Cybersecurity News
Stay informed about the latest cybersecurity incidents, vulnerabilities, and threat landscape changes. We cover data breaches, ransomware campaigns, critical CVEs, and regulatory updates – with context on what it means for you and how to protect yourself.
Post SMTP CVE-2025-11833 is under active attack: update WordPress sites to 3.6.1+
Attackers are actively targeting WordPress sites via a critical vulnerability, CVE-2025-11833, in the widely used Post SMTP plugin (over 400,000 ...
Proofpoint: RMM-enabled phishing campaigns hijack logistics systems to reroute cargo
Threat researchers at Proofpoint are tracking a wave of targeted phishing operations against transportation and logistics providers that convert cyber ...
Malicious VS Code Extension “susvsex” Combines Data Exfiltration and AES‑256‑CBC Encryption, Exposing Supply Chain Risk
Researchers at Secure Annex have identified a malicious Visual Studio Code Marketplace extension posing as a benign developer tool yet ...
Android NFC Malware Targets Contactless Payments: HCE Abuse and APDU Tunneling Drive Fraud
Researchers at Zimperium report a sharp rise in Android malware aimed at contactless payments across Eastern Europe. More than 760 ...
PhantomRaven: npm malware campaign exploits Remote Dynamic Dependencies to evade detection
Security researchers at Koi Security report a protracted npm supply chain operation dubbed PhantomRaven that has uploaded 126 malicious packages ...
CSRF + Persistent Memory Flaw Exposes ChatGPT Atlas to Stealthy Prompt Injection
Security researchers at LayerX have identified a vulnerability in OpenAI’s new ChatGPT Atlas browser that combines Cross-Site Request Forgery (CSRF) ...
Ransomware Payments Fall to Record Low as Data-Theft Extortion Dominates
According to Coveware’s latest Q3 2025 ransomware report, the share of organizations that pay after an incident has fallen to ...
LastPass “Emergency Access” Phishing Targets Master Passwords and Passkeys
Users of the LastPass password manager are being hit by a large‑scale phishing wave that began in mid‑October 2025. The ...
WordPress Under Attack: Mass Exploitation of GutenKit and Hunk Companion REST API RCE Flaws
Wordfence has observed a large-scale, automated campaign abusing critical vulnerabilities in the WordPress plugins GutenKit and Hunk Companion. Over a ...
CVE-2025-11705 in Anti‑Malware Security WordPress Plugin Enables Authenticated Arbitrary File Read
A high‑impact vulnerability, CVE-2025-11705, has been identified in the popular WordPress plugin Anti‑Malware Security and Brute‑Force Firewall, enabling authenticated users ...
