Microsoft has silently plugged a security flaw that has been exploited by several threat actors since 2017 as part of the company’s November 2025 Patch Tuesday updates, according to ACROS Security’s 0patch. The vulnerability in question is CVE-2025-9491 (CVSS score: 7.8/7.0), which has been described as a Windows Shortcut (LNK)Read More »Microsoft Silently Patches Windows LNK Flaw After Years of Active Exploitation
A critical security flaw impacting a WordPress plugin known as King Addons for Elementor has come under active exploitation in the wild. The vulnerability, CVE-2025-8489 (CVSS score: 9.8), is a case of privilege escalation that allows unauthenticated attackers to grant themselves administrative privileges by simply specifying the administrator user roleRead More »WordPress King Addons Flaw Under Active Attack Lets Hackers Make Admin Accounts
The threat actor known as Water Saci is actively evolving its tactics, switching to a sophisticated, highly layered infection chain that uses HTML Application (HTA) files and PDFs to propagate via WhatsApp a worm that deploys a banking trojan in attacks targeting users in Brazil. The latest wave is characterizedRead More »Brazil Hit by Banking Trojan Spread via WhatsApp Worm and RelayNFC NFC Relay Fraud
The startup will invest the funds in accelerating development of its second-generation fully homomorphic encryption (FHE) platforms. The post Niobium Raises $23 Million for FHE Hardware Acceleration appeared first on SecurityWeek.
A critical-severity vulnerability in the King Addons for Elementor plugin for WordPress has been exploited to take over websites. The post Critical King Addons Vulnerability Exploited to Hack WordPress Sites appeared first on SecurityWeek.
Arizona is the latest state to sue Temu and its parent company PDD Holdings over allegations that the Chinese online retailer is stealing customers’ data. The post Arizona Attorney General Sues Chinese Online Retailer Temu Over Data Theft Claims appeared first on SecurityWeek.
Veza Security was recently valued at more than $800 million after raising $108 million in Series D funding. The post ServiceNow to Acquire Identity Security Firm Veza in Reported $1 Billion Deal appeared first on SecurityWeek.
The University of Pennsylvania and the University of Phoenix confirm that they are victims of the recent Oracle EBS hacking campaign. The post Penn and Phoenix Universities Disclose Data Breach After Oracle Hack appeared first on SecurityWeek.
AWS and cybersecurity vendors have made several announcements at the cloud giant’s re:Invent 2025 event. The post re:Invent 2025: AWS and Security Vendors Unveil New Products and Capabilities appeared first on SecurityWeek.
Windows now displays in the properties tab of LNK files critical information that could reveal malicious code. The post Microsoft Silently Mitigated Exploited LNK Vulnerability appeared first on SecurityWeek.
