All posts tagged: Cyberattack

Someone planted backdoors in dozens of WordPress plug-ins used in thousands of websites

Someone planted backdoors in dozens of WordPress plug-ins used in thousands of websites

Published by skeptic

Dozens of plug-ins for the widely used open source web blogging software WordPress are now offline after a backdoor was discovered in them, used to push malicious code to any website that relied on the plug-ins. The backdoor was discovered after a new corporate owner bought these plug-ins. Anchor Hosting founder Austin Ginder sounded the alarm in a blog post last week describing a supply chain attack on a WordPress plug-in maker called Essential Plugin. Ginder said someone last year bought Essential Plugin and the backdoor was soon added to the plug-ins’ source code. The backdoor sat dormant until earlier this month when it activated and began distributing malicious code to any website with the plug-ins installed. Essential Plugin says on its website that it has over 400,000 plug-in installs and more than 15,000 customers. WordPress’ plug-in install page says the affected plug-ins are in over 20,000 active WordPress installations. Plug-ins allow owners of WordPress-based websites to extend the site’s functionality, but in doing so grant the plug-ins access to their installations, which can open …

Iranian hackers are targeting American critical infrastructure, US agencies warn

Iranian hackers are targeting American critical infrastructure, US agencies warn

Published by skeptic

The U.S. government is warning that Iran-backed hackers are escalating their tactics by targeting American critical infrastructure systems with the aim of causing disruption. In a joint advisory published Tuesday, the FBI, the National Security Agency, the U.S. Cybersecurity and Infrastructure Security Agency (CISA), and the U.S. Department of Energy collectively warned that Iranian government hackers have been exploiting internet-facing systems used across a range of sectors. These include water and wastewater utilities, as well as energy and local government facilities. The agencies did not specifically name any of the targets but said that the hacks were aimed at causing “disruptive effects within the United States” and had already resulted in “operational disruption and financial loss.” The hackers targeted programmable logic controllers and supervisory control and data acquisition (SCADA) products, which are used to control and manage industrial equipment and systems in critical infrastructure operations, the agencies said. The agencies said that the hackers were able to manipulate information displayed on these devices and maliciously interact with project files that store important device configurations. The …

North Korea’s hijack of one of the web’s most used open source projects was likely weeks in the making

North Korea’s hijack of one of the web’s most used open source projects was likely weeks in the making

Published by skeptic

A North Korean cyberattack that last Monday briefly hijacked one of the most widely used open source projects on the web took weeks to carry out as part of a long-running campaign to target the code’s top developers. The hijacking of the Axios project on March 31 was in part successful because it relied on well-resourced hackers building rapport and trust with their intended target over a long period of time to increase their odds of a successful eventual compromise. This kind of hack highlights the security challenges that developers of popular open source projects can face, at a time when government hackers and cybercriminals alike are targeting widely used projects for their ability to access, in some cases, millions of devices worldwide. Jason Saayman, who maintains the popular Axios project that developers use to connect their apps to the internet, provided a post-mortem with a timeline of the hack. He shared that the hackers began their targeting campaign around two weeks before eventually gaining control of his computer to push out malicious code. By …

Italian art museum hit by cyberattack – POLITICO

Italian art museum hit by cyberattack – POLITICO

Published by Sam Flores

The museum insisted no passwords or security maps were stolen and that the systems involved were closed-circuit and not accessible from outside, with “no information lost.” The transfer of items to the vaults, including Medici-era treasures, was unrelated to the cyberattack but due to ongoing renovations. The episode quickly turned political. Former Prime Minister and ex-Florence Mayor Matteo Renzi tore into Giorgia Meloni’s government, accusing Culture Minister Alessandro Giuli of failing to protect one of Italy’s most iconic cultural institutions in his home city. “Hackers attack the Uffizi and threaten our cultural heritage. What is Minister Giuli doing?” Renzi wrote on X on Friday. “Has he even noticed, or is he too busy playing the flute … or stirring up controversies?” he added, also questioning the role of Italy’s cybersecurity agency and vowing to demand answers. The attack comes just weeks after three paintings by Renoir, Cézanne and Matisse were stolen from a museum on the outskirts of the northern region of Parma — a reminder that not even the greats of art are safe. …

Telehealth giant Hims & Hers says its customer support system was hacked

Telehealth giant Hims & Hers says its customer support system was hacked

Published by skeptic

Hims & Hers, the telehealth company that sells weight-loss drugs and sexual health prescriptions, has confirmed a data breach affecting its third-party customer service platform. The healthcare company said in a data breach notice filed with the California attorney general’s office on Thursday that the hackers stole data about user requests sent to the company’s customer support team. The company said hackers broke into its third-party ticketing system between February 4 and February 7 and stole reams of support tickets, which contained personal information submitted by customers. The data breach notice said the hackers took customer names and contact information, as well as other unspecified personal data that Hims & Hers left redacted in the letter. Although the company says customer medical records were not affected by the breach, the nature of customer support systems means that the data may contain sensitive information about a person’s account, personal information, and healthcare. It’s not yet known how many individuals had personal information compromised in the hack. Under California law, companies are required to disclose data breaches …

Mercor says it was hit by cyberattack tied to compromise of open-source LiteLLM project

