A hacker changed the code of five plugins on WordPress.org to add harmful PHP scripts that make new admin accounts on websites using the plugins. The Wordfence Threat Intelligence team found the attack yesterday, but the injections happened between June 21 and June 22, last week. Wordfence found a breach …

CISA released two advisories about Industrial Control Systems (ICS) on June 25, 2024. The advisories contain important information about security issues, vulnerabilities, and exploits related to ICS. ICSA-24-177-01 ABB Ability System 800xA: Successful exploitation of these vulnerabilities could cause services to crash and restart. ICSA-24-177-02 PTC Creo Elements/Direct License Server: …

CISA warns that its Chemical Security Assessment Tool (CSAT) was hacked in January. Hackers used a webshell on the Ivanti device, which may have exposed important security assessments and plans. In March, The Record revealed that CISA had a breach after the Ivanti device was exploited, leading to two systems …