SecurityWeek reports that more than 17,000 WordPress sites, including 9,000 sites vulnerable to the recently addressed TagDiv Composer front-end page builder plugin flaw, tracked as CVE-2023-3169, have been infected as part of the long-running Balada Injector campaign.
BleepingComputer reports that information- and cryptocurrency-stealing malware were discovered across 272 Python packages with nearly 75,000 downloads that are part of a malicious campaign that has been increasingly sophisticated during the last six months.
Hundreds of GitHub repositories have been targeted with fraudulent commits purportedly from GitHub's free automated dependency management tool Dependabot in a bid to facilitate malicious code injections and exfiltrate sensitive project data exfiltration, reports SecurityWeek.
OpenSea has confirmed being impacted by a third-party security breach, marking the third attack against the major non-fungible token marketplace following a third-party hack and phishing incident in June 2022 and February 2022, respectively, SiliconAngle reports.
Nansen impacted by third-party breach BleepingComputer reports that Ethereum blockchain analytics firm Nansen has disclosed that its third-party authentication provider was impacted by a data breach, which resulted in the compromise of data from 6.8% of its user base over a 48-hour period.
Given WinRAR’s popularity, researchers think the threat actor behind the fake PoC may have been targeting “other miscreants” looking to add a remote code exploit to their toolkit.
Fast Five
Selected by the SC Media Editorial team every Tuesday.
Sign up now for the top five issues cybersecurity pros need to know this week.