Threat Post

1. Critical Vulnerability in Premium WordPress Themes Allows for Site Takeover

   Privilege escalation flaw discovered in the Jupiter and JupiterX Core Plugin affects more than 90,000 sites.

2. DOJ Says Doctor is Malware Mastermind

   The U.S. Department of Justice indicts middle-aged doctor, accusing him of being a malware mastermind.

3. APTs Overwhelmingly Share Known Vulnerabilities Rather Than Attack O-Days

   Research indicates that organizations should make patching existing flaws a priority to mitigate risk of compromise.

4. April VMware Bugs Abused to Deliver Mirai Malware, Exploit Log4Shell

   Researchers say a GitHub proof-of-concept exploitation of recently announced VMware bugs is being abused by hackers in the wild.

5. Sysrv-K Botnet Targets Windows, Linux

   Microsoft researchers say they are tracking a botnet that is leveraging bugs in the Spring Framework and WordPress plugins.

6. iPhones Vulnerable to Attack Even When Turned Off

   Wireless features Bluetooth, NFC and UWB stay on even when the device is powered down, which could allow attackers to execute pre-loaded malware.

7. Microsoft’s May Patch Tuesday Updates Cause Windows AD Authentication Errors

   Microsoft's May Patch Tuesday update is triggering authentication errors.

8. Threat Actors Use Telegram to Spread ‘Eternity’ Malware-as-a-Service

   An account promoting the project—which offers a range of threat activity from info-stealing to crypto-mining to ransomware as individual modules—has more than 500 subscribers.

9. Malware Builder Leverages Discord Webhooks

   Researchers discovered a simple malware builder designed to steal credentials, then pinging them to Discord webhooks.

10. You Can’t Eliminate Cyberattacks, So Focus on Reducing the Blast Radius

    Tony Lauro, director of security technology and strategy at Akamai, discusses reducing your company's attack surface and the "blast radius" of a potential attack.