Hackers are conducting widespread exploitation of a critical WooCommerce Payments plugin to gain the privileges of any users, including administrators, on vulnerable WordPress installation. [...]Source: https://www.bleepingcomputer.com/news/security/hackers-exploiting-critical-wordpress-woocommerce-payments-bug/
// Related reporting
Stryker ‘Handala’ incident: global Microsoft environment disruption and reported remote device wipes
Disruptive Iran-nexus hacktivist operation claims large-scale data destruction as Stryker restores services and CISA investigates.
Storm-2561 pushes fake VPN installers via SEO poisoning to steal enterprise credentials
A credential theft operation uses lookalike VPN download sites and GitHub-hosted ZIPs to drop signed malware that harvests VPN logins and configuration data.
BadPaw and MeowMeow: steganographic .NET malware hits Ukrainian targets
A ClearSky report details a new loader and backdoor pair, and Scythe shows how to operationalise it as continuous adversary emulation.