CISTCK GROUP
  • Home
  • About Us
  • Our Clients
  • Services
    • MSSP
  • Products
    • Smart City Solutions
  • Contact Us
  • BLOG
Select Page
New wp2shell WordPress Core Flaw Lets Unauthenticated Attackers Run Code

New wp2shell WordPress Core Flaw Lets Unauthenticated Attackers Run Code

by admin | Jul 17, 2026 | Uncategorized

An anonymous HTTP request can run code on a WordPress site. The bug is in core, so a bare install with zero plugins is exploitable. Every 6.9 and 7.0 site was in range until Friday, when WordPress shipped 6.9.5 and 7.0.2 and enabled what it calls forced updates...
OpenSSL HollowByte Flaw Could Freeze Server Memory with 11-Byte TLS Requests

OpenSSL HollowByte Flaw Could Freeze Server Memory with 11-Byte TLS Requests

by admin | Jul 17, 2026 | Uncategorized

Eleven bytes will make an unpatched OpenSSL server set aside up to 131 KB of memory for a message that never arrives. On the glibc systems Okta tested, that memory is gone until the process restarts. OpenSSL shipped the HollowByte fix in June with no CVE, no advisory,...
Seven Malicious Vite npm Packages Use Blockchain C2 to Deliver a RAT

Seven Malicious Vite npm Packages Use Blockchain C2 to Deliver a RAT

by admin | Jul 17, 2026 | Uncategorized

Cybersecurity researchers have discovered a cluster of seven malicious npm packages targeting the Vite frontend tooling ecosystem as part of a software supply chain attack. The malicious package campaign, codenamed ViteVenom by Checkmarx, marks an expansion of...
New NadMesh Botnet Hunts Exposed AI Services for Cloud Keys and Kubernetes Tokens

New NadMesh Botnet Hunts Exposed AI Services for Cloud Keys and Kubernetes Tokens

by admin | Jul 17, 2026 | Uncategorized

A Go botnet called NadMesh turned up in early July hunting exposed AI services, and the operator’s own dashboard claims 3,811 unique AWS keys. A Shodan harvester keeps the scan queue stocked with ComfyUI, Ollama, n8n, Open WebUI, Langflow, and Gradio: the image...
GoldenEyeDog Subgroup Linked to DigiCert Breach and Code-Signing Certificate Theft

GoldenEyeDog Subgroup Linked to DigiCert Breach and Code-Signing Certificate Theft

by admin | Jul 17, 2026 | Uncategorized

Cybersecurity researchers have attributed the April 2026 DigiCert security incident to a threat activity cluster dubbed CylindricalCanine. Expel, which shared technical details of the event, described the threat actor as a sub-group of GoldenEyeDog (aka APT-Q-27,...
Fake Coding Tests Deliver OtterCookie-Aligned Malware Hidden in SVG Flag Images

Fake Coding Tests Deliver OtterCookie-Aligned Malware Hidden in SVG Flag Images

by admin | Jul 17, 2026 | Uncategorized

North Korean threat actors linked to the Contagious Interview campaign have been observed employing steganography in SVG image files to conceal malicious payloads as part of a campaign using fake job postings and coding challenges. “Any user who ran the project...
« Older Entries

Recent Posts

  • New wp2shell WordPress Core Flaw Lets Unauthenticated Attackers Run Code
  • OpenSSL HollowByte Flaw Could Freeze Server Memory with 11-Byte TLS Requests
  • Seven Malicious Vite npm Packages Use Blockchain C2 to Deliver a RAT
  • New NadMesh Botnet Hunts Exposed AI Services for Cloud Keys and Kubernetes Tokens
  • GoldenEyeDog Subgroup Linked to DigiCert Breach and Code-Signing Certificate Theft

Recent Comments

No comments to show.

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025
  • April 2025
  • March 2025
  • February 2025
  • January 2025
  • December 2024
  • November 2024
  • October 2024
  • September 2024
  • August 2024
  • July 2024
  • June 2024
  • May 2024
  • April 2024
  • March 2024
  • February 2024
  • November 2021
  • October 2021
  • April 2021
  • March 2021

Categories

  • Analysis
  • App
  • Cryptocurrency
  • Healthcare
  • Mobile
  • Technology
  • Uncategorized

Categories

  • Analysis
  • App
  • Cryptocurrency
  • Healthcare
  • Mobile
  • Technology
  • Uncategorized

Tags

Analytics Automation CSS Customer Data Edge Computing Healthcare Industry Marketing ransomware ransomware attack ransomware protection Sports Technology Warehouse
CISTCK Group

About Us

CISTCK Group is the most trusted partner for some of the world’s leading enterprises, innovators, SMEs and technopreneurs. We help businesses levitate their excellence through custom software development, UI/UX design, MVPs, Software Testing, and consultancy services.

  • Testing & QA
  • Custom Software Development
  • Website Development
  • IT Support Services
  • Software Support & Maintenance
  • E-Learning – LMS

Smart everything, connect and control remotely from your mobile device.

  • About us
  • FAQ
  • Our History
  • Facebook
  • X
  • Instagram
  • RSS

Designed by Elegant Themes | Powered by WordPress