17 Jul, 2026

Hackers launch mass attacks exploiting outdated WordPress plugins

A widespread exploitation campaign is targeting WordPress websites with GutenKit and Hunk Companion plugins vulnerable to critical-severity, old security issues that can be used to achieve remote code execution (RCE). WordPress security firm Wordfence says that it blocked 8.7 million attack attempts against its customers in just two days, October 8 and 9. The campaign expoits three […]

2 mins read

Critical WSUS flaw in Windows Server now exploited in attacks

Attackers are now exploiting a critical-severity Windows Server Update Service (WSUS) vulnerability, which already has publicly available proof-of-concept exploit code. Tracked as CVE-2025-59287, this remote code execution (RCE) flaw affects only Windows servers with the WSUS Server role enabled to act as an update source for other WSUS servers within the organization (a feature that isn’t […]

2 mins read

Fake LastPass death claims used to breach password vaults

LastPass is warning customers of a phishing campaign sending emails with an access request to the password vault as part of a legacy inheritance process. The activity started in mid-October, and the domains and infrastructure used point to a financially motivated threat group called CryptoChameleon (UNC5356). CryptoChamemelon employs a phishing kit specializing in cryptocurrency theft, targeting multiple wallets […]

2 mins read

Windows Server emergency patches fix WSUS bug with PoC exploit

Microsoft has released out-of-band (OOB) security updates to patch a critical-severity Windows Server Update Service (WSUS) vulnerability with publicly available proof-of-concept exploit code. WSUS is a Microsoft product that enables IT administrators to manage and deliver Windows updates to computers within their network. Tracked as CVE-2025-59287, this remote code execution (RCE) security flaw affects only Windows […]

2 mins read

Hackers earn $1,024,750 for 73 zero-days at Pwn2Own Ireland

​The Pwn2Own Ireland 2025 hacking competition has ended with security researchers collecting $1,024,750 in cash awards after exploiting 73 zero-day vulnerabilities. At Pwn2Own Ireland 2025, competitors targeted products in eight categories, including printers, network storage systems, messaging apps, smart home devices, surveillance equipment, home networking equipment, flagship smartphones (Apple iPhone 16, Samsung Galaxy S25, and Google Pixel 9), and wearable […]

2 mins read

Toys “R” Us Canada warns customers’ info leaked in data breach

Toys “R” Us Canada has sent notices of a data breach to customers informing them of a security incident where threat actors leaked customer records they had previously stolen from its systems. The company discovered the data leak on July 30, 2025, when a threat actor posted on the dark web what they claimed to […]

2 mins read

CISA warns of Lanscope Endpoint Manager flaw exploited in attacks

The Cybersecurity & Infrastructure Security Agency (CISA) is warning that hackers are exploiting a critical vulnerability in the Motex Landscope Endpoint Manager. The flaw is tracked as CVE-2025-61932 and has a critical severity score of 9.3. It stems from improper verification of the origin of incoming requests, and could be exploited by an unauthenticated attacker to execute […]

2 mins read

Microsoft disables File Explorer preview for downloads to block attacks

Microsoft says that the File Explorer (formerly Windows Explorer) now automatically blocks previews for files downloaded from the Internet to block credential theft attacks via malicious documents. The change is already live for users who have installed this month’s Patch Tuesday security updates on Windows 11 and Windows Server systems. As Redmond explains in a support […]

2 mins read

Spoofed AI sidebars can trick Atlas, Comet users into dangerous actions

OpenAI’s Atlas and Perplexity’s Comet browsers are vulnerable to attacks that spoof the built-in AI sidebar and can lead users into following malicious instructions. The AI Sidebar Spoofing attack was devised by researchers at browser security company SquareX and works on the latest versions of the two browsers. The researchers created three realistic attack scenarios where a […]

3 mins read

North Korean Lazarus hackers targeted European defense companies

North Korean Lazarus hackers compromised three European companies in the defense sector through a coordinated Operation DreamJob campaign leveraging fake recruitment lures. The threat group’s activity was detected in late March and targeted organizations involved in the development of unmanned aerial vehicle (UAV) technology. ‘Operation DreamJob’ is a long-running Lazarus campaign where the adversary, posing as […]

3 mins read