Mercor says it was hit by cyberattack tied to compromise of open-source LiteLLM project

Published by skeptic

Mercor, a popular AI recruiting startup, has confirmed a security incident linked to a supply chain attack involving the open-source project LiteLLM. The AI startup told TechCrunch on Tuesday that it was “one of thousands of companies” affected by a recent compromise of LiteLLM’s project, which was linked to a hacking group called TeamPCP. Confirmation of the incident comes as extortion hacking group Lapsus$ claimed it had targeted Mercor and gained access to its data. It’s not immediately clear how the Lapsus$ gang obtained the stolen data from Mercor as part of TeamPCP’s cyberattack. Founded in 2023, Mercor works with companies including OpenAI and Anthropic to train AI models by contracting specialized domain experts such as scientists, doctors, and lawyers from markets including India. The startup says it facilitates more than $2 million in daily payouts and was valued at $10 billion following a $350 million Series C round led by Felicis Ventures in October 2025. Mercor spokesperson Heidi Hagberg confirmed to TechCrunch that the company had “moved promptly” to contain and remediate the security …

European Commission confirms cyberattack after hackers claim data breach 

European Commission confirms cyberattack after hackers claim data breach 

Published by skeptic

The European Union’s top executive body has confirmed a cyberattack after hackers reportedly stole reams of data from its cloud storage. European Commission spokesperson Nika Blazevic confirmed to TechCrunch on Friday that the Commission “discovered a cyber-attack, which affected part of our cloud infrastructure.” “We have taken immediate steps and contained the attack. Risk mitigation measures were also implemented. The investigation is ongoing but we can already confirm that the Commission’s internal systems were not affected by the cyber-attack,” the spokesperson said. In a longer statement on its website, the Commission said the breach “affected its cloud infrastructure hosting the Commission’s web presence on the Europa.eu platform,” which hosts much of the Commission’s website data.  Bleeping Computer first reported news of the breach on Friday, citing sources with knowledge of the incident. The publication said hackers had stolen hundreds of gigabytes of data, including multiple databases, from the European Commission’s account on cloud giant Amazon Web Services. The hacker provided the publication evidence of their access, including screenshots. It’s not immediately clear what kinds of …

Cyberattack on a Car Breathalyzer Firm Leaves Drivers Stuck

Cyberattack on a Car Breathalyzer Firm Leaves Drivers Stuck

Published by skeptic

United States law enforcement this week took down the Aisuru, Kimwolf, JackSkid, and Mossad botnets, a slate of cybercriminal tools that have infected more than 3 million devices around the world, including many inside home networks, and have been used to carry out record-breaking cyberattacks. Meanwhile, hundreds of millions of iPhones are currently vulnerable to takeover by a new tool called DarkSword that Russian hackers used to steal victims’ data. Customer service calls and chats with the Sears Home Services AI bot Samantha were exposed and publicly accessible until a researcher reported the situation—revealing personal details from calls and chats, including, in some cases, hours of extra audio seemingly recorded after customers thought a call had ended. And WIRED reviewed dozens of Telegram channels containing job listings for “AI face models.” The people who land the jobs are mostly women and are likely being used as the face of AI scams to steal victims’ money. Meta recently announced that it will eliminate end-to-end encryption protections for Instagram Direct Messages on May 8, citing low adoption …

FBI seems to seize website tied to Iranian cyberattack on Stryker

FBI seems to seize website tied to Iranian cyberattack on Stryker

Published by Sam Flores

The FBI appears to have seized the website of an Iran-linked hacker group that claimed responsibility for the only known significant cyberattack on a U.S. company since war between the countries started in February. The site, which previously chronicled the group’s alleged exploits and hosted hacked files for download, on Tuesday was replaced with a boilerplate image with the logos of the Justice Department and FBI. The agencies didn’t reply to a request for comment. “Law enforcement authorities determined this domain was used to conduct, facilitate, or support malicious cyber activities on behalf of, or in coordination with, a foreign state actor,” the site says. The group, called Handala, is widely believed by American and Israeli cybersecurity experts who track it to be an operation by Iran’s Ministry of Intelligence and Security. The U.S. government has not publicly tied it to a particular Iranian agency. Last week, Handala took credit for hacking Stryker, a Michigan-based, Fortune 300 medical tech company with offices around the world. Handala’s X account was also suspended. But its Telegram channel …

Stryker says cyberattack on its network contained

Stryker says cyberattack on its network contained

Published by Sam Flores

March 17 : Medical device maker Stryker said on Tuesday it has contained a cyberattack that caused widespread disruption to its business and was now prioritizing restoring systems that directly support customers, ordering and shipping.  A cyberattack on March 11 had affected Stryker’s operations, hindering order processing, manufacturing and shipments. An Iran-linked hacking group called Handala claimed responsibility for the attack the same day, claiming it was retaliation for a strike on a girls’ school in Minab, southern Iran.  Stryker’s staff found that cellphones, laptops and other remote devices that were running Microsoft’s Windows operating system and could connect to its computer platforms had been impacted by the attack.   No patient-related services and connected medical products were affected, the company noted, though it did not reveal details on the financial impact of the attack.  Stryker, which has 56,000 employees and operates in 61 countries, said it is coordinating with appropriate authorities and external cybersecurity experts as part of its investigation into the incident. Source link