Roughly 9 million exploit attempts were observed this month as mass exploitation of the critical vulnerabilities recommenced. The post Year-Old WordPress Plugin Flaws Exploited to Hack Websites appeared first on SecurityWeek.
Coveware has attributed the drop to large enterprises increasingly refusing to pay up and smaller amounts paid by mid-market firms. The post Ransomware Payments Dropped in Q3 2025: Analysis appeared first on SecurityWeek.
The threat actor behind Operation ForumTroll used the same toolset typically employed in Dante spyware attacks. The post Chrome Zero-Day Exploitation Linked to Hacking Team Spyware appeared first on SecurityWeek.
The ransomware group known as Qilin (aka Agenda, Gold Feather, and Water Galura) has claimed more than 40 victims every month since the start of 2025, barring January, with the number of postings on its data leak site touching a high of 100 cases in June. The development comes asRead More »Qilin Ransomware Combines Linux Payload With BYOVD Exploit in Hybrid Attack
The newly released OpenAI Atlas web browser has been found to be susceptible to a prompt injection attack where its omnibox can be jailbroken by disguising a malicious prompt as a seemingly harmless URL to visit. “The omnibox (combined address/search bar) interprets input either as a URL to navigate to,Read More »ChatGPT Atlas Browser Can Be Tricked by Fake URLs into Executing Hidden Commands
In March 2025, Kaspersky detected a wave of infections that occurred when users clicked on personalized phishing links sent via email. No further action was required to initiate the infection; simply visiting the malicious website using Google Chrome or another Chromium-based web browser was enough. The malicious links were personalizedRead More »Mem3nt0 mori – The Hacking Team is back!
Continuous investigation on the Water Saci campaign reveals innovative email-based C&C system, multi-vector persistence, and real-time command capabilities that allow attackers to orchestrate coordinated botnet operations, gather detailed campaign intelligence, and dynamically control malware activity across multiple infected machines.
WhatsApp told SecurityWeek that the two low-impact vulnerabilities cannot be used for arbitrary code execution. The post $1M WhatsApp Hack Flops: Only Low-Risk Bugs Disclosed to Meta After Pwn2Own Withdrawal appeared first on SecurityWeek.
Researchers have discovered that a prompt can be disguised as an url, and accepted by Atlas as an url in the omnibox. The post OpenAI Atlas Omnibox Is Vulnerable to Jailbreaks appeared first on SecurityWeek.
There is a new cigar named “El Pulpo The Squid.” Yes, that means “The Octopus The Squid.” As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Blog moderation policy.
