A malware concealed in a WordPress caching plugin can create administrative accounts for websites, allowing threat actors to take over infected sites. Researchers from Wordfence found the harmful plugin, which acts as either a standalone script or a plugin and offers remote plugin activation and content filtering capabilities. To stay protected, WordPress users should adhere to security best practices and employ security monitoring for their sites.
New Phishing Attack Abusing Blob URLs to Bypass SEGs and Evade Analysis
Cybersecurity experts have uncovered a new phishing technique using blob URIs that bypasses Secure Email Gateways (SEGs). This method involves linking to legitimate sites, redirecting
