Cybersecurity News
Stay informed about the latest cybersecurity incidents, vulnerabilities, and threat landscape changes. We cover data breaches, ransomware campaigns, critical CVEs, and regulatory updates – with context on what it means for you and how to protect yourself.
Ransomware Payments Fall to Record Low as Data-Theft Extortion Dominates
According to Coveware’s latest Q3 2025 ransomware report, the share of organizations that pay after an incident has fallen to ...
LastPass “Emergency Access” Phishing Targets Master Passwords and Passkeys
Users of the LastPass password manager are being hit by a large‑scale phishing wave that began in mid‑October 2025. The ...
WordPress Under Attack: Mass Exploitation of GutenKit and Hunk Companion REST API RCE Flaws
Wordfence has observed a large-scale, automated campaign abusing critical vulnerabilities in the WordPress plugins GutenKit and Hunk Companion. Over a ...
CVE-2025-11705 in Anti‑Malware Security WordPress Plugin Enables Authenticated Arbitrary File Read
A high‑impact vulnerability, CVE-2025-11705, has been identified in the popular WordPress plugin Anti‑Malware Security and Brute‑Force Firewall, enabling authenticated users ...
Mozilla to Require Data Collection Disclosures for Firefox Extensions
Mozilla is introducing mandatory data collection disclosures for Firefox extensions, aiming to strengthen transparency and user control. The new requirements ...
Microsoft patches critical WSUS RCE (CVE-2025-59287) amid active exploitation
Microsoft has released out-of-band security updates to address a critical flaw in Windows Server Update Services (WSUS), tracked as CVE-2025-59287. ...
BlueNoroff’s GhostCall and GhostHire: macOS-focused campaigns hitting crypto and Web3 firms
Kaspersky researchers have identified two coordinated BlueNoroff operations—GhostCall and GhostHire—active since April 2025 and aimed primarily at cryptocurrency and Web3 ...
Memento Labs Confirms Dante Spyware Used in ‘Forum Troll’ Campaign Exploiting Chrome CVE‑2025‑2783
Memento Labs CEO Paolo Lezzi has confirmed that the spyware known as Dante—recently detected by Kaspersky during live operations—is a ...
Brash vulnerability in Blink enables document.title DoS against Chromium browsers
A newly disclosed vulnerability known as Brash abuses how the Blink rendering engine handles document.title updates, enabling a browser denial‑of‑service ...
Mustang Panda Abuses Unpatched Windows LNK Vulnerability (CVE-2025-9491) to Deploy PlugX in Europe
China-linked threat actor UNC6384 (Mustang Panda) has mounted a coordinated cyber-espionage campaign against European diplomatic and government organizations by exploiting ...
