-
A critical command injection vulnerability has been discovered in the W3 Total Cache plugin, one of WordPress’s most popular caching solutions used by approximately 1 million websites. The vulnerability, tracked as CVE-2025-9501 with a CVSS severity score of 9.0 (Critical), allows unauthenticated attackers to execute arbitrary PHP commands directly on vulnerable servers. W3 Total Cache Vulnerability The flaw exists in […] The post W3 Total Cache Command Injection Vulnerability Exposes 1 Million WordPress Sites to RCE Attacks appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A serious security flaw was discovered in the AI-Bolit component of Imunify products. This vulnerability allows attackers to run arbitrary code and even become root on a server. Imunify released a fix on October 23, 2025, and most servers have already received the automatic update. Currently, there are no reports of hackers exploiting this security […] The post Imunify AI-Bolit Vulnerability Let Execute Arbitrary Code and Escalate Privileges to Root appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Google is taking decisive action against apps that drain excessive battery power, introducing a new warning system that will alert users before they download power-hungry applications. Starting March 1, 2026, apps that fail to meet Google’s batte…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The notorious Everest ransomware group has claimed responsibility for a major cyber breach against Under Armour, the global sportswear giant, alleging the theft of 343 GB of internal data that could impact millions of customers and employees worldwide. The announcement, posted on the group’s dark web leak site on November 16, 2025, includes a sample […] The post Everest Ransomware Group Allegedly Exposes 343 GB of Sensitive Data in Major Under Armour Breach appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
In a landmark operation targeting cybercriminal infrastructure, the East Netherlands cybercrime team conducted a major takedown of a rogue hosting company suspected of facilitating a broad spectrum of malicious activities. During the coordinated enforc…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Since mid-2024, a sophisticated Iranian-backed threat group known as UNC1549 has been conducting targeted campaigns against aerospace, aviation, and defense organizations across the globe. The hackers employ an advanced dual approach, combining carefully crafted phishing campaigns with the exploitation of trusted connections between primary targets and their third-party suppliers. This strategy proves particularly effective against […] The post UNC1549 Hackers with Custom Tools Attacking Aerospace and Defense Systems to Steal Logins appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical security flaw has been discovered in the widely used W3 Total Cache WordPress plugin, putting over 1 million websites at serious risk. The vulnerability allows attackers to take complete control of affected websites without needing any login…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Google has announced the public preview of its Alert Triage and Investigation agent, a significant advancement in artificial intelligence-driven security operations. The intelligent agent is now embedded directly within Google Security Operations, helping security teams process alerts faster and more effectively. The new agent represents a significant step toward Google’s vision of an “Agentic SOC,” a […] The post Google Reveals Public Preview of Alert Triage and Investigation Agent for Security Operations appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical warning about a severe vulnerability in Lynx+ Gateway devices that could expose sensitive information in clear text during transmission. The flaw allows attackers to catch network traffic and obtain plaintext credentials and other confidential data. The vulnerability, tracked as CVE-2025-62765, stems from the product’s […] The post CISA Warns of Critical Lynx+ Gateway Vulnerability Exposes Data in Cleartext appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated threat actor has orchestrated a multi-stage ransomware attack spanning nine days, leveraging compromised Remote Desktop Protocol (RDP) credentials to infiltrate a corporate network, exfiltrate sensitive data, and deploy Lynx ransomware …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
