On June 20th, 2025, we received a submission for an Arbitrary File Deletion vulnerability in Forminator, a WordPress plugin with more than 600,000 active installations. This vulnerability makes it possible for unauthenticated threat actors to specify arbitrary file paths in…
Category: EN
Hacktivist Group Launches Attacks on 20+ Critical Sectors Amid Iran–Israel Conflict
A series of sophisticated cyberattacks targeting over 20 vital sectors in Israel and its allies has been launched by more than 80 hacktivist groups in a major escalation of cyberwarfare that parallels the ongoing Iran-Israel confrontation. Following Israel’s recent airstrikes…
FBI Warns of Health Insurance Scam Stealing Personal and Medical Data
The Federal Bureau of Investigation (FBI) has issued a warning about a scam where criminals pretend to be… This article has been indexed from Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto Read the original article: FBI Warns…
Snake Keyloggers Exploit Java Utilities to Evade Detection by Security Tools
The S2 Group Intelligence team has uncovered a Russian-origin malware known as Snake Keylogger, a stealer coded in .NET, leveraging legitimate Java utilities to bypass security tools. This operation, distributed via a Malware as a Service (MaaS) model, targets diverse…
FESTO Automation Suite, FluidDraw, and Festo Didactic Products
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: FESTO, FESTO Didactic Equipment: CIROS Studio / Education, Automation Suite, FluidDraw, FluidSIM, MES-PC Vulnerability: Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow…
FESTO Didactic CP, MPS 200, and MPS 400 Firmware
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: FESTO Didactic Equipment: CP, MPS 200, MPS 400 Vulnerability: Improper Restriction of Operations within the Bounds of a Memory Buffer 2. RISK EVALUATION Successful exploitation of…
FESTO CODESYS
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: FESTO Equipment: CODESYS Vulnerabilities: Partial String Comparison, Uncontrolled Resource Consumption, Memory Allocation with Excessive Size Value 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow…
Stealthy WordPress Malware Deliver Windows Trojan via PHP Backdoor
A sophisticated multi-stage malware campaign has been discovered targeting WordPress websites, employing an intricate infection chain that delivers Windows trojans to unsuspecting visitors while maintaining complete invisibility to standard security checks. The malware represents a significant evolution in web-based attack…
Google Chrome May Soon Turn Webpages Into Podcasts With AI Audio Overviews
Google Chrome for Android is on the verge of a major upgrade that could reshape how users consume online content. The browser is testing a new feature called AI Audio Overviews, which transforms any webpage into a podcast-style audio summary,…
Update your Chrome to fix new actively exploited zero-day vulnerability
Google has released an urgent update for the Chrome browser to patch a vulnerability which has already been exploited. This article has been indexed from Malwarebytes Read the original article: Update your Chrome to fix new actively exploited zero-day vulnerability
How AI Impacts KYC and Financial Security
Finance has become a top target for deepfake-enabled fraud in the KYC process, undermining the integrity of identity-verification frameworks that help counter-terrorism financing (CTF) and anti-money laundering (AML) systems. Experts have found a rise in suspicious activity using AI-generated media,…
Microsoft introduces protection against email bombing
By the end of July 2025, all Microsoft Defender for Office 365 customers should be protected from email bombing attacks by default, Microsoft has announced on Monday. What is email bombing? Email bombing (aka spam bombing) is an attack technique…
Cloudflare Now Blocks AI Web Scraping by Default
Cloudflare now blocks AI web crawlers by default, requiring permission from site owners for access This article has been indexed from www.infosecurity-magazine.com Read the original article: Cloudflare Now Blocks AI Web Scraping by Default
Raising the Bar: Infinity Global Services’ Pen Testing Achieves CREST-Accreditation
In today’s evolving threat landscape, proactive security measures are more critical than ever. Penetration Testing (PT) – a core service within Infinity Global Services (IGS) – plays a vital role in uncovering vulnerabilities before they can be exploited. Delivered by…
DCRAT Impersonating the Colombian Government
Threat actor impersonates Colombian government to deliver DCRAT via phishing email, using obfuscation, steganography, and PowerShell payload chains. This article has been indexed from Fortinet Threat Research Blog Read the original article: DCRAT Impersonating the Colombian Government
Bluetooth vulnerability in audio devices can be exploited to spy on users
Researchers have found a set of vulnerabilities in Bluetooth connected devices that could allow an attacker to spy on users. This article has been indexed from Malwarebytes Read the original article: Bluetooth vulnerability in audio devices can be exploited to…
Iranian Hackers Threaten More Trump Email Leaks Amid Rising U.S. Cyber Tensions
Iran-linked hackers have renewed threats against the U.S., claiming they plan to release more emails allegedly stolen from former President Donald Trump’s associates. The announcement follows earlier leaks during the 2024 presidential race, when a batch of messages was…
Elastic WAF: Reshaping Application Security for DevOps and Hybrid Environments
We recently discussed Imperva’s vision for the future of application security, where we also covered the Imperva Security Engine. This innovative application security framework is powering up the next generation of Imperva solutions, the first of which is Imperva Elastic…
Ghost in the Machine: A Spy’s Digital Lifeline
We are pleased to feature a guest post from Jaime Halscott, Senior Technology Evangelist at IGEL. With a unique background that blends deep technical expertise, C-level experience, and a law degree, Jaime plays a key role in IGEL’s global alliances,…
New Flaw in IDEs Like Visual Studio Code Lets Malicious Extensions Bypass Verified Status
A new study of integrated development environments (IDEs) like Microsoft Visual Studio Code, Visual Studio, IntelliJ IDEA, and Cursor has revealed weaknesses in how they handle the extension verification process, ultimately enabling attackers to execute malicious code on developer machines.…