Aggregator

A vulnerability was found in Player Leaderboard Plugin up to 1.0.0/1.0.2 on WordPress. It has been rated as critical. Affected is the function player_leaderboard of the component Shortcode Handler. Performing manipulation of the argument mode results in file inclusion. This vulnerability is known as CVE-2025-12824. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability was found in WPMasterToolKit Plugin up to 2.13.0 on WordPress. It has been declared as critical. This impacts an unknown function of the component Code Snippets Feature. Such manipulation leads to code injection. This vulnerability is traded as CVE-2025-14166. The attack may be launched remotely. There is no exploit available.

Joe Francescon, announced in August as the NSA's new deputy director, will not be filling the role, sources told Recorded Future News, and the Trump administration has another pick in mind.

A vulnerability was found in ConnectWise ScreenConnect up to 25.7. It has been classified as problematic. This affects an unknown function of the component Extension Subsystem. This manipulation causes download of code without integrity check. This vulnerability appears as CVE-2025-14265. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability was found in Netiket ApplyLogic up to 01.12.2025 and classified as critical. The impacted element is an unknown function. The manipulation results in authorization bypass. This vulnerability is reported as CVE-2025-13124. The attack can be launched remotely. No exploit exists.

A new variation of the ClickFix attack dubbed 'ConsentFix' abuses the Azure CLI OAuth app to hijack Microsoft accounts without the need for a password or to bypass multi-factor authentication (MFA) verifications. [...]

A critical zero-day vulnerability in Gogs, a widely used self-hosted Git service, is currently being exploited in the wild. Designated as CVE-2025-8110, this flaw allows authenticated users to execute a symlink bypass, leading to Remote Code Execution (RCE). As of this writing, no patch is available, and researchers estimate that over 50% of public-facing Gogs […]

The post Gogs 0-Day Vulnerability Exploited in the Wild to Hack 700+ Instances appeared first on Cyber Security News.

AI-driven attacks now automate reconnaissance, generate malware variants, and evade detection at a speed that overwhelms traditional defenses. Corelight explains how network detection and response (NDR) provides the visibility and behavioral insights SOC teams need to spot and stop these fast-moving threats. [...]

Пять событий за год — это успех. Как работает терпение (и детекторы) в современной науке.

The Information Commissioner’s Office said LastPass had “failed to implement sufficiently robust technical and security measures” to protect its data.

Nederland heeft vanaf nu de NAVO-luchtverdediging rond een logistiek knooppunt in Polen in handen. Gisteren is de taak tijdens een officiële overdracht van de Duitse naar de Nederlandse Air and Missile Defense Taskforce (AMDTF) gegaan.

Road Town, British Virgin Islands, December 11th, 2025, CyberNewsWire 1inch, the leading DeFi ecosystem, has been selected as the exclusive swap provider at launch for Ledger Multisig, deepening the collaboration between the two projects. By integrating the 1inch Swap API into its security-first multisig architecture, Ledger, the world leader in digital asset security for consumers […]

The post 1inch Named Exclusive Swap Provider at Launch for Ledger Multisig appeared first on Cyber Security News.

A dangerous new malware called DroidLock is targeting Android users, particularly in Spanish-speaking regions, through phishing websites. This threat combines ransomware tactics with remote-control capabilities, posing a severe risk to users of personal and corporate devices. Once installed, DroidLock transforms a smartphone into a hostile endpoint that attackers can manipulate at will, making it a […]

The post New DroidLock Malware Locks Android Devices and Demands a Ransom appeared first on Cyber Security News.

2024年9月，黎巴嫩发生了一起震惊世界的寻呼机爆炸事件。当时，真主党成员使用的数千台寻呼机几乎同时引爆。

Using artificial intelligence in operational technology environments could be a bumpy ride full of trust issues and security challenges.