web security
-
SEO-poisoning BadIIS malware tied to Operation Rewrite targets East and Southeast Asia, researchers say
Security researchers say a Chinese-speaking actor is using the BadIIS malware in an Operation Rewrite SEO-poisoning campaign to hijack search results via a compromised IIS proxy, targeting East and Southeast Asia with Vietnam as a focus.
-
Adobe patches critical SessionReaper flaw in Magento platforms (CVE-2025-54236)
Adobe has released a patch for a critical Magento vulnerability known as SessionReaper (CVE-2025-54236) that could allow unauthenticated access to customer accounts via the Commerce REST API. While Adobe says no exploitation has been observed, researchers warn the issue could be exploited at scale and urge immediate patching, with Cloud customers protected by an existing…
-
Cybersecurity Experts Discover Stealthy Backdoor in WordPress Sites
Cybersecurity researchers have uncovered a dangerous backdoor embedded in WordPress sites’ mu-plugins directory, giving hackers persistent access to execute commands without detection.
-
Widespread Browser Hijacking Campaign Disguised as Popular Extensions
A report by Koi Security has exposed a malicious browser hijacking campaign that has infected over 2.3 million users through seemingly legitimate extensions, highlighting significant security concerns in the browser extension ecosystem.
