Aggregator

A vulnerability was found in WC Affiliate Plugin up to 2.9 on WordPress and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to deserialization. This vulnerability is handled as CVE-2025-47660. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in Hot Random Image Plugin up to 1.9.2 on WordPress and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument path leads to path traversal. This vulnerability is known as CVE-2025-4419. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in OrangeHRM 5.7. Affected is the function checkFOrOldHash of the file UserService.php. The manipulation leads to privilege escalation. This vulnerability is traded as CVE-2025-44040. The attack needs to be initiated within the local network. There is no exploit available.

A vulnerability, which was classified as critical, has been found in vTiger CRM Open Source Edition 8.3.0. This issue affects some unknown processing of the component Module Import Feature. The manipulation leads to code injection. The identification of this vulnerability is CVE-2025-45753. The attack may be initiated remotely. There is no exploit available.

Wiz researchers found an opportunistic threat actor has been targeting vulnerable edge devices, including Ivanti VPNs and Palo Alto firewalls.

Cellcom CEO Brighid Riordan said the company has been dealing with a “cyber incident” but they “simply don’t have a lot of facts.”

A Russian state-sponsored cyberespionage campaign attributed to APT28 (Fancy Bear/Forest Blizzard) hackers has been targeting and compromising international organizations since 2022 to disrupt aid efforts to Ukraine. [...]

Currently trending CVE - Hype Score: 1 - Windows Remote Desktop Services Remote Code Execution Vulnerability

Currently trending CVE - Hype Score: 21 - This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, visionOS 2.2. An attacker in a privileged network position may be able to alter network traffic.

Threat actor 'ByteBreaker' claims to sell 1.2B Facebook records scraped via API abuse, but inconsistencies in data size and identity raise doubts.

The company expects it will continue to struggle with online disruptions until at least July, due to the attack.

Western Governments Publish Warning Over Unit 26165 Activities
A slew of Western cybersecurity agencies warned Wednesday that Russian intelligence is targeting logistics and technology companies in a prolonged hacking campaign that includes an emphasis on internet-connected cameras situated along border crossings and military installations.

User Panels and Command and Control Domains Seized
Law enforcement and Microsoft struck a blow against malware used to steal login credentials and financial data, seizing the central command structure and thousands of online domains used to control the Lumma Stealer. Lumma first appeared on Russian-language speaking cybercriminal forums in 2022.

Akamai Researchers Flag 'BadSucessor' in Windows Server 2025
An unpatched flaw in Windows Server 2025 that is "trivial" to exploit and present in the default configuration is full domain compromised, warns new research from Akamai. The flaw is present in a new account type known as delegated managed service accounts, or dMSA.

Are We Maximizing Our Security Investments? Organizations must justify their security spend and ensure the effective use of their budget. With growing reliance on the cloud and increased utilization of Non-Human Identities (NHIs), the question arises: are we truly getting the most out of our security measures? Exploring the Nuances of Non-Human Identities NHIs, a […]

The post Are Your Security Spendings Justified and Effective? appeared first on Entro.

The post Are Your Security Spendings Justified and Effective? appeared first on Security Boulevard.

Why is Security Certainty a Necessity in Today’s Cybersecurity Landscape? Where data breaches are increasing at an alarming rate, maintaining cybersecurity certainty has become a daunting task. But what if you could ensure certainty? Enter Non-Human Identities (NHIs) and Secrets Security Management, a data-protection methodology that not only provides a robust defense against cyberattacks but […]

The post Gaining Certainty in Uncertain Security Landscapes appeared first on Entro.

The post Gaining Certainty in Uncertain Security Landscapes appeared first on Security Boulevard.

Cellcom, a regional wireless carrier based in Wisconsin (US), announced that a cyberattack is the cause of a service outage it faced during the past week. Cellcom, a regional wireless carrier in Wisconsin, confirmed a cyberattack that caused a week-long outage affecting voice and text services in Wisconsin and Upper Michigan. The company announced it […]

Children with parent-controlled Google accounts will automatically be able to access the AI-powered Gemini chatbot unless a parent opts out.

Hanan Elatr Khashoggi has alleged that the spyware vendor played a role in the death of her husband.

The post Appeals court rejects attempt by Khashoggi widow to renew suit against NSO Group appeared first on CyberScoop.

A vulnerability classified as critical was found in Trend Micro Apex Central. This vulnerability affects the function getObjWGFServiceApiByApiName of the component Widget. The manipulation leads to file inclusion. This vulnerability was named CVE-2025-47865. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.