exposes
-
A critical security vulnerability has been discovered in the popular WordPress plugin, WP Ghost, which boasts over 200,000 active installations. This flaw, tracked as CVE-2025-26909, concerns an unauthenticated Local File Inclusion (LFI) vulnerability that could potentially lead to Remote Code Execution (RCE) attacks on nearly all server environments. The vulnerability has been addressed in the…
-
A critical security vulnerability has been discovered in the popular Age Gate plugin for WordPress, potentially exposing over The post Critical WordPress Plugin Vulnerability Exposes Over 40,000 Websites to Code Execution Attacks appeared first on Cybersecurity News.
-
SpyX, a company known for developing spyware, has experienced a data breach that compromised the personal information of nearly 2 million users. As per a report posted by Have I been Pwned, the breach, which occurred on June 24, 2024, exposed a wide array of sensitive data, including email addresses, IP addresses, device information, geographic…
-
A security vulnerability, identified as CVE-2025-24071, has been discovered that allows for the leakage of NTLM hashes when The post PoC Released: Windows Explorer CVE-2025-24071 Vulnerability Exposes NTLM Hashes appeared first on Cybersecurity News.
-
On Tuesday, onchain investigator ZachXBT raised alarms about the growing prevalence and severity of exploits within the cryptocurrency sector, highlighting the recent Bybit breach as a critical example. ‘This Industry Is Unbelievably Cooked,’ Says Investigator His latest commentary delivers a scathing assessment of the industry’s approach to security, regulatory compliance, and efforts to combat illicit…
-
A major security flaw has been found in RSA encryption keys used across the internet. Researchers discovered that about one in 172 online certificates are at risk due to a mathematical weakness. The issue mainly affects Internet of Things (IoT) devices but could impact any system using improperly generated RSA keys, arising from poor random…
-
A recent vulnerability discovered in an UK National Health Service HS API has once again highlighted the risks associated with insecure mobile application programming interfaces (APIs). The flaw reportedly allowed unauthorized access to sensitive patient data, raising serious concerns about the security of healthcare applications. The post UK NHS API Flaw Exposes Critical Mobile Security…
-
A critical security vulnerability has been identified in Apache NiFi, a popular open-source data integration tool. The vulnerability, tracked as CVE-2025-27017, allows authorized users with read access to the system to view sensitive credentials used to connect to MongoDB databases. This security flaw affects multiple versions of Apache NiFi, prompting urgent action from users to…
-
U.S. agencies have released a collaborative cybersecurity advisory detailing the tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), and detection strategies linked to the Medusa ransomware. Medusa, a ransomware-as-a-service (RaaS) variant, was first detected in June 2021. As of February 2025, Medusa developers and affiliates have impacted over 300 victims from across critical infrastructure…
-
A recently patched vulnerability in the popular Apache Camel Java library is under scrutiny by security researchers, with The post Apache Camel Vulnerability (CVE-2025-27636) Exposes Applications to RCE, PoC Releases appeared first on Cybersecurity News.
-
A severe vulnerability has been discovered in the popular WordPress plugin “HUSKY – WooCommerce Products Filter Professional,” formerly The post Critical Flaw Exposes 100,000+ WooCommerce Sites: Unauthenticated File Inclusion Threatens Total Takeover appeared first on Cybersecurity News.
-
A Texas pharmacist, Dehshid “David” Nourian, 62, of Plano, has been sentenced to 17 years and six months The post $405 Million Forfeited: Texas Pharmacist’s Fraudulent Compound Cream Scheme Exposes Vulnerabilities in Healthcare Systems appeared first on Cybersecurity News.
-
A newly disclosed security vulnerability, CVE-2025-24043, affecting Microsoft’s WinDbg debugger, poses a severe remote code execution (RCE) threat The post WinDbg Remote Code Execution Vulnerability: CVE-2025-24043 Exposes Critical Security Risk appeared first on Cybersecurity News.
-
OpenText Identity Manager, a comprehensive identity management suite used by organizations to manage user identities and access, has The post CVE-2024-12799 (CVSS 10): OpenText Identity Manager Vulnerability Exposes Sensitive Information appeared first on Cybersecurity News.
-
A series of critical vulnerabilities in DrayTek Vigor routers widely deployed in small office/home office (SOHO) environments have been uncovered, exposing devices to remote code execution (RCE), denial-of-service (DoS) attacks, and credential theft. The flaws discovered during firmware reverse-engineering efforts highlight systemic security weaknesses in routers that act as gateways between local networks and the…
-
A severe security vulnerability has been discovered in GiveWP, the popular WordPress donation plugin, putting over 100,000 websites The post CVE-2025-0912: Critical Flaw Exposes Over 100,000 WordPress Donation Sites to RCE appeared first on Cybersecurity News.
-
Microsoft has amended recent civil litigation to name key developers of malicious tools designed to bypass AI safeguards, including those in Azure OpenAI Service. The legal action targets four individuals—Arian Yadegarnia (Iran), Alan Krysiak (UK), Ricky Yuen (Hong Kong), and Phát Phùng Tấn (Vietnam)—who are part of a global cybercrime group, Storm-2139. These actors exploited…
-
Comments
-
A vulnerability in Cocospy and Spyic is exposing the personal data of millions of individuals.
-
A leak suggests that Chinese cybersecurity firm TopSec offers censorship-as-a-service services, it provided bespoke monitoring services to a state-owned enterprise facing a corruption scandal. SentinelLABS researchers analyzed a data leak that suggests that the Chinese cybersecurity firm TopSec offers censorship-as-a-service services. The origin of the data leak is unclear, the leak is large and inconsistently…