Zeljka Zorz
Flawed WordPress theme may allow admin account takeover on 22,000+ sites (CVE-2025-4322)
A critical vulnerability (CVE-2025-4322) in Motors, a WordPress theme popular with car/motor dealerships and rental services, can be easily exploited by unauthenticated …
Trojanized KeePass opens doors for ransomware attackers
A suspected initial access broker has been leveraging trojanized versions of the open-source KeePass password manager to set the stage for ransomware attacks, WithSecure …
Malicious RVTools installer found on official site, researcher warns
The official site for RVTools has apparently been hacked to serve a compromised installer for the popular utility, a security researcher has warned. It’s difficult to …
CISA: Recently fixed Chrome vulnerability exploited in the wild (CVE-2025-4664)
A high-severity Chrome vulnerability (CVE-2025-4664) that Google has fixed on Wednesday is being leveraged by attackers, CISA has confirmed by adding the flaw to its Known …
Coinbase suffers data breach, gets extorted (but won’t pay)
Cryptocurrency exchange platform Coinbase has suffered a breach, which resulted in attackers acquiring customers’ data that can help them mount social engineering …
Samsung patches MagicINFO 9 Server vulnerability exploited by attackers
Companies running Samsung MagicINFO, a platform for managing content on Samsung commercial digital displays, should upgrade to the latest available version of its v9 branch to …
Google strengthens secure enterprise access from BYOD Android devices
Google has introduced Device Trust from Android Enterprise, a new solution for making sure that private Android devices used for work are secure enough to access corporate …
Patch Tuesday: Microsoft fixes 5 actively exploited zero-days
On May 2025 Patch Tuesday, Microsoft has released security fixes for 70+ vulnerabilities, among them five actively exploited zero-days and two publicly disclosed (but not …
Zero-day exploited to compromise Fortinet FortiVoice systems (CVE-2025-32756)
Fortinet has patched a critical vulnerability (CVE-2025-32756) that has been exploited in the wild to compromise FortiVoice phone / conferencing systems, the company’s …
Ivanti EPMM vulnerabilities exploited in the wild (CVE-2025-4427, CVE-2025-4428)
Attackers have exploited vulnerabilities in open-source libraries to compromise on-prem Ivanti Endpoint Manager Mobile (EPMM) instances of a “very limited” number …
Law enforcement takes down proxy botnets used by criminals
US and Dutch law enforcement, with the help of Lumen Technologies researchers, have disrupted 5socks and Anyproxy, two proxy-for-rent services that were used by criminals for …
Compromised SAP NetWeaver instances are ushering in opportunistic threat actors
A second wave of attacks against the hundreds of SAP NetWeaver platforms compromised via CVE-2025-31324 is underway. “[The] attacks [are] staged by follow-on, …
Featured news
Resources
Don't miss
- Kali Linux 2025.2 delivers Bloodhound CE, CARsenal, 13 new tools
- iOS zero-click attacks used to deliver Graphite spyware (CVE-2025-43200)
- Unpacking the security complexity of no-code development platforms
- Researchers warn of ongoing Entra ID account takeover campaign
- LockBit panel data leak shows Chinese orgs among the most targeted