Help Net Security newsletters: Daily and weekly news, cybersecurity jobs, open source projects, breaking news – subscribe here!

Please turn on your JavaScript for this page to function normally.
syringe
Cybercriminals plan to make L7 routers serve card stealing code

One of the Magecart cybercriminal groups is testing a new method for grabbing users’ credit card info: malicious skimming code that can be loaded into files used by L7 …

storm
Magecart compromised 17,000+ sites through unsecured Amazon S3 buckets

We often hear about misconfigured Amazon S3 buckets exposing sensitive business and customer data, but there’s another present danger: Magecart attackers have been …

WordPress
Attackers are exploiting WordPress plugin flaw to inject malicious scripts

Attackers are leveraging an easily exploitable bug in the popular WP Live Chat Support plugin to inject a malicious JavaScript in vulnerable sites, Zscaler warns. The company …

online shop owned
Compromised ad company serves Magecart skimming code to hundreds of websites

Security researchers have flagged a new web-based supply chain attack by one of the cybercriminal groups that fall under the Magecart umbrella. The attackers managed to …

Hand
Magecart compromises Feedify to get to hundreds of e-commerce sites

Customer engagement service Feedify has been hit by Magecart attackers, who repeatedly modified a script that it serves to a few hundred websites to include payment card …

Hand
Zip Slip vulnerability affects thousands of projects

An arbitrary file overwrite vulnerability that can be exploited by attackers to achieve code execution on a target system affects a myriad of projects and multiple ecosystems, …

Monero
Thousands of government, orgs’ websites found serving crypto mining script

On Sunday, over 4,200 websites around the world started hijacking visitors’ browsers to mine the Monero crypto currency. The attack The problem was first noticed and …

Wi-Fi
How to make public Wi-Fi users mine cryptocurrency for you

Covertly roping unsuspecting users’ machines into mining cryptocurrency is a dream for many aspiring cryptocurrency owners, and some of them set aside ethical …

Google Chrome
How to keep your browser and devices safe from cryptojackers

Cryptojacking makes surfing the web similar to walking through a minefield: you never know when you might land on a booby-trapped site. Stealthy cryptocurrency mining scripts …

hand
The Wild West of drive-by cryptocurrency mining

As more and more Coinhive clones continue popping up, chances of users’ CPU power being hijacked for cryptocurrency mining are rising. According to Malwarebytes’ …

Coinhive
Coinhive breached due to old, reused password

Coinhive has suffered another setback: their DNS records have been surreptitiously changed by attackers, allowing them to steal cryptocurrency mined via the project’s …

path
Compromised analytics provider made Equifax’s site point to malware

Yesterday’s revelation that Equifax’s credit report assistance Web page was spotted redirecting visitors to malware resulted in the company temporarily disabling …

Don't miss

Cybersecurity news
Daily newsletter sent Monday-Friday
Weekly newsletter sent on Mondays
Editor's choice newsletter sent twice a month
Periodical newsletter released when there is breaking news
Weekly newsletter listing new cybersecurity job positions
Monthly newsletter focusing on open source cybersecurity tools