More results...
A new wave of cyberattacks is targeting WordPress websites through malicious SEO plugins that can lead to complete site takeover. Security analysts have uncovered sophisticated malware campaigns where attackers disguise their plugins to blend seamlessl…
A newly disclosed vulnerability, CVE-2025-46647, has been identified in the openid-connect plugin of Apache APISIX, a widely used open-source API gateway. This flaw, rated as important, could allow attackers to gain unauthorized access across…
Instagram has begun rotating its TLS certificates on a daily basis, with each certificate valid for just over a week. This approach, which goes far beyond current industry standards, was discovered during routine network debugging and has since been co…
Scattered Spider, also tracked under aliases such as UNC3944, Scatter Swine, and Muddled Libra, has emerged as a formidable financially motivated cybercriminal group since at least May 2022. Initially known for targeting telecommunications and tech fir…
A critical vulnerability, tracked as CVE-2025-49826, has been discovered and addressed in the popular React-based web framework, Next.js. The flaw, present in versions >=15.1.0 and <15.1.8, allowed attackers to exploit a cache poisoning bug, p…
Cybercriminals are increasingly weaponizing legitimate software installer frameworks like Inno Setup to distribute malware, turning user-friendly tools into covert vehicles for malicious payloads. Originally designed to simplify software deployment on …
A security researcher has uncovered a significant vulnerability affecting Lenovo computers: a writable file within the Windows directory that can be exploited to bypass AppLocker restrictions. The file in question, C:\Windows\MFGSTAT.zip, is present on…
Security researchers have discovered novel ways to identify and take advantage of Microsoft Azure Arc in business settings, which is a major advancement in cybersecurity and may reveal weaknesses in this hybrid management system. Introduced in 2019, Az…
A newly disclosed vulnerability, tracked as CVE-2025-34067, has been identified in HIKVISION’s widely deployed security management platform, applyCT (also known as HikCentral). This critical flaw allows unauthenticated remote code execution (RCE)…
A sophisticated cyberattack targeting unsecured Java Debug Wire Protocol (JDWP) interfaces on honeypot servers running TeamCity, a popular CI/CD application, has been discovered, according to a startling disclosure from the Wiz Research Team. The team …