Gelsemium: When threat actors go gardening

ESET researchers shed light on new campaigns from the quiet Gelsemium group. Since mid-2020, ESET Research has been analyzing multiple campaigns, later attributed to the Gelsemium cyberespionage group, and has tracked down the earliest version of their main malware, Gelsevirine, to 2014. During the investigation, ESET researchers found a new version of Gelsevirine, a backdoor … More Gelsemium: When threat actors go gardening

Hundreds of suspected criminals arrested after being tricked into using FBI‑run chat app

Law enforcement around the world used a messaging app called AN0M to monitor the communications of alleged criminals. The Australian Federal Police (AFP), the United States’ Federal Bureau of Investigation (FBI) and other law enforcement agencies from 16 countries recently led a global crime bust that resulted in the arrests of more than 800 alleged … More Hundreds of suspected criminals arrested after being tricked into using FBI‑run chat app

Zero‑day in popular WordPress plugin exploited to take over websites

Websites using Fancy Product Designer are susceptible to remote code execution attacks even if the plugin is deactivated. Cybercriminals have been actively exploiting a zero-day vulnerability in Fancy Product Designer, a WordPress plugin used by more than 17,000 websites, according to a blog post by Defiant, which makes Wordfence security plugins for the web publishing platform. Attackers … More Zero‑day in popular WordPress plugin exploited to take over websites