W3 Total Cache WordPress plugin vulnerable to PHP command injection

WordPress plugin can be exploited to run PHP commands on the server by posting a comment that contains a malicious payload.

RondoDox botnet malware now hacks servers using XWiki flaw

The RondoDox botnet malware is now exploiting a critical remote code execution (RCE) flaw in XWiki Platform tracked as ...
The Hacker News

⚡ Weekly Recap: Fortinet Exploited, China's AI Hacks, PhaaS Empire Falls & More

Fortinet CVE exploited, China-linked AI attacks exposed, PhaaS platform dismantled, and fake crypto apps deploy RATs. Catch this week’s top threats.
CSO Online

Iranian APT hacks helped direct missile strikes in Israel and the Red Sea

Amazon Threat Intel has correlated activity by Iranian threat groups with subsequent missile strikes, and suggests that IT ...

Decades-old command resurfaces in modern malware campaigns

The "finger" command remains exploitable for remote code execution even after years of disuseAttackers use batch scripts to ...