Cyber News & Updates
Breaking news, security alerts, and trending stories from across the cybersecurity landscape.
-
WordPress Sites Targeted by Critical Post SMTP Plugin Vulnerability
A critical vulnerability in the Post SMTP WordPress plugin (CVE-2025-11833) is actively being exploited, risking websites with over 400,000 active installations. Attackers can access email logs to intercept sensitive information, reset administrator passwords, and gain full control of websites. The vulnerability was discovered on October 11, 2025, and a patch (version 3.6.1) was released on…
-
Google’s AI “Big Sleep” Discovers Five Critical WebKit Vulnerabilities in Apple Software
Google’s AI cybersecurity agent “Big Sleep” has discovered five security flaws in Apple’s WebKit, leading to patches in the latest software updates. The vulnerabilities could cause browser crashes or memory corruption, but have not been exploited in the wild.
-
The Dawn of Quantum Computing: A New Era for Cybersecurity?
An exploration of the profound implications of quantum computing on cybersecurity and the development of quantum-resistant solutions.
-
Microsoft’s Urgent Patch Addresses Critical Windows RCE Vulnerability
Microsoft has released an emergency out-of-band patch to address a critical remote code execution (RCE) vulnerability in Windows (CVE-2023-38831). The issue, discovered by Google TAG and attributed to North Korea-linked “Royal Icing,” is actively exploited and allows attackers to execute arbitrary code. Users are urged to apply the patch immediately and exercise caution with suspicious…
-
Android Malware Landscape Evolves with BankBot-YNRK and DeliveryRAT Threats
Security researchers have uncovered two distinct Android malware strains, BankBot-YNRK and DeliveryRAT, both engineered to pilfer sensitive financial data from compromised devices. The discoveries highlight ongoing sophistication in mobile threat actor tactics, techniques, and procedures.
-
LinkedIn’s AI Data Training Sparks Privacy Concerns in Europe
LinkedIn’s use of European user data for AI training has triggered significant privacy concerns and regulatory scrutiny across the EU, highlighting the ongoing debate on data consent and control in the age of artificial intelligence.
-
User of Phishing Platform LabHost Sentenced to 300 Days in Prison
A Dutch court has sentenced a 37-year-old man to 300 days in prison, with 226 days suspended, for utilizing the sophisticated phishing-as-a-service platform, LabHost. The ruling underscores the serious legal ramifications for individuals who engage with criminal infrastructure designed to facilitate online fraud.
-
Cloudflare Data Shows Major Internet Shifts in Turkmenistan, Corroborating Reports of Unblocking and Firewall Testing
Cloudflare’s network data reveals a significant increase in HTTP requests from Turkmenistan starting mid-June 2024, aligning with reports of the nation unblocking billions of IP addresses. The analysis also uncovers major shifts in TCP connection patterns, suggesting the possible testing of a new national firewall system.
-
YouTube Ghost Network Leverages Deceptive Tactics for Widespread Malware Distribution
A sophisticated and coordinated malware distribution operation, dubbed the “YouTube Ghost Network” by Check Point Research, has been actively exploiting YouTube’s features to promote malicious content and distribute information-stealing malware.
-
Aisuru Botnet Shifts to Residential Proxies for AI Data Harvesting
The Aisuru botnet has shifted from DDoS attacks to operating as a residential proxy service, enabling cybercriminals to anonymize traffic for illicit activities, including extensive data harvesting for AI projects, impacting 700,000 compromised IoT devices.