Threat actors hide malware in WordPress mu-Plugins, exploiting 4 CVEs in 2024 to hijack websites.
Gamaredon targets Ukraine with Remcos RAT via phishing using LNK files tied to reused infrastructure.
Hackers are utilizing the WordPress mu-plugins (“Must-Use Plugins”) directory to stealthily run malicious code on every page while evading detection.
The technique was first observed by security researchers at Sucuri in February 2025, but adoption rates are on the rise, with threat actors now utilizing the folder to run three distinct types of malicious code.
“The fact that we’ve seen so many infections inside mu-plugins suggests that attackers are actively targeting this directory as a persistent foothold,” explains Sucuri’s security analyst Puja Srivastava.
Sam’s Club, an American warehouse supermarket chain owned by U.S. retail giant Walmart, is investigating claims of a Clop ransomware breach.
The Walmart division operates over 600 warehouse clubs with millions of members across the United States and Puerto Rico and almost 200 additional locations in Mexico and China.
Sam’s Club has over 2.3 million employees and reported a total revenue of $84.3 billion for the fiscal year ending January 31, 2023.
Three security bypasses have been discovered in Ubuntu Linux’s unprivileged user namespace restrictions, which could be enable a local attacker to exploit vulnerabilities in kernel components.
The issues allow local unprivileged users to create user namespaces with full administrative capabilities and impact Ubuntu versions 23.10, where unprivileged user namespaces restrictions are enabled, and 24.04 which has them active by default.
Linux user namespaces allow users to act as root inside an isolated sandbox (namespace) without having the same privileges on the host.
Microsoft has removed the ‘BypassNRO.cmd’ script from Windows 11 preview builds, which allowed users to bypass the requirement to use a Microsoft Account when installing the operating system.
This change was introduced in the latest Windows 11 Insider Dev preview build, which means it will likely be coming to production builds.
“We’re removing the bypassnro.cmd script from the build to enhance security and user experience of Windows 11,” reads the Windows 11 Insider Preview Build 26200.5516 release notes.
A phishing-as-a-service (PhaaS) platform named ‘Lucid’ has been targeting 169 entities in 88 countries using well-crafted messages sent on iMessage (iOS) and RCS (Android).
Lucid, which has been operated by Chinese cybercriminals known as the ‘XinXin group’ since mid-2023, is sold to other threat actors via a subscription-based model that gives them access to over 1,000 phishing domains, tailored auto-generated phishing sites, and pro-grade spamming tools.
Prodaft researchers note that XinXin has also been using the Darcula v3 platform for its operations, which indicates a potential connection between the two PhaaS platforms.
Phoshop is integrating AI so you don’t have to seach for images online Photoshop’s new AI text to image feature allows you to just describe the image with text and the program generates the image
Posted in robotics/AI | Leave a Comment on Phoshop is integrating AI so you don’t have to seach for images online Photoshop’s new AI text to image feature allows you to just describe the image with text and the program generates the image
Phoshop is integrating AI so you don’t have to seach for images online Photoshop’s new AI text to image feature allows you to just describe the image with text and the program generates the image. This is really cool as it augments a designer’s capacity and greatly improves their workflow creating dynamic results.
Log into Facebook to start sharing and connecting with your friends, family, and people you know.
A new coalition of rights-holders has called on the government to support growth in the creative and tech sectors by protecting copyright ahead of an imminent AI consultation.
The BPI, PRS For Music, PPL, MPA and UK Music are among the group of publishers, authors, artists, music businesses, specialist interest publications, unions and photographers.
Launching today, the Creative Rights In AI Coalition has published three key principles for copyright and generative AI policy and a statement supported by all member organisations. The coalition is calling on government to adopt the principles as a framework for developing AI policy.
Here’s my take: I was in the music industry for many years, so I know how it operates. People pay royalties every time an artists music is used. My friend Ayub Ogada made an ungodly amount of money from only one album that supported him all the way past death. His music still generates rotalties. Much of it was due to the smarts of Rob Bozas who ran royalties for Peter Gabriel’s Real World Records. AI companies also will have to start paying royalties to creatives whose intellectual property they use to train their AI just like royalties are paid in the music industry. Many AI companies may not be as profitable as many may think due to liabilities from use of intellectual property to train the AI, as without the content the AI could not be trained. Many lawsuits will happen in the foreseeable future.
In their ongoing efforts to push the boundaries of quantum possibilities, physicists at WashU have created a new type of “time crystal,” a novel phase of matter that defies common perceptions of motion and time. The WashU research team includes Kater Murch, the Charles M. Hohenberg Professor of Physics Assistant Professor, Chong Zu, assistant professor of physics, and Zu’s graduate students Guanghui He, Ruotian “Reginald” Gong, Changyu Yao, and Zhongyuan Liu. Other authors are Bingtian Ye from MIT and Harvard’s Norman Yao.