A new malware campaign targets WordPress sites using a fake security plugin, “WP-antymalwary-bot.php.” Once installed, it grants attackers admin access, executes remote code, and injects malicious JavaScript for ad fraud. The attack chain starts with a disguised shortcut file, leading to PowerShell-based payload delivery and the deployment of a sophisticated Remote Access Trojan (RAT) for persistent access and data exfiltration. CVE-2025-31650 allows attackers to bypass security rules and trigger denial-of-service by sending malformed HTTP priority headers, causing memory leaks and server crashes. The attack chain leverages steganography to hide malware in image files, ultimately granting attackers remote control over infected Windows systems. Every week, our newsletter offers a simple roundup of the most important news, expert opinions, and practical tips to help you protect your online information and stay ahead of potential threats. Cybercriminals are leveraging the legitimate GetShared platform to bypass email security and deliver malware. A critical zero-day (CVE-2025-31324, CVSS 10.0) in SAP NetWeaver Visual Composer is being exploited to deploy webshells, granting attackers full system access. CVE-2025-31191 lets sandboxed apps delete and replace keychain entries, bypassing macOS security boundaries and enabling arbitrary file access. In this edition, we examine recent cyberattacks, security weaknesses that have been discovered, and important updates related to laws and regulations affecting businesses everywhere. This C# malware targets Windows systems, stealing browser data, cryptocurrency wallets, credit card details, and more. Attackers use phishing emails and a novel “ClickFix” technique, which manipulates users into granting additional privileges through fake system prompts.
This Cyber News was published on cybersecuritynews.com. Publication date: Sun, 04 May 2025 15:55:06 +0000