A WordPress plugin, PhishWP, is being used by cybercriminals to collect sensitive data such as credit card numbers, CVVs and billing addresses from victims by creating fake payment pages. The plugin’s data is relayed to the attackers in real time via Telegram, with the harvested data used for fraudulent transactions or sold on the dark web. The plugin’s ability to convincingly mimic legitimate payment pages and evade detection makes it particularly dangerous.
Massachusetts health firm reaches $80,000 settlement with HHS following ransomware investigation
The U.S. Department of Health and Human Services (HHS) has fined Elgon Information Systems $80,000 following a ransomware attack in 2023 that saw over 31,000
