Cyber Security – Page 42 – Simply Secure Group

20,000 WordPress Sites Affected by Backdoor Vulnerability Allowing Malicious Admin User Creation

A critical backdoor vulnerability has been discovered in the LA-Studio Element Kit for Elementor, a popular WordPress plugin used by more than 20,000 active sites. This security flaw allows attackers to create administrator accounts without any authentication, putting thousands of websites at risk of complete takeover. The vulnerability, tracked as CVE-2026-0920, carries a CVSS score […]

MacSync macOS Infostealer Leverage ClickFix-style Attack to Trick Users Pasting a Single Terminal Command

A sophisticated macOS malware called MacSync has emerged as a dangerous new threat targeting cryptocurrency users through deceptive social engineering tactics. The infostealer operates as an affordable Malware-as-a-Service tool designed to harvest sensitive data from macOS systems by convincing victims to paste a single command into their Terminal application. Security researchers discovered MacSync while investigating […]

Nike Allegedly Hacked by WorldLeaks Ransomware Group

Athletic footwear and apparel manufacturer Nike has become the latest victim of WorldLeaks, a financially motivated ransomware group known for data extortion attacks. The group announced the breach on its darknet leak site on January 22, claiming responsibility for the incident and threatening to release stolen data on January 25, 2026, at 6 PM GMT. […]

New Osiris Ransomware Using Wide Range of Living off the Land and Dual-use Tools in Attacks

A newly discovered ransomware family called Osiris launched attacks against a major food service company in Southeast Asia during November 2025. Security researchers have identified this threat as a completely new malware variant with no connection to an older ransomware family that shared the same name in 2016. The emergence of Osiris marks another addition […]

Researchers Detailed r1z Initial Access Broker OPSEC Failures

U.S. authorities have pulled back the curtain on “r1z,” an initial access broker who quietly sold gateways into corporate networks around the world. Operating across popular cybercrime forums, he offered stolen VPN credentials, remote access to enterprise environments, and custom tools designed to bypass security controls. His activity fed the ransomware supply chain by giving […]

New ClearFake Campaign Leveraging Proxy Execution to Run PowerShell Commands via Trusted Window Feature

ClearFake has entered a new and more dangerous phase, turning a familiar fake CAPTCHA scam into a highly evasive malware delivery chain. Across hundreds of hacked websites, visitors now see what looks like a routine verification challenge, but behind the scenes the page is preparing to launch hidden code. Victims only need to follow simple […]

Hackers Weaponized 2,500+ Security Toolsto Terminate Endpoint Protection Before Deploying Ransomware

A large-scale campaign is turning a trusted Windows security driver into a weapon that shuts down protection tools before ransomware and remote access malware are dropped. The attacks abuse truesight.sys, a kernel driver from Adlice Software’s RogueKiller antivirus, and use more than 2,500 validly signed variants to quietly disable endpoint detection and response (EDR) and […]

New Magecart Attack Inject Malicious JavaScript to Skim Payment Data

A new Magecart-style campaign has emerged, targeting online shoppers through malicious JavaScript code designed to steal payment information directly from ecommerce websites. The attack works by injecting hidden scripts into compromised shopping sites, allowing attackers to intercept sensitive data when customers enter their credit card details during checkout. Magecart attacks represent a significant threat to […]

Critical Oracle WebLogic Server Proxy Vulnerability Lets Attackers Compromise the Server

Oracle has disclosed a severe security vulnerability affecting its Fusion Middleware suite, specifically targeting the Oracle HTTP Server and the Oracle WebLogic Server Proxy Plug-in. Assigned CVE-2026-21962, this flaw carries the maximum severity rating and poses an immediate threat to enterprise environments that use these proxy components. The vulnerability stems from a defect in how […]

New Study Shows GPT-5.2 Can Reliably Develop Zero-Day Exploits at Scale

A groundbreaking experiment has revealed that advanced language models can now create working exploits for previously unknown security vulnerabilities. Security researcher Sean Heelan recently tested two sophisticated systems built on GPT-5.2 and Opus 4.5, challenging them to develop exploits for a zero-day flaw in the QuickJS Javascript interpreter. The results point to a significant shift […]

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.