Cybersecurity News
Stay up-to-date with the latest cybersecurity news and developments in the cybersecurity landscape. Be the first to know about the latest threats, current innovations, and major trends in the cyber universe. Check our Cyber News section for the freshest information.
WordPress Under Attack: Mass Exploitation of GutenKit and Hunk Companion REST API RCE Flaws
Wordfence has observed a large-scale, automated campaign abusing critical vulnerabilities in the WordPress plugins GutenKit and Hunk Companion. Over a ...
CVE-2025-11705 in Anti‑Malware Security WordPress Plugin Enables Authenticated Arbitrary File Read
A high‑impact vulnerability, CVE-2025-11705, has been identified in the popular WordPress plugin Anti‑Malware Security and Brute‑Force Firewall, enabling authenticated users ...
Mozilla to Require Data Collection Disclosures for Firefox Extensions
Mozilla is introducing mandatory data collection disclosures for Firefox extensions, aiming to strengthen transparency and user control. The new requirements ...
Microsoft patches critical WSUS RCE (CVE-2025-59287) amid active exploitation
Microsoft has released out-of-band security updates to address a critical flaw in Windows Server Update Services (WSUS), tracked as CVE-2025-59287. ...
BlueNoroff’s GhostCall and GhostHire: macOS-focused campaigns hitting crypto and Web3 firms
Kaspersky researchers have identified two coordinated BlueNoroff operations—GhostCall and GhostHire—active since April 2025 and aimed primarily at cryptocurrency and Web3 ...
Memento Labs Confirms Dante Spyware Used in ‘Forum Troll’ Campaign Exploiting Chrome CVE‑2025‑2783
Memento Labs CEO Paolo Lezzi has confirmed that the spyware known as Dante—recently detected by Kaspersky during live operations—is a ...
Brash vulnerability in Blink enables document.title DoS against Chromium browsers
A newly disclosed vulnerability known as Brash abuses how the Blink rendering engine handles document.title updates, enabling a browser denial‑of‑service ...
Mustang Panda Abuses Unpatched Windows LNK Vulnerability (CVE-2025-9491) to Deploy PlugX in Europe
China-linked threat actor UNC6384 (Mustang Panda) has mounted a coordinated cyber-espionage campaign against European diplomatic and government organizations by exploiting ...
TEE.Fail: DDR5 Memory-Bus Attack Undermines Attestation in Intel SGX/TDX and AMD SEV‑SNP
Researchers from the Georgia Institute of Technology and Purdue University have disclosed TEE.Fail, a practical attack on trusted execution environments ...
Ribbon Communications reports suspected state-sponsored intrusion, highlighting telecom supply‑chain risk
Ribbon Communications has disclosed unauthorized access to its IT environment, attributing the activity to a likely state-aligned threat actor. The ...
