The TAG-124 threat group has launched a sophisticated cyber attack, compromising over 1,000 WordPress websites to deploy malware. The campaign uses a multi-layered Traffic Distribution System (TDS) to infect users, mimicking legitimate software updates. The infected websites redirect visitors to attacker-controlled payload servers. Protective measures include keeping WordPress core and plugins updated, implementing Web Application Firewalls, and educating users about downloading software updates from unverified sources.
Novel Chrome Extension-Exploiting Attack Covertly Hijacks Devices
Threat actors can secretly hijack devices using a new attack known as Browser Syncjacking, involving a malicious Chrome extension. They establish a malicious Google Workspace
