Critical Exploit Lets Hackers Bypass Authentication in WordPress Service Finder Theme
î ‚Oct 09, 2025î „Ravie LakshmananVulnerability / Website Security Threat actors are actively exploiting a critical security flaw impacting the Service Finder…
Hackers Exploit WordPress Sites to Power Next-Gen ClickFix Phishing Attacks
Cybersecurity researchers are calling attention to a nefarious campaign targeting WordPress sites to make malicious JavaScript injections that are designed…
LockBit, Qilin, and DragonForce Join Forces to Dominate the Ransomware Ecosystem
Three prominent ransomware groups DragonForce, LockBit, and Qilin have announced a new strategic ransomware alliance, once underscoring continued shifts in…
Chinese Hackers Weaponize Open-Source Nezha Tool in New Attack Wave
î ‚Oct 08, 2025î „Ravie LakshmananMalware / Threat Intelligence Threat actors with suspected ties to China have turned a legitimate open-source monitoring…
Severe Figma MCP Vulnerability Lets Hackers Execute Code Remotely — Patch Now
î ‚Oct 08, 2025î „Ravie LakshmananVulnerability / Software Security Cybersecurity researchers have disclosed details of a now-patched vulnerability in the popular figma-developer-mcp…
Step Into the Password Graveyard… If You Dare (and Join the Live Session)
î ‚Oct 08, 2025î „The Hacker NewsPassword Security / Cyber Attacks Every year, weak passwords lead to millions in losses — and…
OpenAI Disrupts Russian, North Korean, and Chinese Hackers Misusing ChatGPT for Cyberattacks
OpenAI on Tuesday said it disrupted three activity clusters for misusing its ChatGPT artificial intelligence (AI) tool to facilitate malware…
BatShadow Group Uses New Go-Based ‘Vampire Bot’ Malware to Hunt Job Seekers
î ‚Oct 07, 2025î „Ravie LakshmananMalware / Threat Intelligence A Vietnamese threat actor named BatShadow has been attributed to a new campaign…
Google’s New AI Doesn’t Just Find Vulnerabilities — It Rewrites Code to Patch Them
î ‚Oct 07, 2025î „Ravie LakshmananArtificial Intelligence / Software Security Google’s DeepMind division on Monday announced an artificial intelligence (AI)-powered agent called…
Microsoft Links Storm-1175 to GoAnywhere Exploit Deploying Medusa Ransomware
î ‚Oct 07, 2025î „Ravie LakshmananVulnerability / Cloud Security Microsoft on Monday attributed a threat actor it tracks as Storm-1175 to the…