Researchers found malicious npm and PyPI packages capable of stealing and deleting sensitive data from infected systems. Socket researchers have identified multiple packages in the npm and Python Package... Read more »

Critical flaws in WGS-804HPT switches could be chained to gain remote code execution on Planet Technology’s industrial devices. The Planet WGS-804HPT industrial switch is used in building and home... Read more »

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Stealthy Credit Card Skimmer Targets WordPress Checkout Pages via Database... Read more »

A WordPress W3 Total Cache plugin vulnerability could allow attackers to access information from internal services, including metadata on cloud-based apps. A severe vulnerability, tracked as CVE-2024-12365 (CVSS score... Read more »

The U.S. Treasury’s OFAC sanctioned a Chinese cybersecurity firm and a Shanghai cyber actor for ties to Salt Typhoon and a federal agency breach. The U.S. Treasury Department’s Office... Read more »

noyb files complaints against TikTok, AliExpress, and other Chinese companies for illegal EU user data transfers to China, violating data protection laws. Austrian privacy non-profit group None of Your... Read more »

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Aviatrix Controllers vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a critical Aviatrix Controllers... Read more »

Researchers detailed a now-patched vulnerability that could allow a bypass of the Secure Boot mechanism in UEFI systems. ESET disclosed details of a now-patched vulnerability, tracked as CVE-2024-7344 (CVSS score:... Read more »