Website hacks

A critical SolarWinds Web Help Desk vulnerability (CVE-2025-26399) allows attackers to execute commands via deserialization flaws. CISA warns organizations to patch immediately.

India Post GDS Phishing Scam: Fake Website Warning for Job Seekers

Posted: February 04, 2026

Categories: Phishing, Website hacks, Financial fraud, Fraud Protector, Mobile Frauds

Tags: fp-1b, fp-1a

Author: Npav Lab

Fake India Post GDS recruitment websites are stealing user data. Learn how to identify phishing sites and stay protected with NPAV security.

Hackers Hijack Fake Homebrew Sites to Deliver Malware on macOS Devices

Posted: October 14, 2025

Categories: Malware Alerts, Browser Hijack, Hacker, Website hacks

Comments: 1

Tags: fp-4c, fp-3b, fp-3a, fp-1b, fp-1a, fp-

Author: Npav Lab

Kandji uncovers a September 2025 campaign where attackers clone Homebrew sites to inject malware like Odyssey Stealer via clipboard tricks—exploit C2 servers and bypass trust; mitigate by verifying sources and using endpoint monitoring.

Public Wi-Fi Dangers: How to Browse Safely Without Getting Hacked

Posted: October 10, 2025

Categories: Browser Hijack, Hacking, Hacker, Website hacks

Tags: fp-1b, fp-1a

Author: Npav Lab

Public Wi-Fi exposes you to MitM attacks and data theft—learn to spot evil twin hotspots, use VPNs for encryption, enable 2FA, and stick to cellular for sensitive tasks to protect against rising breaches in cafes and airports.

Figma MCP Vulnerability CVE-2025-53967 Enables Remote Code Execution—Update to v0.6.3 Now

Posted: October 09, 2025

Categories: Hacking, vulnerability, Website hacks, AI

Tags: fp-1b, fp-1a

Author: Npav Lab

Critical command injection flaw in Figma's MCP server (CVSS 7.5) allows RCE via unsanitized inputs in curl fallback; patched in v0.6.3. Imperva warns of risks in AI dev tools like Cursor—avoid exec with untrusted data amid rising LLM threats like Gemini's ASCII smuggling.

KrasAvia Cyberattack Disrupts Website and Flight Operations, Forcing Manual Procedures

Posted: September 19, 2025

Categories: Cyber Attack, Website hacks

Tags: fp-1b

Author: Npav Lab

Russian regional airline KrasAvia suffers a cyberattack causing website outage and halting online ticket sales. Flight operations switch to manual control as investigation continues.

Netflix, Microsoft, and Bank of America Targeted by Scam: Fake Phone Numbers Injected into Websites

Posted: June 25, 2025

Categories: Bank Phishing, Data Breach, Microsoft, Website hacks

Tags: #usersafety, #searchparameterinjection, #scamalert, #phishing, #netflix, #microsoft, #fakephonenumbers, #cybersecurity, #bankofamerica

Author: Npav Lab

A sophisticated scam operation is hijacking websites of major companies like Netflix, Microsoft, and Bank of America to display fake phone numbers. Learn how these scams work and how to protect yourself.

Advanced Malware Campaign Targets WordPress and WooCommerce Sites with Obfuscated Skimmers

Posted: June 25, 2025

Categories: Malware Alerts, Data Breach, Website hacks

Tags: #wordpresssecurity, #woocommerce, #rogueplugins, #malwarecampaign, #ecommercesecurity, #cyberthreats, #creditcardskimmers, #credentialtheft

Author: Npav Lab

A sophisticated malware campaign is targeting WordPress and WooCommerce sites with obfuscated credit card skimmers and credential theft tools. Learn about the advanced techniques and implications of this growing e-commerce cyber threat.

New TxTag Phishing Scam Uses .gov Domain to Deceive Employees

Posted: June 20, 2025

Categories: Cyber Attack, Phishing, Website hacks

Tags: txtag phishing scam, toll payment phishing, social engineering tactics, phishing attack, government domain spoofing, financial fraud, employee security, cybersecurity awareness, credential theft

Author: Npav Lab

A new phishing campaign targeting employees uses fake TxTag toll payment notices and government domain spoofing to steal personal and financial information. Learn how to recognize and avoid this sophisticated scam.