Internet service providers (ISPs) and governmental entities in the Middle East have been targeted using an updated variant of the EAGERBEE malware framework.
The new variant of EAGERBEE (aka Thumtais) comes fitted with various components that allow the backdoor to deploy additional payloads, enumerate file systems, and execute commands shells, demonstrating a significant evolution.
"The key
A vulnerability was found in FancyPost Plugin up to 6.0.0 on WordPress and classified as critical. Affected by this issue is some unknown functionality of the component Shortcode Handler. The manipulation leads to missing authorization.
This vulnerability is handled as CVE-2024-10536. The attack may be launched remotely. There is no exploit available.
A vulnerability was found in School Management System Plugin up to 1.0.8 on WordPress. It has been classified as critical. This affects an unknown part. The manipulation leads to incorrect privilege assignment.
This vulnerability is uniquely identified as CVE-2024-12470. It is possible to initiate the attack remotely. There is no exploit available.
A vulnerability classified as critical was found in payuplugin PayU CommercePro Plugin up to 3.8.3 on WordPress. This vulnerability affects unknown code of the file /wp-json/payu/v1/generate-user-token of the component REST API Endpoint. The manipulation leads to improper authentication.
This vulnerability was named CVE-2024-12264. The attack can be initiated remotely. There is no exploit available.