Security
Internet
Researchers Find Backdoor in School Management Plugin for WordPress
Multiple versions of a WordPress plugin by the name of "School Management Pro" harbored a backdoor that could grant an adversary total control over vulnerable websites.
The issue, spotted in premium versions before 9.9.7, has been assigned the CVE identifier CVE-2022-1609 and is rated 10 out of 10 for severity.
The backdoor, which is believed to have existed since version 8.9, enables "an
Internet
Cisco Issues Patch for New IOS XR Zero-Day Vulnerability Exploited in the Wild
Cisco on Friday rolled out fixes for a medium-severity vulnerability affecting IOS XR Software that it said has been exploited in real-world attacks.
Tracked as CVE-2022-20821 (CVSS score: 6.5), the issue relates to an open port vulnerability that could be abused by an unauthenticated, remote attacker to associate to a Redis instance and achieve code execution. "A successful exploit could allow
Internet
Researchers Uncover Rust Supply Chain Attack Targeting Cloud CI Pipelines
A case of software supply chain attack has been observed in the Rust programming language's crate registry that leveraged typosquatting techniques to publish a rogue library containing malware.
Cybersecurity firm SentinelOne dubbed the attack "CrateDepression."
Typosquatting attacks take place when an adversary mimics the name of a popular package on a public registry in hopes that developers
Internet
Cytrox’s Predator Spyware Targeted Android Users with Zero-Day Exploits
Google's Threat Analysis Group (TAG) on Thursday pointed fingers at a North Macedonian spyware developer named Cytrox for developing exploits against five zero-day (aka 0-day) flaws, four in Chrome and one in Android, to target Android users. "The 0-day exploits were used alongside n-day exploits as the developers took virtue of the time difference between when some critical bugs were patched