15 Jul, 2026

Hackers exploit Modular DS WordPress plugin flaw for admin access

Hackers are actively exploiting a maximum severity flaw in the Modular DS WordPress plugin that allows them to bypass authentication remotely and access the vulnerable sites with admin-level privileges. The flaw, tracked as CVE-2026-23550, affects versions 2.5.1 and older of Modular DS, a management plugin that allows managing multiple WordPress sites from a single interface. The plugin lets […]

2 mins read

Critical WhisperPair flaw lets hackers track, eavesdrop via Bluetooth audio devices

Security researchers have discovered a critical vulnerability in Google’s Fast Pair protocol that can allow attackers to hijack Bluetooth audio accessories, track users, and eavesdrop on their conversations. The flaw (tracked as CVE-2025-36911 and dubbed WhisperPair) affects hundreds of millions of wireless headphones, earbuds, and speakers from multiple manufacturers that support Google’s Fast Pair feature. It affects users regardless […]

3 mins read

FTC bans GM from selling drivers’ location data for five years

The U.S. Federal Trade Commission has finalized an order with General Motors (GM) and its subsidiary, OnStar, settling charges that they collected and sold the location and driving data of millions of drivers without consent. General Motors owns the GMC, Cadillac, Chevrolet, and Buick brands and produces over 6.1 million vehicles each year. OnStar, GM’s subsidiary, […]

2 mins read

Palo Alto Networks warns of DoS bug letting hackers disable firewalls

Palo Alto Networks patched a high-severity vulnerability that could allow unauthenticated attackers to disable firewall protections in denial-of-service (DoS) attacks. Tracked as CVE-2026-0227, this security flaw affects next-generation firewalls (running PAN-OS 10.1 or later) and Palo Alto Networks’ Prisma Access configurations when the GlobalProtect gateway or portal is enabled. The cybersecurity company says that most […]

3 mins read

Microsoft disrupts massive RedVDS cybercrime virtual desktop service

Microsoft announced on Wednesday that it disrupted RedVDS, a massive cybercrime platform linked to at least $40 million in reported losses in the United States alone since March 2025. Microsoft filed civil lawsuits in the United States and the United Kingdom, seizing malicious infrastructure and taking RedVDS’s marketplace and customer portal offline as part of […]

3 mins read

South Korean giant Kyowon confirms data theft in ransomware attack

The Kyowon Group (Kyowon), a South Korean conglomerate, disclosed that a cyberattack has disrupted its operations and customer information may have been exposed in the incident. The company published a statement earlier this week saying that it recently learned that its systems had been targeted in a suspected ransomware attack. In a subsequent update today, Kyowon […]

2 mins read

France fines Free Mobile €42 million over 2024 data breach incident

The French data protection authority (CNIL) has imposed cumulative fines of €42 million on Free Mobile and its parent company, Free, for inadequate protection of customer data against cyber threats. The company is the second-largest internet service provider in France and suffered a data breach in October 2024, exposing information of nearly 23 million mobile and […]

2 mins read

Exploit code public for critical FortiSIEM command injection flaw

Technical details and a public exploit have been published for a critical vulnerability affecting Fortinet’s Security Information and Event Management (SIEM) solution that could be leveraged by a remote, unauthenticated attacker to execute commands or code. The vulnerability is tracked as CVE-2025-25256, and is a combination of two issues that permit arbitrary write with admin permissions […]

2 mins read

Verizon Wireless outage puts phones in SOS mode without cell service

Verizon Wireless is suffering a massive outage in the US, with customers reporting their phones stuck in SOS mode with no cellular service. “We are aware of an issue impacting wireless voice and data services for some customers. Our engineers are engaged and are working to identify and solve the issue quickly. We understand how […]

2 mins read

Microsoft updates Windows DLL that triggered security alerts

Microsoft has resolved a known issue that was causing security applications to flag a core Windows component, the company said in a service alert posted this week. The list of affected systems is quite extensive and includes both client (Windows 10 and Windows 11) and server (Windows Server 2012 through Windows Server 2025) platforms. According […]

2 mins read