1. Home
  2. Discover
  3. Technology
  4. The Hacker News

Critical WooCommerce Payments Plugin Flaw Patched for 500,000+ WordPress Sites

The Hacker News Daily Updates
Newsletter
cover

The Email Fortress: Secure Your Inbox, Protect Your Privacy (FREE EBOOK)

Email security doesn't have to be a challenge, nor does it require a time-consuming overhaul. Learn how to keep your emails secure with our free guide.

Download Now Sponsored
LATEST NEWS Mar 25, 2023

U.K. National Crime Agency Sets Up Fake DDoS-For-Hire Sites to Catch Cybercriminals

In what's a case of setting a thief to catch a thief, the U.K. National Crime Agency (NCA) revealed that it has created a network of fake DDoS-for-hire websites to infiltrate the online criminal underground. "All of the NCA-run sites, which have so far been accessed by around several thousand people, have been created to look like they offer the tools and services that enable cyber criminals ...

Read More
Twitter Facebook LinkedIn

Microsoft Warns of Stealthy Outlook Vulnerability Exploited by Russian Hackers

Microsoft on Friday shared guidance to help customers discover indicators of compromise (IoCs) associated with a recently patched Outlook vulnerability. Tracked as CVE-2023-23397 (CVSS score: 9.8), the critical flaw relates to a case of privilege escalation that could be exploited to steal NT Lan Manager (NTLM) hashes and stage a relay attack without requiring any user interaction. ...

Read More
Twitter Facebook LinkedIn

OpenAI Reveals Redis Bug Behind ChatGPT User Data Exposure Incident

OpenAI on Friday disclosed that a bug in the Redis open source library was responsible for the exposure of other users' personal information and chat titles in the upstart's ChatGPT service earlier this week. The glitch, which came to light on March 20, 2023, enabled certain users to view brief descriptions of other users' conversations from the chat history sidebar, prompting the company ...

Read More
Twitter Facebook LinkedIn

Malicious Python Package Uses Unicode Trickery to Evade Detection and Steal Data

A malicious Python package on the Python Package Index (PyPI) repository has been found to use Unicode as a trick to evade detection and deploy an info-stealing malware. The package in question, named onyxproxy, was uploaded to PyPI on March 15, 2023, and comes with capabilities to harvest and exfiltrate credentials and other valuable data. It has since been taken down, but not before ...

Read More
Twitter Facebook LinkedIn

THN Webinar: Inside the High Risk of 3rd-Party SaaS Apps

Any app that can improve business operations is quickly added to the SaaS stack. However, employees don't realize that this SaaS-to-SaaS connectivity, which typically takes place outside the view of the security team, significantly increases risk. Whether employees connect through Microsoft 365, Google Workspace, Slack, Salesforce, or any other app, security teams have no way to quantify ...

Read More
Twitter Facebook LinkedIn

GitHub Swiftly Replaces Exposed RSA SSH Key to Protect Git Operations

Cloud-based repository hosting service GitHub said it took the step of replacing its RSA SSH host key used to secure Git operations "out of an abundance of caution" after it was briefly exposed in a public repository. The activity, which was carried out at 05:00 UTC on March 24, 2023, is said to have been undertaken as a measure to prevent any bad actor from impersonating the service ...

Read More
Twitter Facebook LinkedIn

Researchers Uncover Chinese Nation State Hackers' Deceptive Attack Strategies

A recent campaign undertaken by Earth Preta indicates that nation-state groups aligned with China are getting increasingly proficient at bypassing security solutions. The threat actor, active since at least 2012, is tracked by the broader cybersecurity community under Bronze President, HoneyMyte, Mustang Panda, RedDelta, and Red Lich. Attack chains mounted by the group commence with ...

Read More
Twitter Facebook LinkedIn

Critical WooCommerce Payments Plugin Flaw Patched for 500,000+ WordPress Sites

Patches have been released for a critical security flaw impacting the WooCommerce Payments plugin for WordPress, which is installed on over 500,000 websites. The flaw, if left unresolved, could enable a bad actor to gain unauthorized admin access to impacted stores, the company said in an advisory on March 23, 2023. It impacts versions 4.8.0 through 5.6.1. Put differently, the issue could ...

Read More
Twitter Facebook LinkedIn
cover

The Email Fortress: Secure Your Inbox, Protect Your Privacy (FREE EBOOK)

Email security doesn't have to be a challenge, nor does it require a time-consuming overhaul. Learn how to keep your emails secure with our free guide.

Download Now Sponsored

This email was sent to you. You are receiving this newsletter because you opted-in to receive relevant communications from The Hacker News. To manage your email newsletter preferences, please click here.

