The fileless attack uses a phishing campaign that lures victims with information about a worker’s compensation claim.
A researcher claims that the issue can be exploited by attackers in order to gain root access.
Team Showcase, a sister plugin, is also vulnerable to the XSS and PHP object-injection bugs — together they have 66,000 installs.
The cryptojacking malware variant builds on the TeamTNT group’s typical approach, with a few new — and sophisticated — extras.
AgentTesla, LimeRAT, W3Cryptolocker and Redline Stealer are now using Paste.nrecom in spear-phishing attacks.
The MosaicRegressor espionage framework is newly discovered and appears to be the work of Chinese-speaking actors.
A variant of the Mirai botnet, called Ttint, has added espionage capabilities to complement its denial-of-service functions.