A vulnerability in the Forminator WordPress plugin allows attackers to delete arbitrary files and take over impacted websites. The post Forminator WordPress Plugin Vulnerability Exposes 400,000 Websites to Takeover appeared first on SecurityWeek.
The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has levied sanctions against Russia-based bulletproof hosting (BPH) service provider Aeza Group to assist threat actors in their malicious activities and targeting victims in the country and across the world. The sanctions also extend to its subsidiaries AezaRead More »U.S. Sanctions Russian Bulletproof Hosting Provider for Supporting Cybercriminals Behind Ransomware
CISA says two more vulnerabilities in the messaging application TeleMessage TM SGNL have been exploited in the wild. The post CISA Warns of Two Exploited TeleMessage Vulnerabilities appeared first on SecurityWeek.
The International Criminal Court (ICC) has detected and contained a sophisticated and targeted cyberattack. The post Cyberattack Targets International Criminal Court appeared first on SecurityWeek.
Australian airline Qantas says personal information stolen from systems hosting the service records of 6 million customers. The post Qantas Data Breach Impacts Up to 6 Million Customers appeared first on SecurityWeek.
Unknown threat actors have been observed weaponizing v0, a generative artificial intelligence (AI) tool from Vercel, to design fake sign-in pages that impersonate their legitimate counterparts. “This observation signals a new evolution in the weaponization of Generative AI by threat actors who have demonstrated an ability to generate a functionalRead More »Vercel’s v0 AI Tool Weaponized by Cybercriminals to Rapidly Create Fake Login Pages at Scale
Cybersecurity researchers have discovered a critical security vulnerability in artificial intelligence (AI) company Anthropic’s Model Context Protocol (MCP) Inspector project that could result in remote code execution (RCE) and allow an attacker to gain complete access to the hosts. The vulnerability, tracked as CVE-2025-49596, carries a CVSS score of 9.4Read More »Critical Vulnerability in Anthropic’s MCP Exposes Developer Machines to Remote Exploits
Cybersecurity researchers have flagged the tactical similarities between the threat actors behind the RomCom RAT and a cluster that has been observed delivering a loader dubbed TransferLoader. Enterprise security firm Proofpoint is tracking the activity associated with TransferLoader to a group dubbed UNK_GreenSec and the RomCom RAT actors under theRead More »TA829 and UNK_GreenSec Share Tactics and Infrastructure in Ongoing Malware Campaigns
Research indicated that 16 billion passwords were exposed in what was reportedly the world’s largest data breach to date — however, some experts are questioning these claims.
PowerSchool, a California-based education technology company, recently announced a data breach that occurred between December 19 and December 28, 2024.
