CVE-2025-6463: Critical Forminator Plugin Flaw Puts 600,000 WordPress Sites at Risk
A serious vulnerability in the popular Forminator plugin for WordPress has exposed over 600,000 websites to the risk of complete […]
Web Security
CVE-2025-6554: Google Patches Actively Exploited Chrome Zero-Day
Google has released a critical security update to patch a zero-day vulnerability in its Chrome browser, tracked as CVE-2025-6554. This
Hackers Breach 70+ Microsoft Exchange Servers: Outlook Login Pages Infected
Hackers are exploiting vulnerable Microsoft Exchange servers with stealthy keyloggers to steal login credentials, compromising over 70 systems in at
DevOps Alert: Grafana Exploit Exposes Over 46,000 Servers to Account Takeover
A newly discovered vulnerability in Grafana, the popular open-source analytics and monitoring tool, is putting thousands of organizations at serious
CVE-2025-5419: Critical Zero-Day Chrome Flaw Under Active Attack
Google has released an emergency security update for its Chrome browser to fix a high-risk zero-day vulnerability that is already
CVE-2025-47577: Critical File Upload Vulnerability Found in Wishlist WordPress Plugin
A severe flaw has been discovered in the TI WooCommerce Wishlist plugin, which is used by more than 100,000 WordPress
Fake VPN and Browser Installers Drop Winos 4.0 Malware in Stealth Attacks
Researchers from Rapid7 have revealed an ongoing malware campaign that tricks users into installing Winos 4.0, a powerful and stealthy
Warning: Malicious WordPress Plugin Provides Remote Admin Access
WordPress website owners are being targeted by a new malware campaign that disguises itself as a legitimate security plugin. This
New WooCommerce Phishing Attack Installs Malware on WordPress Websites
A new phishing campaign is targeting WooCommerce admins by sending fake security alerts. The emails trick users into downloading a
Scallywag Scam: 1.4 Billion Daily Fake Ads Linked to WordPress Sites
A major online ad fraud operation known as Scallywag has been uncovered, showing how cybercriminals abused WordPress plugins to trick
Google Chrome 136 Update Stops Websites from Tracking Your Browsing History
Google has finally addressed a major privacy flaw in its Chrome browser that allowed websites to track a user’s browsing
CVE-2025-3102: OttoKit WordPress Plugin Exploit Gives Hackers Full Site Control
A serious security vulnerability in the popular OttoKit WordPress plugin (formerly known as SureTriggers) is being actively exploited by hackers
CVE-2025-30406: CentreStack Vulnerability Lets Hackers Remotely Control Servers
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about a serious security vulnerability affecting Gladinet CentreStack,
Severe Apache Parquet Flaw (CVE-2025-30065) Exposes Big Data Systems
A maximum severity remote code execution (RCE) vulnerability has been identified in Apache Parquet, affecting all versions up to and
Malware in WordPress: Hackers Exploit mu-Plugins to Hijack Images and Links
Cybercriminals are exploiting a little-known feature in WordPress known as “mu-plugins” to inject malicious code, enabling persistent access to infected