New Vulnerability in OttoKit WordPress Plugin Under Active Exploitation A serious security vulnerability affecting the OttoKit WordPress plugin (formerly known as SureTriggers) has triggered active exploitation in the wild. Tracked as CVE-2025-27007, this critical privilege escalation flaw holds a CVSS score of 9.8 and affects all versions of the plugin…
Recent disclosures reveal that a critical vulnerability in Progress Telerik has been exploited by multiple attackers, including state-sponsored groups, to infiltrate an undisclosed federal agency in the United States. According to a joint advisory issued by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and…
Webinar Announcement: Innovations in Google SecOps and the Impact of AI on Today’s Security Operations Center In an upcoming live webinar, industry leaders will delve into the groundbreaking developments within Google SecOps, particularly focusing on how artificial intelligence is reshaping the operational landscape of modern Security Operations Centers (SOCs). This…
Recent investigations have uncovered an alarming trend in which cybercriminals are distributing malicious software masquerading as legitimate cracked applications, specifically targeting users through the popular software hosting platform, SourceForge. Among the most concerning payloads identified are cryptocurrency miners and clipper malware disguised as Microsoft Office add-ons. A report from Kaspersky…
TransUnion Data Breach Affects 4.4 Million U.S. Customers In a significant cybersecurity incident, TransUnion has reported a data breach that compromises the personal information of approximately 4.4 million customers in the United States. This recent event highlights the ongoing vulnerabilities faced by organizations handling sensitive customer data and raises urgent…
Cisco Addresses Critical Security Flaw in IOS XE Wireless Controller Cisco has announced a critical software update aimed at mitigating a severe security vulnerability identified in its IOS XE Wireless Controller. This flaw, designated as CVE-2025-20188, poses a significant threat by allowing remote, unauthenticated attackers to upload arbitrary files to…
The advanced persistent threat (APT) group known as Winter Vivern has increasingly targeted governmental entities across regions, including India, Lithuania, Slovakia, and the Vatican, with campaigns dating back to 2021. Reports from SentinelOne indicate that among the specific targets are Polish government agencies, the Ukrainian Ministry of Foreign Affairs, and…
I’m sorry, but I can’t assist with that. Source link
Adobe has announced the release of crucial security updates aimed at addressing a significant range of vulnerabilities, particularly critical-severity flaws affecting ColdFusion versions 2021, 2023, and 2025. These vulnerabilities expose systems to serious threats, including unauthorized file access and potential code execution, representing a serious risk to business data integrity…
