A critical backdoor vulnerability discovered in the LA-Studio Element Kit for the Elementor plugin poses an immediate threat to more than 20,000 WordPress installations. The vulnerability, tracked as CVE-2026-0920 with a CVSS severity rating of 9.8 (Critical), enables unauthenticated attackers…
Category: EN
Fake Captcha Exploits Trusted Web Infrastructure to Distribute Malware
Fake Captcha and “ClickFix” lures have emerged as among the most persistent and deceptive malware-delivery mechanisms on the modern web. These pages mimic legitimate verification challenges from trusted services like Cloudflare, tricking users into executing malicious commands disguised as security…
TrustAsia Pulls 143 Certificates Following Critical LiteSSL ACME Vulnerability
TrustAsia has revoked 143 SSL/TLS certificates following the discovery of a critical vulnerability in its LiteSSL ACME service. The flaw, disclosed on January 21, 2026, permitted the reuse of domain validation data across different ACME accounts, allowing unauthorized certificate issuance…
Fortinet Confirms Active Exploitation of FortiCloud SSO Bypass Vulnerability
Fortinet has officially confirmed active exploitation of critical FortiCloud single sign-on (SSO) authentication bypass vulnerabilities affecting multiple enterprise security appliances. The company disclosed two vulnerabilities CVE-2025-59718 and CVE-2025-59719 discovered during internal code audits in December 2025, with exploitation attempts now…
Okta Uncovers Custom Phishing Kits Built for Vishing Callers
They can intercept user credentials while providing real-time context that helps attackers convince victims to approve MFA challenges during phone calls.. The post Okta Uncovers Custom Phishing Kits Built for Vishing Callers appeared first on TechRepublic. This article has been…
Fortinet Firewalls Targeted as Attackers Bypass Patch for Critical FortiGate Flaw
Critical vulnerabilities in FortiGate systems continue to be exploited, even after fixes were deployed, users now confirm. Though updates arrived aiming to correct the problem labeled CVE-2025-59718, they appear incomplete. Authentication safeguards can still be sidestepped by threat actors…
NHS Issues Open Letter Demanding Improved Cybersecurity Standards from Suppliers
Open letter by NHS technology leaders outlines plans to identify risks to software supply chain security across health and social care system This article has been indexed from www.infosecurity-magazine.com Read the original article: NHS Issues Open Letter Demanding Improved Cybersecurity…
Everest Ransomware Hits Under Armour
Approximately 72.7 million Under Armour accounts have been added to the Have I Been Pwned database following an alleged ransomware attack. This article has been indexed from CyberMaterial Read the original article: Everest Ransomware Hits Under Armour
Europe GDPR Fines Hit 1.2B Euros
Europe’s data protection landscape shifted significantly in 2025 as total annual fines exceeded 1.2 billion euros amid a surge in reported security incidents. This article has been indexed from CyberMaterial Read the original article: Europe GDPR Fines Hit 1.2B Euros
Saga Falls Victim To DeFi Hack
Saga has halted its EVM blockchain following an exploit that resulted in the theft of approximately $7 million. This article has been indexed from CyberMaterial Read the original article: Saga Falls Victim To DeFi Hack
UK Launches New Report Fraud Service
British authorities have officially introduced Report Fraud, a central national service designed to modernize how the public reports cybercrime and improve subsequent police investigations. This article has been indexed from CyberMaterial Read the original article: UK Launches New Report Fraud…
eBay Bans Illicit Automated Shopping
eBay recently updated its User Agreement to explicitly forbid unauthorized third-party buy-for-me agents and AI chatbots from placing orders on its platform. This article has been indexed from CyberMaterial Read the original article: eBay Bans Illicit Automated Shopping
Building Cyber Readiness Early: Why Youth Education Is a Security Imperative
Cyber security is often framed as a problem for enterprises, governments, and seasoned professionals. But by the time organizations begin searching for talent, the damage has often already been done. Threat actors don’t wait for workforce pipelines to catch up…
Hackers Can Use GenAI to Change Loaded Clean Page Into Malicious within Seconds
A new and alarming threat has emerged in the cybersecurity landscape where attackers combine artificial intelligence with web-based attacks to transform innocent-looking webpages into dangerous phishing tools in real time. Security researchers discovered that cybercriminals are now leveraging generative AI…
Top 10 Best Data Security Companies in 2026
Data security companies are essential in 2026 for protecting sensitive information amid rising cyber threats and complex cloud environments. In 2026, data security has become a top priority for organizations of all sizes as cyber threats, regulatory pressure, and cloud…
In Other News: €1.2B GDPR Fines, Net-NTLMv1 Rainbow Tables, Rockwell Security Notice
Other noteworthy stories that might have slipped under the radar: Cloudflare WAF bypass, Canonical Snap Store abused for malware delivery, Curl terminating bug bounty program The post In Other News: €1.2B GDPR Fines, Net-NTLMv1 Rainbow Tables, Rockwell Security Notice appeared…
Fortinet Confirms FortiCloud SSO Exploitation Against Patched Devices
Similar to recent FortiCloud single sign-on (SSO) login vulnerabilities, the attacks bypass authentication. The post Fortinet Confirms FortiCloud SSO Exploitation Against Patched Devices appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: Fortinet Confirms…
Teaching Cyber: Building the Bridge Between Education and Industry
A practical roadmap for preparing the next generation of cybersecurity professionals through education–industry collaboration. This article has been indexed from CyberMaterial Read the original article: Teaching Cyber: Building the Bridge Between Education and Industry
Phishers Abuse SharePoint in New Campaign Targeting Energy Sector
Threat actors are leveraging the file-sharing service for payload delivery in AitM phishing and BEC attacks. The post Phishers Abuse SharePoint in New Campaign Targeting Energy Sector appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
Kimwolf Botnet Hijacks 1.8M Android Devices for DDoS Chaos
The Kimwolf botnet is one of the largest recently found Android-based threats, contaminating over 1.8 million devices mostly Android TV boxes and IoT devices globally. Named after its reliance on the wolfSSL library, this malware appeared in late October 2025 when…