Hackers Exploit Gravity SMTP WordPress Plugin Bug to Expose API Keys
Threat actors are exploiting a recently patched security flaw impacting Gravity SMTP, a WordPress plugin that's installed on about 100,000 sites. The vuln…
Google Launches Dedicated AI Bug Bounty Program with Rewards Up to $30,000
Google has unveiled a new AI Vulnerability Reward Program (VRP), offering payouts of up to $30,000 for researchers who successfully identify…
Step Into the Password Graveyard… If You Dare (and Join the Live Session)
Every year, weak passwords lead to millions in losses — and many of those breaches could have been stopped. Attackers don't need…
LockBit, Qilin, and DragonForce Join Forces to Dominate the Ransomware Ecosystem
Three prominent ransomware groups DragonForce, LockBit, and Qilin have announced a new strategic ransomware alliance, once underscoring…
Digital Fraud Costs Companies Worldwide 7.7% of Annual Revenue
A sharp rise in digital fraud is costing companies worldwide an average of 7.7% of annual revenue, according to TransUnion’s H2 2025…
Critical AWS ClientVPN for macOS Vulnerability Let Attackers Escalate Privileges
A critical flaw in the AWS Client VPN for macOS has been disclosed, presenting a local privilege escalation risk to non-administrator…
OpenAI Finds Growing Exploitation of AI Tools by Foreign Threat Groups
OpenAI’s latest “Disrupting Malicious Uses of AI” report shows that hackers and influence operators are moving toward a more…
Severe Figma MCP Vulnerability Lets Hackers Execute Code Remotely — Patch Now
Cybersecurity researchers have disclosed details of a now-patched vulnerability in the popular figma-developer-mcp Model Context Protocol…
PoC Exploit Released for Critical Lua Engine Vulnerabilities
Three newly disclosed vulnerabilities have been identified in the Lua scripting engine of Redis 7.4.5, each presenting severe risks of remote…
Cyber-Attack Contributes to Huge Sales Drop at JLR
Jaguar Land Rover (JLR) has revealed a 25% drop in volume sales in the three months up to September 30, largely as a result of the ongoing…
New Shuyal Stealer Targets 17 Web Browsers for Login Data and Discord Tokens
Cybersecurity researchers at Point Wild’s Lat61 Threat Intelligence Team have found a new infostealer called Shuyal Stealer, a malware…
Bybit Theft Drives Record-Breaking $2bn Haul for North Korea
North Korea-backed threat actors have stolen more than $2bn in cryptocurrency this year to fund the hermit state’s missile and nuclear…
Met Police Arrest Two Teens in Connection with Kido Attack
Two teenaged boys have been arrested following a cyber-attack and attempted extortion of a London nursery group, the Metropolitan Police has…
CISA Warns of Zimbra Collaboration Suite (ZCS) XSS Zero-Day Vulnerability Actively Exploited in Attacks
CISA has issued a critical warning regarding a zero-day cross-site scripting (XSS) vulnerability in Synacor’s Zimbra Collaboration Suite…
Multiple Chrome Vulnerabilities Expose Users to Arbitrary Code Execution Attacks
Google has released Chrome version 141.0.7390.65/.66 for Windows and Mac, along with 141.0.7390.65 for Linux, addressing multiple critical…
OpenAI Disrupts Russian, North Korean, and Chinese Hackers Misusing ChatGPT for Cyberattacks
OpenAI on Tuesday said it disrupted three activity clusters for misusing its ChatGPT artificial intelligence (AI) tool to facilitate malware…
Microsoft Signs 100 MW Solar PPA with Shizen Energy to Power AI in Japan
Microsoft continues to advance its renewable energy transition in Japan, having recently confirmed the signing of three new solar Power…
Evernote Relaunches as AI-First Note App with Semantic Search and OpenAI Assistant
Once the defining name in note-taking applications, Evernote had seen its presence wane in recent years. Yet under the stewardship of Italian…
Critical AWS VPN Client Flaw CVE-2025-11462 (CVSS 9.3) Allows Root Privilege Escalation on macOS
Amazon Web Services (AWS) has released an important bulletin warning users of a critical local privilege escalation in the AWS Client VPN…
Critical Nagios Flaw CVE-2025-44823 (CVSS 9.9) Leaks Plaintext Admin API Keys, PoC Available
researchers have identified two critical in Nagios Log Server, the enterprise log management solution widely used for centralized logging,…
Zimbra XSS Zero-Day (CVE-2025-27915) Actively Exploited; CISA Adds to KEV Catalog
A cross-site scripting (XSS) in Synacor Zimbra Collaboration Suite (ZCS) — tracked as CVE-2025-27915 — has been confirmed to be…
OpenSSH Flaw (CVE-2025-61984) Allows Remote Code Execution via Usernames
