A critical security flaw impacting a WordPress plugin known as King Addons for Elementor has come under active exploitation in the wild. The vulnerability, CVE-2025-8489 (CVSS score: 9.8), is a… Read More »WordPress King Addons Flaw Under Active Attack Lets Hackers Make Admin Accounts
Microsoft has silently plugged a security flaw that has been exploited by several threat actors since 2017 as part of the company’s November 2025 Patch Tuesday updates, according to ACROS… Read More »Microsoft Silently Patches Windows LNK Flaw After Years of Active Exploitation
The threat actor known as Water Saci is actively evolving its tactics, switching to a sophisticated, highly layered infection chain that uses HTML Application (HTA) files and PDFs to propagate… Read More »Brazil Hit by Banking Trojan Spread via WhatsApp Worm and RelayNFC NFC Relay Fraud
Remember when phishing emails were easy to spot? Bad grammar, weird formatting, and requests from a “Prince” in a distant country? Those days are over. Today, a 16-year-old with zero… Read More »Discover the AI Tools Fueling the Next Cybercrime Wave — Watch the Webinar
Most people know the story of Paul Bunyan. A giant lumberjack, a trusted axe, and a challenge from a machine that promised to outpace him. Paul doubled down on his… Read More »Chopping AI Down to Size: Turning Disruptive Technology into a Strategic Advantage
Cybersecurity researchers have discovered a malicious Rust package that’s capable of targeting Windows, macOS, and Linux systems, and features malicious functionality to stealthily execute on developer machines by masquerading as… Read More »Malicious Rust Crate Delivers OS-Specific Malware to Web3 Developer Systems
Three critical security flaws have been disclosed in an open-source utility called Picklescan that could allow malicious actors to execute arbitrary code by loading untrusted PyTorch models, effectively bypassing the… Read More »Picklescan Bugs Allow Malicious PyTorch Models to Evade Scans and Execute Code
India’s Department of Telecommunications (DoT) has issued directions to app-based communication service providers to ensure that the platforms cannot be used without an active SIM card linked to the user’s… Read More »India Orders Messaging Apps to Work Only With Active SIM Cards to Prevent Fraud and Misuse
Cybersecurity researchers have disclosed details of an npm package that attempts to influence artificial intelligence (AI)-driven security scanners. The package in question is eslint-plugin-unicorn-ts-2, which masquerades as a TypeScript extension… Read More »Malicious npm Package Uses Hidden Prompt and Script to Evade AI Security Tools
The supply chain campaign known as GlassWorm has once again reared its head, infiltrating both Microsoft Visual Studio Marketplace and Open VSX with 24 extensions impersonating popular developer tools and… Read More »GlassWorm Returns with 24 Malicious Extensions Impersonating Popular Developer Tools