FISA

Security researchers disclosed a new software supply chain campaign attributed to the North Korean threat actor Lazarus Group. The operation targets software developers through malicious packages uploaded to the npm registry, one of the world's largest repositories for JavaScript software components. Unlike traditional typosquatting attacks that rely on simple spelling mistakes, this campaign uses a more sophisticated technique known as brandjacking, where malicious packages are intentionally designed to appear related to legitimate and widely trusted open-source projects. According to research conducted by Sonatype, dozens of malicious packages were identified as part of the campaign, with some accumulating hundreds of downloads before detection and removal. The attackers created package names that appeared to be extensions, companion tools, utilities, or ecosystem components associated with popular projects such as React, Express, Webpack, Chai, JWT libraries, and Buffer. By usi...

Threat actors are actively exploiting a critical remote code execution vulnerability in Everest Forms Pro , a WordPress plugin used by approximately 4,000 websites. The flaw, tracked as CVE-2026-3300 with a near-maximum CVSS score of 9.8, allows completely unauthenticated attackers to execute arbitrary PHP code on affected servers and take full control of vulnerable sites. What the Vulnerability Does The root cause of the flaw lies in the Calculation Addon's process_filter() function, which takes user-submitted form field values and concatenates them directly into a PHP code string before passing it to PHP's eval() function without proper escaping. The sanitization function applied to user input does not strip single quotes or other PHP-specific characters, meaning an attacker can simply submit a crafted value through any standard string-type form field including text, email, URL, select, or radio fields on any form that uses the "Complex Calculation" feature. T...