The massive size of the WordPress plugins ecosystem is starting to show signs of rot, as yet another incident has been reported involving the sale of old abandoned plugins to new authors who immediately proceed to add a backdoor to the original code.
A WordPress plugin installed on over 300,000 sites was recently modified to download and install a hidden backdoor. The WordPress team has intervened and removed this plugin from the official WordPress Plugins repository, also providing clean versions for affected customers.
Many Android users may still have a backdoor on their device, according to new revelations made today by the Malwarebytes' mobile security research team.
German authorities are preparing a law that will force device manufacturers to include backdoors within their products that law enforcement agencies could use at their discretion for legal investigations. The law would target all modern devices, such as cars, phones, computers, IoT products, and more.
Some OnePlus devices, if not all, come preinstalled with an application named EngineerMode that can be used to root the device and may be converted into a fully-fledged backdoor by clever attackers.
One of the world's lesser-known operating systems may actually be the most used OS in the world, according to new revelations made by Google's Linux experts.
Oracle has released patches for a security issue affecting the Oracle Identity Manager that has received a rare 10 out of 10 score on the CVSSv3 bug severity scale.
A popular satellite communications (SATCOM) system installed on ships across the world is affected by two serious security flaws — a hidden backdoor account with full system privileges access and an SQL injection in the login form.
After last week we had the KRACK and ROCA cryptographic attacks, this week has gotten off to a similarly "great" start with the publication of a new crypto attack known as DUHK (Don't Use Hard-coded Keys)
Russia has fined Telegram 800,000 Russian ruble — approximately $14,000 — for failing to comply with a government order that required the company to provide access to encrypted conversations to Russian intelligence agency FSB.
Gjoko Krstic, a security researcher with Zero Science Labs, has discovered secret hard-coded accounts in thermal security cameras manufactured by FLIR Systems, Inc., one of the largest vendor of such products.
Officials reminded everyone this week that governments in the US and UK have not given up on their efforts to force tech companies to provide encryption backdoors, despite previous attempts being shut down following public outcry.
A cyber-criminal has hidden the code for a PHP backdoor inside the source code of a WordPress plugin masquerading as a security tool named "X-WP-SPAM-SHIELD-PRO."
Security researchers from Trend Micro published a report detailing a new malware family named ZNIU that uses Dirty COW to root devices and plant a backdoor.
For the past two and a half months, a WordPress plugin named Display Widgets has been used to install a backdoor on WordPress sites across the Internet.
A remote access trojan (RAT) offered as a free download on underground hacking forums comes with a secret backdoor that grants the original author access to all the victim data.
Security researchers have found five gaping holes in the firmware running on Arris modems, three of which are hardcoded backdoor accounts.
Researchers from Positive Technologies — a provider of enterprise security solutions — have found a way to disable the Intel Management Engine (ME), a much-hated component of Intel CPUs.
Three researchers from New York University (NYU) have published a paper this week describing a method that an attacker could use to poison deep learning-based artificial intelligence (AI) algorithms.