Threat actors are actively exploiting a critical unauthenticated arbitrary file upload vulnerability in the WordPress theme ...

In the npm ecosystem, postinstall scripts are often overlooked attack vectors—they run automatically after a package is ...

Security researcher Bobby Gould has published a blog post demonstrating a complete exploit chain for CVE-2025-20281, an ...

Cybersecurity researchers have disclosed now-patched critical security flaws in the firmware of Dahua smart cameras that, if ...

A vulnerability advisory was issued for the WooCommerce review plugin, citing a stored XSS vulnerability affecting up to ...

The Tea app has had a rough week. It’s not an unfamiliar story: Unsecured Firebase databases were left exposed to the ...

The Madras High Court cited previous Supreme Court, reminding that while publication of a sitting Chief Minister’s photograph may be allowed under certain exceptions, “the use of photographs of ...

One strain in circulation is said to be the “Warlock” ransomware, distributed freely within compromised environments. The pattern of chained exploits, combining the newer CVEs with older ones like CVE ...

Over the past three months, our threat analysts have noticed a significant spike in attackers abusing Microsoft 365’s Direct Send feature—a tool intended for devices like printers or scanners to send ...

The AI Engine WordPress plugin vulnerability, affecting up to 100,000 websites, is the fifth vulnerability discovered this ...

The campaign exploited long-patched VMware vulnerabilities to hijack ESXi hosts, bypass defenses, and persist inside targets.

AttackIQ has released a new emulation that compiles the Tactics, Techniques, and Procedures (TTPs) associated with the ...