Security researchers at Patchstack discovered a new vulnerability in the LiteSpeed Cache plugin for WordPress that could allow unauthenticated attackers to inject malicious code into websites. The flaw impacts the plugin’s CSS queue generation process and affects over six million active installations. The vulnerability, tracked as CVE-2024-47374, is an unauthenticated stored XSS issue that could lead to privilege escalation or data theft. The researchers noted that it exploits the plugin’s “Vary Group” functionality, which controls cache variations based on user roles.

According to security researchers at Socura, cybersecurity is now the fastest-growing IT role in the UK, but the share of women in such positions has fallen dramatically since 2021.  The researchers claimed the number of security professionals has more than doubled since Jan-Dec 2021, from 28,500 to 65,000 in March 2024.  An increase of 128% makes it the fastest-growing of any IT-related profession over that period, followed by IT support (42%), IT trainers (33%), and IT business analysts, architects, and systems designers (33%).

Security researchers at ESET have recently identified a new China-aligned threat group named CeranaKeeper, which is targeting governmental institutions in Thailand.  This group has been active since early 2022 and leverages an evolving toolset to exfiltrate sensitive data by abusing legitimate cloud services such as Dropbox, OneDrive, and GitHub.  While some of CeranaKeeper's tools were previously attributed to the Mustang Panda group, the researchers' new analysis revealed technical differences, suggesting these are distinct entities.

Security researchers at Netcraft have warned of a new wave of investment scams attempting to cash in on public awareness of the presidential debate last month. The researchers found 24 such domains related to the debate, including 14 phishing sites using the word “debate” in their domain. Many of the websites exploit the image of Republican presidential nominee Donald Trump, tech entrepreneur and billionaire Elon Musk, or a blend of both. The researchers noted that criminals likely use these personas to add legitimacy to their crypto investment theme.

Independent security researchers found a flaw in a web portal operated by the carmaker Kia that allowed them to track millions of cars, unlock doors, and start engines. The flaw discovered in the web portal enabled them to reassign control of most modern Kia vehicles' Internet-connected features, from the car owner's smartphone to their own phone or computer.

"Mustang Panda," a Chinese Advanced Persistent Threat (APT) group, is suspected of being behind an ongoing sophisticated cyber espionage campaign. It involves malicious emails, and the use of Visual Studio Code (VS Code) to spread Python-based malware, which gives attackers persistent remote access to infected machines. The Cyble Research and Intelligence Lab (CRIL) discovered the campaign spreading a .lnk file posing as a legitimate setup file to download a Python distribution package. It is actually used to run a malicious Python script.

Researchers at Akamai have found that the Common UNIX Printing System (CUPS) could be abused for large Distributed Denial-of-Service (DDoS) attacks following researcher Simone Margaritelli's warning regarding the system being vulnerable to unauthenticated Remote Code Execution (RCE). CUPS is an open source printing system based on the Internet Printing Protocol (IPP). It is mainly for Linux and UNIX-like operating systems. Margaritelli recently disclosed several unpatched CUPS vulnerabilities that, when chained together, can lead to RCE.