researcher David Leadbeater has disclosed a in OpenSSH, identified as CVE-2025-61984, which highlights how even minor quirks in command-line…
Chrome 141 Stable Fixes Two High-Severity Flaws: Heap Overflow in Sync and UAF in Storage
Google has released a new Stable Channel update for Chrome 141.0.7390.65/.66 on Windows and macOS and 141.0.7390.65 for Linux, addressing…
Actively Exploited: Critical Flaw CVE-2025-5947 (CVSS 9.8) Allows Unauthenticated Admin Takeover in WordPress Plugin
researchers at Wordfence have issued an urgent warning about an actively exploited authentication bypass in the Service Finder Bookings plugin…
CISA Adds Zimbra XSS Flaw to KEV After Active Exploitation
On October 6, 2025, the Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2025-27915—an actively exploited vulnerability…
Salesforce refuses to pay ransom over widespread data theft attacks
Salesforce has confirmed that it will not negotiate with or pay a ransom to the threat actors behind a massive wave of data theft attacks that…
ShinyHunters Wage Broad Corporate Extortion Spree
A cybercriminal group that used voice phishing attacks to siphon more than a billion records from Salesforce customers earlier this year has…
Docker makes Hardened Images Catalog affordable for small businesses
The Docker team has announced unlimited access to its Hardened Images catalog to make access to secure software bundles affordable for…
Google won’t fix new ASCII smuggling attack in Gemini
Google has decided not to fix a new ASCII smuggling attack in Gemini that could be used to trick the AI assistant into providing users with…
DraftKings warns of account breaches in credential stuffing attacks
Sports betting giant DraftKings has notified an undisclosed number of customers that their accounts had been hacked in a recent wave of…
13-Year-Old RediShell Vulnerability Puts 60,000 Redis Servers at Risk
A new vulnerability in Redis, now known as RediShell (CVE-2025-49844), has put tens of thousands of servers at risk of remote compromise. The…
Clop exploited Oracle zero-day for data theft since early August
The Clop ransomware gang has been exploiting a critical Oracle E-Business Suite (EBS) zero-day bug in data theft attacks since at least early…
Qilin Ransomware Gang Claims Asahi Cyber-Attack
The Qilin ransomware group has claimed responsibility for the cyber-attack on Japan’s Asahi Group and says it has stolen sensitive data…
BatShadow Group Uses New Go-Based 'Vampire Bot' Malware to Hunt Job Seekers
A Vietnamese threat actor named BatShadow has been attributed to a new campaign that leverages social engineering tactics to deceive job…
North Korean hackers stole over $2 billion in crypto this year
North Korean hackers have stolen an estimated $2 billion worth of cryptocurrency assets in 2025, marking the largest annual total on record.…
Electronics giant Avnet confirms breach, says stolen data unreadable
Electronic components distributor Avnet confirmed in a statement for BleepingComputer that it suffered a data breach but noted that the stolen…
CrowdStrike Identifies Campaign Targeting Oracle E-Business Suite via Zero-Day Vulnerability (now tracked as CVE-2025-61882)
CrowdStrike is tracking a mass exploitation campaign almost certainly leveraging a novel zero-day vulnerability — now tracked as…
Microsoft kills more Microsoft Account bypasses in Windows 11
Microsoft is removing more methods that help users create local Windows accounts and bypass the Microsoft account requirement when installing…
Medusa Ransomware Exploiting GoAnywhere MFT Flaw, Confirms Microsoft
A CVSS 10.0 deserialization vulnerability in Fortra’s GoAnywhere Managed File Transfer (MFT) solution is now being actively exploited by…
Google's New AI Doesn't Just Find Vulnerabilities — It Rewrites Code to Patch Them
Google’s DeepMind division on Monday announced an artificial intelligence (AI)-powered agent called CodeMender that automatically…
Redishell: The Critical 13-Year-Old Redis Vulnerability Need to be Patched
In early October 2025, a devastating remote code execution (RCE) vulnerability in Redis—known as Redishell (CVE-2025-49844)—shook…
Critical Flaw Exposes 60,000 Redis Servers to Remote Exploitation
A critical security flaw in Redis, a popular in-memory database platform used by about 75% of cloud environments, has left an estimated 60,000…
Qilin Claims Ransomware Attack on Mecklenburg Schools
A ransomware attack that disrupted operations at Mecklenburg County Public Schools (MCPS) in early September has been claimed by the Russian…