Aggregator

UK NCSC's Richard Horne on Strengthening Cyber Defense and Incident Response
Cyber risk is rising as digital dependence grows and threat actors expand. NCSC CEO Richard Horne outlines why leaders must treat cybersecurity as mission-critical, strengthen their resilience, and align defense efforts to counter ransomware, AI-driven threats, and supply chain attacks.

TriMed Is Among Several Other Medical Device Firms Recently Attacked
A California maker of implantable orthopedic gear is the latest medical device maker in recent weeks to disclose it's been a victim of a cybersecurity incident. The disclosure of the hack on TriMed comes on the heels of an Iranian hacktivist attack on Stryker and a data theft from UFP Technologies.

Founder and CEO Eric Foster Wants to Reduce Dwell Time and Scale Engineering Teams
Tenex plans to use its $250 million Series B funding to expand its AI-driven SOC platform and hire hundreds of engineers. The company aims to improve alert coverage, automate response and reduce attacker dwell time while maintaining human oversight for complex threats.

Analysts Warn Compliance Goals May Outpace Real Security Outcomes
The Pentagon's zero trust overhaul aims to unify cyber defenses, but with a small percentage of target activities reportedly complete, persistent gaps in identity, data and governance are raising doubts about whether the 2027 deadline will deliver real security gains.

Proton has announced a new video conferencing service named Meet and positioned it as a privacy-focused alternative to mainstream services like Google Meet, Zoom, and Microsoft Teams. [...]

The GIGABYTE Control Center is vulnerable to an arbitrary file-write flaw that could allow a remote, unauthenticated attacker to access files on vulnerable hosts. [...]

Anthropic accidentally exposed Claude Code source via npm, causing the code to quickly spread online after discovery. Anthropic accidentally leaked the source code of its Claude Code tool after a large debug file was included in a public npm release. The file exposed over 500,000 lines of code, which were quickly discovered, shared, and analyzed […]

Technology Talk: That forgotten notebook holds plenty of secrets to enterprise access.

A vulnerability was found in MariaDB Server up to 11.4.9/11.8.5/12.2.1. It has been classified as critical. This impacts the function JSON_SCHEMA_VALID. Performing a manipulation results in heap-based buffer overflow. This vulnerability is cataloged as CVE-2026-32710. It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability identified as critical has been detected in jwsthemes StreamVid Plugin up to 6.8.6 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation leads to improper control of filename for include/require statement in php program ('php remote file inclusion'). This vulnerability is listed as CVE-2026-25379. The attack may be initiated remotely. There is no available exploit. You should upgrade the affected component.

A vulnerability described as critical has been identified in jwsthemes LoveDate Plugin up to 3.8.6 on WordPress. This vulnerability affects unknown code. Such manipulation leads to improper control of filename for include/require statement in php program ('php remote file inclusion'). This vulnerability is documented as CVE-2026-25381. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is recommended.

A vulnerability, which was classified as critical, was found in jwsthemes Feedy Plugin up to 2.1.5 on WordPress. The impacted element is an unknown function. The manipulation results in improper control of filename for include/require statement in php program ('php remote file inclusion'). This vulnerability is known as CVE-2026-25380. It is possible to launch the attack remotely. No exploit is available. You should upgrade the affected component.

A vulnerability marked as critical has been reported in eyecix Addon Jobsearch Chat Plugin up to 3.0 on WordPress. This affects an unknown function. The manipulation leads to sql injection. This vulnerability is listed as CVE-2026-25377. The attack may be initiated remotely. There is no available exploit.

A vulnerability labeled as critical has been found in jwsthemes IdealAuto Plugin up to 3.8.6 on WordPress. Impacted is an unknown function. Executing a manipulation can lead to improper control of filename for include/require statement in php program ('php remote file inclusion'). The identification of this vulnerability is CVE-2026-25382. The attack may be launched remotely. There is no exploit available. The affected component should be upgraded.

A vulnerability, which was classified as critical, was found in CoderPress Commerce Coinbase for WooCommerce Plugin up to 1.6.6 on WordPress. Affected by this vulnerability is an unknown functionality. Executing a manipulation can lead to missing authorization. This vulnerability is registered as CVE-2026-25396. It is possible to launch the attack remotely. No exploit is available.

A vulnerability has been found in Snowray File Uploader for WooCommerce Plugin up to 1.0.4 on WordPress and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to path traversal: '.../...//'. This vulnerability is documented as CVE-2026-25397. The attack can be initiated remotely. There is not any exploit available.

A vulnerability was found in Webilia Vertex Addons for Elementor Plugin up to 1.6.4 on WordPress. It has been declared as critical. This issue affects some unknown processing. Such manipulation leads to missing authorization. This vulnerability is traded as CVE-2026-25398. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as critical was found in Saad Iqbal New User Approve Plugin up to 3.2.3 on WordPress. Affected by this issue is some unknown functionality. Executing a manipulation can lead to missing authorization. This vulnerability is tracked as CVE-2026-25390. The attack can be launched remotely. No exploit exists.

A vulnerability categorized as critical has been discovered in thememount Apicona Plugin up to 24.1.0 on WordPress. Affected by this issue is some unknown functionality. Such manipulation leads to deserialization. This vulnerability is traded as CVE-2026-25400. The attack may be launched remotely. There is no exploit available.