WordPress Plugin Flaw Exposes 600,000 Sites to File Deletion(link is external) Information Security Magazine 1 month ago A severe flaw identified in the Forminator WordPress plugin allows arbitrary file deletion and potential site takeover
Privilege Escalation Flaw Found in Azure Machine Learning Service(link is external) Information Security Magazine 1 month ago A critical Azure Machine Learning flaw allows privilege escalation, risking subscription compromise
CVE Program Launches Two New Forums to Enhance CVE Utilization(link is external) Information Security Magazine 1 month ago The CVE Board has launched a Consumer Working Group and a Researcher Working Group, allowing new stakeholders to shape the future of the CVE Program
Automation and Vulnerability Exploitation Drive Mass Ransomware Breaches(link is external) Information Security Magazine 1 month ago ReliaQuest warns that initial access vulnerability exploitation is driving successful ransomware attacks
North Korean Hackers Target Crypto Firms with Novel macOS Malware (link is external) Information Security Magazine 1 month ago SentinelLabs observed North Korean actors deploying novel TTPs to target crypto firms, including a mix of programming languages and signal-based persistence
Linux Users Urged to Patch Critical Sudo CVE(link is external) Information Security Magazine 1 month ago Two elevation of privilege vulnerabilities have been discovered on the popular Sudo utility, affecting 30-50 million endpoints in the US alone
Android SMS Stealer Infects 100,000 Devices in Uzbekistan(link is external) Information Security Magazine 1 month ago New Android malware Qwizzserial has infected 100,000 devices, primarily in Uzbekistan, stealing SMS data via Telegram distribution
AI Models Mislead Users on Login URLs(link is external) Information Security Magazine 1 month ago A third of AI-generated login URLs lead to incorrect or dangerous domains, according to Netcraft
Chinese Hackers Target France in Ivanti Zero-Day Exploit Campaign(link is external) Information Security Magazine 1 month ago The French cybersecurity agency identified Houken, a new Chinese intrusion campaign targeting various industries in France
US Treasury Sanctions Russian Bulletproof Hosting Service Aeza Group(link is external) Information Security Magazine 1 month ago The Treasury said that Aeza Group has provided infrastructure services for notorious infostealer and ransomware operators
Dozens of Corporates Caught in Kelly Benefits Data Breach(link is external) Information Security Magazine 1 month ago Benefits admin specialist Kelly Benefits has revealed a breach impacting over 500,000 individuals across 45 client organizations
Qantas Reveals “Significant” Contact Center Data Breach(link is external) Information Security Magazine 1 month ago Qantas admits that a “significant” volume of customer data may have been stolen from a contact center
Cloudflare Now Blocks AI Web Scraping by Default(link is external) Information Security Magazine 1 month ago Cloudflare now blocks AI web crawlers by default, requiring permission from site owners for access
Google Issues Emergency Patch for Fourth Chrome Zero-Day of 2025(link is external) Information Security Magazine 1 month ago Google has patched a critical type confusion vulnerability in Chrome, the fourth zero-day fix in 2025
New Report Uncovers Major Overlaps in Cybercrime and State-Sponsored Espionage(link is external) Information Security Magazine 1 month ago Proofpoint has identified similarities between the tactics of a pro-Russian cyber espionage group and a cybercriminal gang
International Criminal Court Hit by “Sophisticated and Targeted” Attack(link is external) Information Security Magazine 1 month ago The ICC said the new incident was the second “of its type” it has faced in recent years, relating to an espionage attack in 2023
Crypto Hack Losses in First Half of 2025 Exceed 2024 Total(link is external) Information Security Magazine 1 month ago CertiK found $2.47bn in crypto was stolen in H1 2025, largely due to two major security incidents – ByBit and Cetus
Ransomware Strike on Swiss Health Foundation Exposes Government Data(link is external) Information Security Magazine 1 month ago The threat actor Sarcoma has been held responsible for a ransomware attack on a Swiss health foundation
Scam Centers Expand Global Footprint with Trafficked Victims(link is external) Information Security Magazine 1 month ago Interpol warns that scam centers are expanding beyond Southeast Asia
US DoJ and Microsoft Target North Korean IT Workers(link is external) Information Security Magazine 1 month ago Both the US authorities and Microsoft have taken action to disrupt North Korean IT worker schemes