CVE-2025-47577: Critical File Upload Vulnerability Found in Wishlist WordPress Plugin
A severe flaw has been discovered in the TI WooCommerce Wishlist plugin, which is used by more than 100,000 WordPress […]
Web Security
Fake VPN and Browser Installers Drop Winos 4.0 Malware in Stealth Attacks
Researchers from Rapid7 have revealed an ongoing malware campaign that tricks users into installing Winos 4.0, a powerful and stealthy
Warning: Malicious WordPress Plugin Provides Remote Admin Access
WordPress website owners are being targeted by a new malware campaign that disguises itself as a legitimate security plugin. This
New WooCommerce Phishing Attack Installs Malware on WordPress Websites
A new phishing campaign is targeting WooCommerce admins by sending fake security alerts. The emails trick users into downloading a
Scallywag Scam: 1.4 Billion Daily Fake Ads Linked to WordPress Sites
A major online ad fraud operation known as Scallywag has been uncovered, showing how cybercriminals abused WordPress plugins to trick
Google Chrome 136 Update Stops Websites from Tracking Your Browsing History
Google has finally addressed a major privacy flaw in its Chrome browser that allowed websites to track a user’s browsing
CVE-2025-3102: OttoKit WordPress Plugin Exploit Gives Hackers Full Site Control
A serious security vulnerability in the popular OttoKit WordPress plugin (formerly known as SureTriggers) is being actively exploited by hackers
CVE-2025-30406: CentreStack Vulnerability Lets Hackers Remotely Control Servers
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about a serious security vulnerability affecting Gladinet CentreStack,
Severe Apache Parquet Flaw (CVE-2025-30065) Exposes Big Data Systems
A maximum severity remote code execution (RCE) vulnerability has been identified in Apache Parquet, affecting all versions up to and
Malware in WordPress: Hackers Exploit mu-Plugins to Hijack Images and Links
Cybercriminals are exploiting a little-known feature in WordPress known as “mu-plugins” to inject malicious code, enabling persistent access to infected
Mozilla Fixes High-Risk Firefox Vulnerability Similar to Chrome’s Zero-Day
Mozilla has rolled out critical security updates for its Firefox browser on Windows, addressing a severe vulnerability that could allow
Google Patches High-Severity Chrome Vulnerability: CVE-2025-2783
Google has released an urgent security update to fix a high-severity zero-day vulnerability in its Chrome browser. The flaw, tracked
CVE-2025-29927: Next.js Vulnerability Exposes Websites to Authorization Bypass
A vulnerability in Next.js, an open-source React framework, could allow attackers to bypass authorization mechanisms, exposing web applications to security
Persistent Malware ‘DollyWay’ Infects 20,000 WordPress Sites Since 2016
A large-scale malware campaign known as ‘DollyWay’ has been silently compromising WordPress websites since 2016. Over the past eight years,
Critical Apache Tomcat RCE Flaw (CVE-2025-24813) Actively Exploited – Patch Now!
A remote code execution (RCE) vulnerability in Apache Tomcat, tracked as CVE-2025-24813, is currently being exploited in the wild. This