Contact The Hacker News: info@thehackernews.com
Unsubscribe

The Hacker News | Pearls Omaxe, Netaji Subash Place, Pitampura, Delhi 110034 India

Key phrases

UK National Crime Agency Redis open source library RSA SSH host key other users personal information Cloudbased repository hosting service RSA SSH Key other valuable data online criminal underground several thousand people NT Lan Manager broader cybersecurity community malicious Python package Python Package Index critical security flaw Stealthy Outlook Vulnerability

Older messages

Critical WooCommerce Payments Plugin Flaw Patched for 500,000+ WordPress Sites

Friday, March 24, 2023

The Hacker News Daily Updates Newsletter cover THN Webinar: Master the Six Phases of Incident Response React fast, respond smart: Master the six phases of Incident Response with Cynet's IR Leader!

New Kimsuky Threats Uncovered: Germany & S. Korea Warn of Escalating Danger!

Thursday, March 23, 2023

The Hacker News Daily Updates Newsletter cover The Importance of SBOMs in Protecting the Software Supply Chain Learn how to use SBOMs to better track and fix known and newly emerging vulnerabilities to

New NAPLISTENER Malware by REF2924 Group is Leaving Networks Vulnerable!

Wednesday, March 22, 2023

The Hacker News Daily Updates Newsletter cover THN Webinar: Master the Six Phases of Incident Response React fast, respond smart: Master the six phases of Incident Response with Cynet's IR Leader!

Hackers Stole $1.6 Million from Crypto ATMs via Zero-Day Vulnerability

Tuesday, March 21, 2023

The Hacker News Daily Updates Newsletter cover Guide to Open Source Software Security How to gain visibility to all your security risks Download Now Sponsored LATEST NEWS Mar 21, 2023 New ShellBot DDoS

Researchers Shed Light on CatB Ransomware's Evasion Techniques

Monday, March 20, 2023

The Hacker News Daily Updates Newsletter cover THN Webinar: Master the Six Phases of Incident Response React fast, respond smart: Master the six phases of Incident Response with Cynet's IR Leader!

You Might Also Like

LW 130 - Building a Product Configurator

Tuesday, April 23, 2024

Building a Product Configurator Shopify Development news and articles Issue 130 - 04/23/2024 Read Online Liquid Weekly All Things Shopify Development How to Sell Personalized Products on Shopify 2024 -

New public workshop in June: architecting for fast flow

Tuesday, April 23, 2024

Get the early bird discount You are receiving this email because you subscribed to the microservices.io mailing list. Helping organizations accelerate software delivery I provide consulting and

Pnpm v9.0.0; Biome v1.7; ESLint v9.1.0; Node.js collaboration summit; Intl.Segmenter; tree shaking;

Tuesday, April 23, 2024

We have 9 links for you - Stay up-to-date on JavaScript and tools WorkOS, the modern API for auth and user identity. workos.com Sponsor WorkOS enables B2B SaaS companies to accelerate enterprise

New on VC+: Our Visual Briefing on the IMF's World Economic Outlook Report 🔮

Tuesday, April 23, 2024

We've compiled a visual analysis of the most important takeaways from IMF's latest report. View email in browser EXCLUSIVE PREVIEW Upcoming on VC+: Our Key Takeaways from IMF's World

Meta teases a limited-edition, Xbox-inspired Quest headset

Tuesday, April 23, 2024

The Morning After It's Tuesday, April 23, 2024. Meta announced it's opening up the Quest's operating system to third-party companies, allowing them to build headsets of their own. The Quest

Post from Syncfusion Blogs on 04/23/2024

Tuesday, April 23, 2024

New blogs from Syncfusion What's New in Blazor Query Builder: 2024 Volume 1 By Satheeskumar S This blog explores the new features added in the Syncfusion Blazor Query Builder component as part of

Police Chiefs Call for Solutions to Access Encrypted Data in Serious Crime Cases

Tuesday, April 23, 2024

THN Daily Updates Newsletter cover Java All-in-One For Dummies, 7th Edition ($27.00 Value) FREE for a Limited Time A beginning coder's resource for learning the most popular coding language

Edge 389: Understanding Large Action Models

Tuesday, April 23, 2024

One of the most important concepts in autonomous agents. ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏

Apple World Cup bid ⚽, Meta opens VR OS 🌎, Anthropic's prompt library 🤖

Tuesday, April 23, 2024

Apple is working to secure an exclusive TV deal with FIFA Sign Up |Advertise|View Online TLDR Together With WorkOS TLDR 2024-04-23 WorkOS is the only auth provider your B2B SaaS app needs to start

New Blogs on ThomasMaurer.ch for 04/23/2024

Tuesday, April 23, 2024

View this email in your browser Thomas Maurer Cloud & Datacenter Update This is the update for blog posts on ThomasMaurer.ch. Cloud operations for Windows Server through Azure Arc By Thomas Maurer