Hackers exploit file upload bug in Breeze Cache WordPress plugin

Hackers are actively exploiting a critical vulnerability in the Breeze Cache plugin for WordPress that allows uploading ...

Bitwarden CLI npm package compromised to steal developer credentials

The Bitwarden CLI was briefly compromised after attackers uploaded a malicious @bitwarden/cli package to npm containing a credential-stealing payload capable of spreading to other projects.

Trigona ransomware attacks use custom exfiltration tool to steal data

Recently observed Trigona ransomware attacks are using a custom, command-line tool to steal data from compromised ...

New Checkmarx supply-chain breach affects KICS analysis tool

Hackers have compromised Docker images, VSCode and Open VSX extensions for the Checkmarx KICS analysis tool to harvest ...

Cosmetics giant Rituals discloses data breach affecting customers

Dutch cosmetics giant Rituals disclosed a data breach after attackers stole the personal information of an undisclosed number ...

Regular Password Resets Aren’t as Safe as You Think

Password resets are one of the easiest ways for attackers to bypass security controls. Specops Software shows how helpdesk ...

Microsoft: Some Teams users can’t join meetings after Edge update

Microsoft confirmed that a recent Microsoft Edge browser update introduced a bug that prevents Windows users from joining ...

UK warns of Chinese hackers using proxy networks to evade detection

The United Kingdom's National Cyber Security Centre (NCSC-UK) and international partners warned that China-nexus hackers are ...

New GopherWhisper APT group abuses Outlook, Slack, Discord for comms

A previously undocumented state-backed threat actor named GopherWhisper is using a Go-based custom toolkit and legitimate ...

CISA orders feds to patch BlueHammer flaw exploited as zero-day

CISA has ordered U.S. federal agencies to patch a Microsoft Defender privilege escalation flaw (dubbed BlueHammer) that has ...

Apple fixes bug that let the FBI recover deleted Signal messages

Apple has released out-of-band security updates for iPhone and iPad devices to fix a Notification Services flaw that could allow notifications marked for deletion to remain stored on the device.

New Mirai campaign exploits RCE flaw in EoL D-Link routers

A new Mirai-based malware campaign is actively exploiting CVE-2025-29635, a high-severity command-injection vulnerability ...