plugin is targeted by hackers

A critical vulnerability has been discovered in the Better Search Replace WordPress plugin, which is installed on over a million websites. The flaw allows hackers to execute malicious code, access sensitive data, manipulate or delete files, and initiate a denial of service attack. WordPress security experts Wordfence detected and reported the vulnerability, which has since been fixed. It is recommended that users update to the latest version of the plugin to protect their sites.

Deepfakes, fraudsters and hackers are coming for cybersecurity jobs

Livemint

Livemint · 1y ago

Deepfakes, fraudsters and hackers are coming for cybersecurity jobs

Hackers are increasingly posing as job applicants to target companies for cyber attacks. As the demand for cybersecurity professionals continues to rise, fraudsters are taking advantage of the shortage to infiltrate organizations. They may seek intellectual property, steal corporate data, or exploit vulnerabilities in code. North Korean hackers, in particular, have been known to target companies using this method. With the rise of artificial intelligence tools, such as chatbots and deepfakes, it has become harder to detect these impostors. To mitigate the risk, companies are implementing stricter hiring processes and identity verifications.

North Korea-backed hackers target security researchers with 0-day

Arstechnica

Arstechnica · 1y ago

North Korea-backed hackers target security researchers with 0-day

North Korea-backed hackers are once again targeting security researchers, using a zero-day exploit and related malware to infiltrate computers used for sensitive cybersecurity investigations. Google researchers discovered the unfixed zero-day vulnerability in a popular software package used by the targeted researchers. The hackers established working relationships with the researchers before exploiting the vulnerability using a malicious file. This campaign closely matches a previous one definitively tied to North Korean government-backed hackers. The hackers pose as security researchers and develop relationships on social media before sharing Trojanized exploits or analysis tools with their targets.

Trackers

Active Indian VC’s

OG Capital Email

With a hands-on approach, OG Capital aims to invest in over 20 promising...

Accel Partners Email

Early and growth-stage investments in disruptive technology companies with...

Early-stage venture capital firm investing in technology startups in India. Focus on...

Access All Trackers

Startup Showcase Winners

June 2025

Helping your parents when you are miles away

The Pit Stop Your Cravings Deserve

The next generation E-commerce platform

Enter Ongoing Startup Showcase

Top Users

Trending News on Medial

Download the medial app to read full posts, comements and news.