Security
Stay informed with the latest developments in cybersecurity through our Security category. Discover in-depth news, analysis, and updates on emerging cyber threats, malware incidents, and major data breaches. Whether you’re a cybersecurity professional or just keen on protecting your digital footprint, find insights and trends that are shaping the future of online security here.
Hackers launch mass attacks exploiting outdated WordPress plugins
A widespread exploitation campaign is targeting WordPress websites with GutenKit and Hunk Companion plugins vulnerable to critical-severity, old security issues that can be used to achieve remote code execution (RCE). WordPress security firm Wordfence says that it blocked 8.7 million attack attempts against its customers in just two days, October 8 and 9. The campaign expoits three […]
Critical WSUS flaw in Windows Server now exploited in attacks
Attackers are now exploiting a critical-severity Windows Server Update Service (WSUS) vulnerability, which already has publicly available proof-of-concept exploit code. Tracked as CVE-2025-59287, this remote code execution (RCE) flaw affects only Windows servers with the WSUS Server role enabled to act as an update source for other WSUS servers within the organization (a feature that isn’t […]
Fake LastPass death claims used to breach password vaults
LastPass is warning customers of a phishing campaign sending emails with an access request to the password vault as part of a legacy inheritance process. The activity started in mid-October, and the domains and infrastructure used point to a financially motivated threat group called CryptoChameleon (UNC5356). CryptoChamemelon employs a phishing kit specializing in cryptocurrency theft, targeting multiple wallets […]
Windows Server emergency patches fix WSUS bug with PoC exploit
Microsoft has released out-of-band (OOB) security updates to patch a critical-severity Windows Server Update Service (WSUS) vulnerability with publicly available proof-of-concept exploit code. WSUS is a Microsoft product that enables IT administrators to manage and deliver Windows updates to computers within their network. Tracked as CVE-2025-59287, this remote code execution (RCE) security flaw affects only Windows […]
Hackers earn $1,024,750 for 73 zero-days at Pwn2Own Ireland
The Pwn2Own Ireland 2025 hacking competition has ended with security researchers collecting $1,024,750 in cash awards after exploiting 73 zero-day vulnerabilities. At Pwn2Own Ireland 2025, competitors targeted products in eight categories, including printers, network storage systems, messaging apps, smart home devices, surveillance equipment, home networking equipment, flagship smartphones (Apple iPhone 16, Samsung Galaxy S25, and Google Pixel 9), and wearable […]
Toys “R” Us Canada warns customers’ info leaked in data breach
Toys “R” Us Canada has sent notices of a data breach to customers informing them of a security incident where threat actors leaked customer records they had previously stolen from its systems. The company discovered the data leak on July 30, 2025, when a threat actor posted on the dark web what they claimed to […]
CISA warns of Lanscope Endpoint Manager flaw exploited in attacks
The Cybersecurity & Infrastructure Security Agency (CISA) is warning that hackers are exploiting a critical vulnerability in the Motex Landscope Endpoint Manager. The flaw is tracked as CVE-2025-61932 and has a critical severity score of 9.3. It stems from improper verification of the origin of incoming requests, and could be exploited by an unauthenticated attacker to execute […]
Microsoft disables File Explorer preview for downloads to block attacks
Microsoft says that the File Explorer (formerly Windows Explorer) now automatically blocks previews for files downloaded from the Internet to block credential theft attacks via malicious documents. The change is already live for users who have installed this month’s Patch Tuesday security updates on Windows 11 and Windows Server systems. As Redmond explains in a support […]
Spoofed AI sidebars can trick Atlas, Comet users into dangerous actions
OpenAI’s Atlas and Perplexity’s Comet browsers are vulnerable to attacks that spoof the built-in AI sidebar and can lead users into following malicious instructions. The AI Sidebar Spoofing attack was devised by researchers at browser security company SquareX and works on the latest versions of the two browsers. The researchers created three realistic attack scenarios where a […]
North Korean Lazarus hackers targeted European defense companies
North Korean Lazarus hackers compromised three European companies in the defense sector through a coordinated Operation DreamJob campaign leveraging fake recruitment lures. The threat group’s activity was detected in late March and targeted organizations involved in the development of unmanned aerial vehicle (UAV) technology. ‘Operation DreamJob’ is a long-running Lazarus campaign where the adversary, posing as […]