Critical WooCommerce Payments Plugin Flaw Patched for 500,000+ WordPress Sites

Patches have been released for a critical security flaw impacting the WooCommerce Payments plugin for WordPress, which is installed on over 500,000 websites.
The flaw, if left unresolved, could enable a bad actor to gain unauthorized admin access to impacted stores, the company said in an advisory on March 23, 2023. It impacts versions 4.8.0 through 5.6.1.
Put differently, the issue could permit

https://thehackernews.com/2023/03/critic...lugin.html

Researchers Uncover Chinese Nation State Hackers' Deceptive Attack Strategies

A recent campaign undertaken by Earth Preta indicates that nation-state groups aligned with China are getting increasingly proficient at bypassing security solutions.
The threat actor, active since at least 2012, is tracked by the broader cybersecurity community under Bronze President, HoneyMyte, Mustang Panda, RedDelta, and Red Lich.
Attack chains mounted by the group commence with a

https://thehackernews.com/2023/03/resear...ation.html

GitHub Swiftly Replaces Exposed RSA SSH Key to Protect Git Operations

Cloud-based repository hosting service GitHub said it took the step of replacing its RSA SSH host key used to secure Git operations "out of an abundance of caution" after it was briefly exposed in a public repository.
The activity, which was carried out at 05:00 UTC on March 24, 2023, is said to have been undertaken as a measure to prevent any bad actor from impersonating the service or

https://thehackernews.com/2023/03/github...a-ssh.html

THN Webinar: Inside the High Risk of 3rd-Party SaaS Apps

Any app that can improve business operations is quickly added to the SaaS stack. However, employees don't realize that this SaaS-to-SaaS connectivity, which typically takes place outside the view of the security team, significantly increases risk.
Whether employees connect through Microsoft 365, Google Workspace, Slack, Salesforce, or any other app, security teams have no way to quantify their

https://thehackernews.com/2023/03/thn-we...f-3rd.html

Malicious Python Package Uses Unicode Trickery to Evade Detection and Steal Data

A malicious Python package on the Python Package Index (PyPI) repository has been found to use Unicode as a trick to evade detection and deploy an info-stealing malware.
The package in question, named onyxproxy, was uploaded to PyPI on March 15, 2023, and comes with capabilities to harvest and exfiltrate credentials and other valuable data. It has since been taken down, but not before attracting

https://thehackernews.com/2023/03/malici...icode.html

Photography during the Holocaust: Volkswagen supports exhibition “Flashes of Memo

Photography during the Holocaust: Volkswagen supports exhibition “Flashes of Memory” in German...

https://www.volkswagenag.com/en/news/202...ition.html

Ford to Build Next Electric Truck – ‘Project T3’ – at BlueOval City; BlueOva

Ford, the No. 2 EV brand in the U.S. in 2022, is on track with construction at BlueOval City mega-campus and poised to usher in a new era of American innovation and manufacturing.


https://media.ford.com/content/fordmedia...city-.html

VW's potential battery IPO attracts high investor interest, top shareholder says

<p>Hans Dieter Poetsch, chairman of Porsche SE, says that interest is extremely high from investors for a possible IPO of PowerCo.</p>

https://www.autonews.com/automakers-supp...r-interest

Ford's BlueOval City set to produce 500,000 electric pickups a year

<p>The $5.6 billion campus in western Tennessee will build a next-generation EV pickup codenamed Project T3 starting in 2025.</p>

https://www.autonews.com/manufacturing/f...ckups-year

U.S. Treasury to release EV battery sourcing rules next week

<p>The auto, battery and clean energy industries have been awaiting guidance on complex questions governing eligibility for hundreds of billions of dollars of incentives in the Inflation Reduction Act, signed into law last year.<br />
 </p>

https://www.autonews.com/manufacturing/u...-next-week