-
A critical security vulnerability in the AI Engine WordPress plugin has put more than 100,000 active installations at risk of privilege escalation attacks. The flaw, tracked as CVE-2025-11749 with a CVSS score of 9.8, allows unauthenticated attackers to extract bearer tokens and gain complete administrative control over vulnerable WordPress sites. Security researcher Emiliano Versini discovered […] The post AI Engine WordPress Plugin Exposes 100,000 WordPress Sites to Privilege Escalation Attacks appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Curly COMrades Hacker Group Using New Tools to Create Hidden Remote Access on Compromised Windows 10
A sophisticated threat actor known as Curly COMrades has deployed an innovative attack methodology that leverages legitimate Windows virtualization features to establish covert, long-term access to victim networks. The campaign, which began in early July 2025, represents a significant evolution in adversary tactics as threat actors increasingly seek methods to bypass endpoint detection and response […] The post Curly COMrades Hacker Group Using New Tools to Create Hidden Remote Access on Compromised Windows 10 appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Clop ransomware group continues to pose a significant threat to enterprise organizations worldwide, with recent analysis revealing their exploitation of a critical zero-day vulnerability in Oracle E-Business Suite. Operating since early 2019, Clop …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The notorious FIN7 threat group, also known by the nickname Savage Ladybug, continues to pose a significant risk to enterprise environments through an increasingly refined Windows SSH backdoor campaign. The group has been actively deploying this sophisticated backdoor mechanism to establish persistent remote access and facilitate data exfiltration operations. First documented in 2022, the malware […] The post FIN7 Hackers Using Windows SSH Backdoor to Establish Stealthy Remote Access and Persistence appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft has issued an urgent advisory for Windows users, confirming that a recent set of security updates released after October 14, 2025 may cause certain systems to boot into the BitLocker recovery screen upon restart. The issue, currently under ac…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybersecurity threats targeting mobile devices and critical infrastructure have reached alarming new heights, according to Zscaler’s latest research. The latest findings from Zscaler, Inc. (NASDAQ: ZS) expose a sophisticated campaign by threat ac…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The cybercriminal underground has witnessed a significant consolidation as three of the most notorious threat actors Scattered Spider, ShinyHunters, and LAPSUS$ have formally aligned to create the Scattered LAPSUS$ Hunters (SLH), a federated collective…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting Gladinet CentreStack and Triofox to its Known Exploited Vulnerabilities catalog, signaling active exploitation in the wild. The flaw, tracked as CV…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Google has released its Cybersecurity Forecast 2026 report, providing a comprehensive analysis of emerging threats and security trends anticipated throughout the coming year. Rather than relying on speculation, the report is grounded in real-world data…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
NGate represents a sophisticated Android-based threat that exploits NFC technology to enable unauthorized ATM cash withdrawals without physically stealing payment cards. Rather than stealing cards outright, threat actors use an ingenious relay attack t…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