Funnel Builder Plugin Exploited for WooCommerce Skimming — The Hacker News

A critical vulnerability in the Funnel Builder plugin for WordPress is under active exploitation, allowing attackers to skim payment information from WooCommerce checkouts. The exploit involves inserting malicious scripts that capture sensitive data during transactions. Security teams should prioritize patching affected systems to prevent data theft and financial loss. Ensure all plugin updates are applied and monitor for any unusual activity on e-commerce sites.

Linux Kernel Vulnerability Exposes SSH Keys and Root Passwords — Google News Security (CN)

A newly disclosed high-risk vulnerability in the Linux kernel, present for six years, can allow attackers to extract SSH host keys and root passwords. This vulnerability affects multiple Linux distributions and poses a significant risk to systems relying on SSH for secure communications. Security teams should apply available patches immediately and consider rotating SSH keys and credentials to mitigate potential exposure.

• Linuxカーネルに影響する「Dirty Frag」脆弱性が公開、対策手順を案内 - CodeZine [Google News Security (JP)]
• Russian hackers turn Kazuar backdoor into modular P2P botnet [BleepingComputer]
• Linuxカーネルに「ssh-keysign-pwn」の脆弱性発覚--直近4度目 - ZDNET Japan [Google News Security (JP)]
• グーグルChromeに14件の「深刻」セキュリティ脆弱性、修正する方法も解説 - Yahoo!ニュース [Google News Security (JP)]