bleedingobvious - Slashdot User

Submission + - Hackers Abuse Blockchain Smart Contracts to Spread Malware (WordPress) (thehackernews.com)

Submitted by bleedingobvious on Friday October 17, 2025 @06:18AM

bleedingobvious writes: A financially motivated threat actor codenamed UNC5142 has been observed abusing blockchain smart contracts as a way to facilitate the distribution of information stealers, such as Atomic (AMOS), Lumma, Rhadamanthys (aka RADTHIEF), and Vidar, targeting both Windows and Apple macOS systems.

"UNC5142 is characterized by its use of compromised WordPress websites and 'EtherHiding,' a technique used to obscure malicious code or data by placing it on a public blockchain, such as the BNB Smart Chain," Google Threat Intelligence Group (GTIG) said in a report shared with The Hacker News.

As of June 2025, Google said it flagged about 14,000 web pages containing injected JavaScript that exhibit behavior associated with an UNC5142, indicating indiscriminate targeting of vulnerable WordPress sites. However, the tech giant noted that it has not spotted any UNC5142 activity since July 23, 2025, either signaling a pause or an operational pivot.

Submission + - Hackers Deploy Stealth Backdoor in WordPress Plugins (thehackernews.com)

Submitted by bleedingobvious on Friday July 25, 2025 @02:35AM

bleedingobvious writes: Cybersecurity researchers have uncovered a new stealthy backdoor concealed within the "mu-plugins" directory in WordPress sites to grant threat actors persistent access and allow them to perform arbitrary actions.

Must-use plugins (aka mu-plugins) are special plugins that are automatically activated on all WordPress sites in the installation. They are located in the "wp-content/mu-plugins" directory by default.

Submission + - Hackers Exploit SAP RCE Flaw (thehackernews.com)

Submitted by bleedingobvious on Friday May 09, 2025 @03:17AM

bleedingobvious writes: A China-linked unnamed threat actor dubbed Chaya_004 has been observed exploiting a recently disclosed security flaw in SAP NetWeaver.

Forescout Vedere Labs, in a report published Thursday, said it uncovered a malicious infrastructure likely associated with the hacking group weaponizing CVE-2025-31324 (CVSS score: 10.0) since April 29, 2025.

CVE-2025-31324 refers to a critical SAP NetWeaver flaw that allows attackers to achieve remote code execution (RCE) by uploading web shells through a susceptible "/developmentserver/metadatauploader" endpoint.

The vulnerability was first flagged by ReliaQuest late last month when it found the shortcoming being abused in real-world attacks by unknown threat actors to drop web shells and the Brute Ratel C4 post-exploitation framework.

According to Onapsis, hundreds of SAP systems globally have fallen victim to attacks spanning industries and geographies, including energy and utilities, manufacturing, media and entertainment, oil and gas, pharmaceuticals, retail, and government organizations.

Submission + - WordPress Plugin Flaws Expose 200k+ Sites to Remote Attacks (thehackernews.com)

Submitted by bleedingobvious on Friday November 29, 2024 @01:01AM

bleedingobvious writes: Two critical security flaws impacting the Spam protection, Anti-Spam, and FireWall plugin WordPress could allow an unauthenticated attacker to install and enable malicious plugins on susceptible sites and potentially achieve remote code execution

Slashdot Top Deals