In March 2025, Kaspersky Lab recorded a surge of infections triggered when users followed personalized phishing links sent via email. No additional interaction was required to activate the attack—merely opening the malicious site in...
Government-backed hackers infiltrated a U.S. nuclear weapons component manufacturer by exploiting vulnerabilities in Microsoft SharePoint. The incident affected the Kansas City National Security Campus (KCNSC), part of the National Nuclear Security Administration (NNSA) under...
In mid-summer 2025, the ToolShell vulnerability (CVE-2025-53770) became the catalyst for a major wave of compromises. Attackers exploited the flaw on SharePoint servers shortly after Microsoft released its patch, gaining unauthenticated access to files...
A widespread exploitation campaign has descended upon WordPress sites: attackers are targeting installations that use the GutenKit and Hunk Companion plugins, which harbor critical flaws permitting arbitrary code execution on vulnerable servers. Wordfence, a...
Researchers at SquareX have published a comprehensive report on a newly discovered vulnerability known as AI Sidebar Spoofing—a novel class of attacks that leverages malicious browser extensions disguised as AI sidebar interfaces. This technique...
Hackers have begun actively exploiting a newly disclosed vulnerability in the Windows Server Update Services (WSUS) component. The flaw, tracked as CVE-2025-59287, already has a publicly available proof-of-concept (PoC) exploit, dramatically increasing the likelihood...
Researchers from Team Z3 have withdrawn their planned demonstration of a WhatsApp vulnerability at the Pwn2Own Ireland 2025 hacking competition — an exploit that could have earned them a record $1 million prize. According...
On the second day of Pwn2Own Ireland 2025, participants delivered an impressive display of skill, uncovering 56 new zero-day vulnerabilities and earning a combined total of $792,750 in rewards. This marks the second phase...
The developers of BIND, the world’s most widely used domain name resolution software, have issued a warning about two critical vulnerabilities that allow attackers to tamper with DNS query results and redirect users to...
Hackers have begun actively exploiting a critical vulnerability in Adobe Commerce and Magento Open Source platforms, despite the issue having been officially patched last month. Over the past 24 hours, more than 250 attack...
A novel vulnerability was discovered in Microsoft 365 Copilot that permitted covert exfiltration of user data via an innocuous-looking Mermaid flowchart. The flaw lay in Copilot’s handling of a specially crafted document: the assistant...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a newly discovered flaw in the Windows SMB component to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability, tracked as CVE-2025-33073, stems from an...
