Hackers Exploit Magento Bug to Steal Payment Data from E-commerce Websites
Threat actors have been found exploiting a critical flaw in Magento to inject a persistent backdoor into e-commerce websites.
The attack leverages CVE-2024-20720 (CVSS score: 9.1), which has been described by Adobe as a case of "improper neutralization of special elements" that could pave the way for arbitrary code execution.
It was addressed by the company as part of
Hackers Hijack GitHub Accounts in Supply Chain Attack Affecting Top-gg and Others
Unidentified adversaries orchestrated a sophisticated attack campaign that has impacted several individual developers as well as the GitHub organization account associated with Top.gg, a Discord bot discovery site.
"The threat actors used multiple TTPs in this attack, including account takeover via stolen browser cookies, contributing malicious code with verified commits, setting up a custom
Two Russians sanctioned by US for alleged disinformation campaign
The U.S. Treasury Department announced on Wednesday that it is sanctioning two Russian nationals and two companies for a disinformation campaign that allegedly sought to “impersonate legitimate media outlets.”
International freight tech firm isolates Canada operations after cyberattack
An international freight technology company said it has cut off a portion of its business in Canada after a cyberattack.
Pharmaceutical development company investigating cyberattack after LockBit posting
A Nasdaq-listed pharmaceutical development company said it is investigating a cybersecurity incident following claims from the LockBit ransomware gang that data was stolen.
‘Lifelock’ hacker pleads guilty to extorting medical clinics
An Idaho man who hacked and extorted medical clinics and a police department pleaded guilty on Tuesday in Georgia federal court to charges of computer fraud and abuse.
FTC investigating Reddit plan to sell user content for AI model training
The Federal Trade Commission (FTC) is probing Reddit’s decision to license its user-generated content to artificial intelligence companies which would in turn use it to train models, the social media platform said in a Friday securities filing.
Nigerian court orders Binance to release user data, as company execs continue to be held without charge
A federal high court in Abuja has ordered the world’s largest cryptocurrency exchange Binance to provide Nigeria’s Economic and Financial Crimes Commision (EFCC) with information on all the Nigerians who are using its trading platform.
IMF says February cyberattack involved compromise of 11 email accounts
A cyberattack in February led to the compromise of 11 email accounts at the International Monetary Fund (IMF), the organization said on Friday.
Russia targets hundreds of Americans with new sanctions, including cyber journalists
Russia has banned entry to 227 U.S. citizens, including prominent journalists, researchers, and government officials as part of a new spate of sanctions targeting Americans supporting Washington’s “Russophobic policies,” the Russian Foreign Ministry