Cyber threat actors are exploiting a CMS editor, FCKeditor, discontinued 14 years ago, to compromise educational and government entities on a global scale.Exploiting open redirects in the editor, attackers perform phishing, malware distribution, and scams, deceiving users with seemingly legitimate domains. As open redirects use trusted domains, they can evade security filters and gain visibility in search engine results, making them effective in SEO poisoning campaigns. Despite not hosting malicious content directly, these open redirects persist in search results until reported for takedown. The campaign was uncovered when a cybersecurity researcher observed Google Search results for 'Free V Bucks' generators on university sites. The attackers targeted educational institutions like MIT, Columbia University, and government sites such as Virginia and Austin, Texas. The outdated FCKeditor plugin is employed in this campaign, allowing the threat actors to deploy static HTML pages and redirects to malicious sites. Compromised instances pose as legitimate content under the original domain, poisoning search engines with deceptive results. The FCKeditor was deprecated in 2010, replaced by CKEditor, which offers enhanced features and support. Despite its discontinuation, some organizations, including universities and governments, continue to use the obsolete software. The campaign illustrates the risk of outdated software on sites, enabling cybercriminals to manipulate SEO rankings for malicious purposes. Similar incidents have been observed in the past, with threat actors abusing open redirects on government sites for redirection to fake adult sites. The report emphasizes the importance of organizations keeping software updated to mitigate security risks.
The Apache Software Foundation has issued a new security advisory detailing three vulnerabilities affecting Apache Kylin, a high-concurrency OLAP engine used widely in big data ana...
NVIDIA has released a critical security update to address several vulnerabilities discovered in its NVIDIA App software for Windows. These flaws, if exploited, could allow local at...
The security of the open-source supply chain was tested again when researchers from JFrog discovered a malicious PyPI package called SoopSocks (XRAY-725599). Ostensibly advertised ...