Cybercriminals Use Eclipse Jarsigner to Deploy XLoader Malware via ZIP Archives

February 20, 2025

A malware campaign distributing the XLoader malware has been observed using the DLL side-loading technique by making use of a legitimate application associated with the Eclipse Foundation.
“The legitimate application used in the attack, jarsigner, is a file created during the installation of the IDE package distributed by the Eclipse Foundation,” the AhnLab SEcurity Intelligence Center (ASEC)

Source: Read More

Previous ArticleChina-Linked Attackers Exploit Check Point Flaw to Deploy ShadowPad and Ransomware

Next Article Raymond Limited Confirms Cyberattack, Ensures Business Continuity

Highlights

CVE-2025-3743 – WooCommerce Upsell Funnel Builder Order Manipulation Vulnerability

April 25, 2025

CVE ID : CVE-2025-3743

Published : April 25, 2025, 7:15 a.m. | 15 minutes ago

Description : The Upsell Funnel Builder for WooCommerce plugin for WordPress is vulnerable to order manipulation in all versions up to, and including, 3.0.0. This is due to the plugin allowing the additional product ID and discount field to be manipulated prior to processing via the ‘add_offer_in_cart’ function. This makes it possible for unauthenticated attackers to arbitrarily update the product associated with any order bump, and arbitrarily update the discount applied to any order bump item, when adding it to the cart.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Sunshine And March Vibes (2025 Wallpapers Edition)

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

All the WWE 2K25 locker codes that are currently active

PSA: You don’t need to spend $400+ to upgrade your Xbox Series X|S storage

UK civil servants saved 24 minutes per day using Microsoft Copilot, saving two weeks each per year according to a new report

These solid-state fans will revolutionize cooling in our PCs and laptops

Community News: Latest PECL Releases (06.03.2025)

Community News: Latest PECL Releases (06.03.2025)

A Comprehensive Guide to Azure Firewall

Test Job Failures Precisely with Laravel’s assertFailedWith Method

All the WWE 2K25 locker codes that are currently active

All the WWE 2K25 locker codes that are currently active

PSA: You don’t need to spend $400+ to upgrade your Xbox Series X|S storage

UK civil servants saved 24 minutes per day using Microsoft Copilot, saving two weeks each per year according to a new report

Cybercriminals Use Eclipse Jarsigner to Deploy XLoader Malware via ZIP Archives

BitoPro Silent on $11.5M Hack: Investigator Uncovers Massive Crypto Theft

New Linux Vulnerabilities

Accelerated PyTorch inference with torch.compile on AWS Graviton processors

DRY – a common source of bad abstractions

Building SaaS Website #04: Creating the Pages (Part 2)

A Fresh Design for a Better Flowbite Experience

CVE-2025-3743 – WooCommerce Upsell Funnel Builder Order Manipulation Vulnerability

FM-Intent: Predicting User Session Intent with Hierarchical Multi-Task Learning

IT Security Expert Praveen Mishra Takes on CISO Role at Axis Finance

Tabëla formats tables into HTML or Markdown

Cybercriminals Use Eclipse Jarsigner to Deploy XLoader Malware via ZIP Archives

Related Posts