Security Links
The Themes Coder – Create Android & iOS Apps For Your Woocommerce Site plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.3.4. This is due to the plugin not properly validating a user's identity prior to updating their password through the update_user_profile() function. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.
#PHISHING
LOTS Project - Living Off Trusted Site

Attackers are using popular legitimate domains when conducting phishing, C&C, exfiltration and downloading tools to evade detection. The list of websites below allow attackers to use their domain or subdomain.

https://lots-project.com/
CaniPhish Blog

Follow the latest phishing trends by reading articles published by the CanIPhish team.

https://caniphish.com/phishing-resources/blog
VirusTotal

Analyse suspicious files, domains, IPs and URLs to detect malware and other breaches, automatically share them with the security community.

https://www.virustotal.com/
Palo Alto Networks URL Filtering

Enter a domain or URL into the search engine to view details about its current URL categories. To request recategorization of this website, click Request Change below the search results.

https://urlfiltering.paloaltonetworks.com/query/
Jigsaw

The quiz for phishing. Can you spot when you’re being phished? Identifying phishing can be harder than you think. Phishing is an attempt to trick you into giving up your personal information by pretending to be someone you know. Can you tell what's fake?

https://phishingquiz.withgoogle.com/
phish.ly

Analyze suspicious emails with Tines & urlscan. Forward a suspicious email (or an .eml attachment) to scan@phish.ly, Tines will automatically analyze the URLs with urlscan and send you a report.

https://phish.ly/