Tag: EN

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 106

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter CrashStealer: C++ macOS infostealer posing as crash reporter Lucide Proxy: Turning Student Web Proxies into DDoS Bots       AsyncAPI…

Imperva Customers Protected Against “wp2shell” Pre-Authentication RCE in WordPress Core

TL;DR: A critical pre-authentication Remote Code Execution (RCE) vulnerability, dubbed “wp2shell” (CVE-2026-63030), has been identified in WordPress Core. This vulnerability allows an unauthenticated attacker to execute arbitrary code on a vulnerable WordPress installation without any preconditions, such as plugins or specific configurations. Given that WordPress powers…

OpenSSL Fixes HollowByte Memory Exhaustion Bug

Okta disclosed HollowByte, an 11-byte OpenSSL flaw that lets remote attackers exhaust server memory and trigger denial-of-service attacks. Okta’s Red Team disclosed a denial-of-service vulnerability in OpenSSL they named HollowByte, and the attack payload is exactly 11 bytes. A remote,…

AI Agent Runs First End-to-End Ransomware Attack

  Security researchers have long warned that AI would lower the barrier to cybercrime, but the latest case makes that threat tangible. In the operation described by Sysdig and covered by Forbes, an autonomous agent carried out the technical steps…