-
WooCommerce Users Targeted by Fake Patch Phishing Campaign Deploying Site Backdoors
Cybersecurity researchers are warning about a large-scale phishing campaign targeting WooCommerce users with a fake security alert urging them to download a “critical patch” but deploy a backdoor instead. WordPress security company Patchstack described the activity as sophisticated and a variant of another campaign observed in December 2023 that employed a fake CVE ploy to…
-
Hackers Exploit Critical Craft CMS Flaws; Hundreds of Servers Likely Compromised
Threat actors have been observed exploiting two newly disclosed critical security flaws in Craft CMS in zero-day attacks to breach servers and gain unauthorized access. The attacks, first observed by Orange Cyberdefense SensePost on February 14, 2025, involve chaining the below vulnerabilities – CVE-2024-58136 (CVSS score: 9.0) – An improper protection of alternate path flaw…
-
Storm-1977 Hits Education Clouds with AzureChecker, Deploys 200+ Crypto Mining Containers
Microsoft has revealed that a threat actor it tracks as Storm-1977 has conducted password spraying attacks against cloud tenants in the education sector over the past year. “The attack involves the use of AzureChecker.exe, a Command Line Interface (CLI) tool that is being used by a wide range of threat actors,” the Microsoft Threat Intelligence…
-
ToyMaker Uses LAGTOY to Sell Access to CACTUS Ransomware Gangs for Double Extortion
Cybersecurity researchers have detailed the activities of an initial access broker (IAB) dubbed ToyMaker that has been observed handing over access to double extortion ransomware gangs like CACTUS. The IAB has been assessed with medium confidence to be a financially motivated threat actor, scanning for vulnerable systems and deploying a custom malware called LAGTOY (aka…
-
Intel slides as Wall Street digests ‘no quick fixes’
Intel stock falls 6.7% the day after CEO Lip-Bu Tan outlines early turnaround moves.
-
Construction begins on 47k-square-foot corporate industrial park in Troutdale
The firm acquired the first phase of the project in 2017 and purchased the land for the second phase of the park shortly after.
-
Oregon Humanities, after Trump cuts nearly half its budget, forges ahead
The organization convenes reflective conversations among Oregonians on tough topics.
-
Portland-based ChEmpower raises $18M series A for chipmaking technology
ChEmpower develops abrasive-free planarization technology for semiconductor manufacturing.
-
North Korean Hackers Spread Malware via Fake Crypto Firms and Job Interview Lures
North Korea-linked threat actors behind the Contagious Interview have set up front companies as a way to distribute malware during the fake hiring process. “In this new campaign, the threat actor group is using three front companies in the cryptocurrency consulting industry—BlockNovas LLC (blocknovas[.] com), Angeloper Agency (angeloper[.]com), and SoftGlide LLC (softglide[.]co)—to spread
-
SAP Confirms Critical NetWeaver Flaw Amid Suspected Zero-Day Exploitation by Hackers
Threat actors are likely exploiting a new vulnerability in SAP NetWeaver to upload JSP web shells with the goal of facilitating unauthorized file uploads and code execution. “The exploitation is likely tied to either a previously disclosed vulnerability like CVE-2017-9844 or an unreported remote file inclusion (RFI) issue,” ReliaQuest said in a report published this…
