Threat actors are using the "mu-plugins" directory in WordPress sites to conceal malicious code with the goal of maintaining persistent remote access and redirecting site visitors to bogus sites.
mu-plugins, short for must-use plugins, refers to plugins in a special directory ("wp-content/mu-plugins") that are automatically executed by WordPress without the need to enable them explicitly via the
[[{“value”:”The ClickFix technique has been employed by cybercrime and APT groups for information stealer and other malware deployment. The post ClickFix Widely Adopted by Cybercriminals, APT Groups appeared first on SecurityWeek.”}]] Read More
Microsoft has disclosed details of a large-scale malvertising campaign that's estimated to have impacted over one million devices globally as part of what it said is an opportunistic attack designed to steal sensitive information.
The tech giant, which detected the activity in early December 2024, is tracking it under the broader umbrella Storm-0408, a moniker used for a set of threat actors
Cybersecurity researchers have uncovered a widespread phishing campaign that uses fake CAPTCHA images shared via PDF documents hosted on Webflow's content delivery network (CDN) to deliver the Lumma stealer malware.
Netskope Threat Labs said it discovered 260 unique domains hosting 5,000 phishing PDF files that redirect victims to malicious websites.
"The attacker uses SEO to trick victims into
The threat actor known as Sticky Werewolf has been linked to targeted attacks primarily in Russia and Belarus with the aim of delivering the Lumma Stealer malware by means of a previously undocumented implant.
Cybersecurity company Kaspersky is tracking the activity under the name Angry Likho, which it said bears a "strong resemblance" to Awaken Likho (aka Core Werewolf, GamaCopy, and
A new wave of “Scam-Yourself” attacks leveraging AI-generated deepfake videos and malicious scripts is targeting cryptocurrency enthusiasts and financial traders, marking a dangerous evolution in social engineering tactics. Discovered by cybersecurity researchers at Gen Digital, this campaign exploits verified YouTube…
Threat actors have observed the increasingly common ClickFix technique to deliver a remote access trojan named NetSupport RAT since early January 2025.
NetSupport RAT, typically propagated via bogus websites and fake browser updates, grants attackers full control over the victim's host, allowing them to monitor the device's screen in real-time, control the keyboard and mouse, upload and download
