WordPress ThemeREX plugin flaw is being actively exploited to create rogue admin accounts

The flaw in the ThemeREX Addons plugin can be used to remotely execute code on websites.

Chinese-linked hackers employ two new backdors in attacks on gambling and betting companies in Southeast Asia

DRBControl group's malware and operational tactics overlap with similar tools and tactics used by Winnti and Emissary Panda hackers.

Iranian hacking campaign backdoors corporate networks via enterprise VPN servers

The campaign is believed to be the effort of three Iran-linked APT groups - APT33, APT34 and APT39.

US authorities released new info about North Korean malware

Each of the released MARs includes malware descriptions, suggested response actions, and recommended mitigation techniques.

500 Chrome extensions secretly pilfered data from millions of users

The extensions were part of a malvertising and ad-fraud campaign that has been active since at least since January 2019.