Two security vulnerabilities — one a privilege-escalation problem and the other a stored XSS bug — afflict a WordPress plugin with 40,000 installs.
[...]
A sophisticated threat actor has hijacked email security connections to spy on targets.
Source: Threat Post – Web Security – Mimecast Certificate
[...]
The underground payment-card data broker saw its blockchain DNS sites taken offline after an apparent law-enforcement effort.
Source: Threat Post – Web
[...]
Examining the backdoor’s DNS communications led researchers to find a government agency and a big U.S. telco that were flagged for further exploitation
[...]