Paid Promotion
Add your product or open-source project on TechLogHub
Listing is free. Sponsored featured placements are paid and priced in USD — open the pricing dialog to see plan details.
May 16, 2026
Security & Infrastructure Tools
Russian hackers turn Kazuar backdoor into modular P2P botnet
Russian hacker group Secret Blizzard has upgraded the Kazuar backdoor into a modular, peer-to-peer botnet designed for long-term persistence, stealth, and data exfiltration. The malware now uses three modules—Kernel (leader election and task orchestration), Bridge (external C2 proxy), and Worker (keylogging, screenshots, data harvesting, and reconnaissance)—with around 150 configurable options, including AMSI, ETW, and WLDP bypasses. Communications are AES-encrypted and protobuf-serialized via IPC. Microsoft warns this evolution increases evasion, urging defenses to emphasize behavioral detection. The botnet targets government and critical infrastructure across Europe, Asia, and Ukraine.
By TechLogHub
May 15, 2026
Security & Infrastructure Tools
Critical Funnel Builder WordPress Plugin Bug Exploited to Steal Credit Card Data on WooCommerce Checkouts
Security researchers revealed a critical unauthenticated vulnerability in Funnel Builder for WordPress that injects malicious JavaScript into WooCommerce checkout pages, enabling theft of credit card data. The flaw affects all versions prior to 3.15.0.3 and can be triggered through an exposed checkout endpoint to modify the plugin’s External Scripts setting, loading a skimmer that collects card numbers, CVVs, billing addresses, and other customer data. The malicious payload is disguised as a fake Google Tag Manager/Analytics script and communicates with an attacker-controlled server. FunnelKit released version 3.15.0.3 to fix the issue; admins should update immediately and audit External Scripts for rogue entries. The attack was detected by Sansec and reportedly affects more than 40,000 sites.
By TechLogHub
May 15, 2026
Security & Infrastructure Tools
Avada Builder WordPress plugin flaws allow site credential theft
Two flaws in the Avada Builder WordPress plugin (CVE-2026-4782 and CVE-2026-4798) could let attackers read arbitrary files (potentially exposing wp-config.php) and perform a time-based SQL injection, affecting roughly one million installations. Exploitation paths include authenticated subscriber access for file reads and unauthenticated access when WooCommerce is present and later deactivated. Patches were released as 3.15.2 (partial) and 3.15.3 (fully patched) with 3.15.3 released on May 12, 2026; site owners should update immediately.
By TechLogHub
May 15, 2026
Security & Infrastructure Tools
Microsoft to automatically roll back faulty Windows drivers
Microsoft is piloting Cloud-Initiated Driver Recovery to remotely roll back faulty Windows Update drivers to a previous stable version, eliminating the need for partners or users to intervene. The recovery, managed entirely by Microsoft through Windows Update for drivers rejected during shiproom evaluation, will be tested May–August 2026 and roll out starting September 2026 as part of the Driver Quality Initiative and broader resiliency efforts.
By TechLogHub