Collaborate Disseminate
A critical vulnerability (CVE-2025-4322) in Motors, a WordPress theme popular with car/motor dealerships and rental services, can be easily exploited by unauthenticated attackers to take over admin accounts and gain full control over target WP-based si… Continue reading Flawed WordPress theme may allow admin account takeover on 22,000+ sites (CVE-2025-4322)
A suspected initial access broker has been leveraging trojanized versions of the open-source KeePass password manager to set the stage for ransomware attacks, WithSecure researchers have discovered. KeeLoader: Passoword manager that acts as data steale… Continue reading Trojanized KeePass opens doors for ransomware attackers
The official site for RVTools has apparently been hacked to serve a compromised installer for the popular utility, a security researcher has warned. It’s difficult to say how long the malicious version has been available for download, but the web… Continue reading Malicious RVTools installer found on official site, researcher warns
A high-severity Chrome vulnerability (CVE-2025-4664) that Google has fixed on Wednesday is being leveraged by attackers, CISA has confirmed by adding the flaw to its Known Exploited Vulnerabilities catalog. About CVE-2025-4664 CVE-2025-4664 stems from … Continue reading CISA: Recently fixed Chrome vulnerability exploited in the wild (CVE-2025-4664)
Cryptocurrency exchange platform Coinbase has suffered a breach, which resulted in attackers acquiring customers’ data that can help them mount social engineering attacks, the company confirmed today by filing a report with the US Securities and … Continue reading Coinbase suffers data breach, gets extorted (but won’t pay)
Companies running Samsung MagicINFO, a platform for managing content on Samsung commercial digital displays, should upgrade to the latest available version of its v9 branch to fix a vulnerability that’s reportedly being exploited by attackers. If… Continue reading Samsung patches MagicINFO 9 Server vulnerability exploited by attackers
Google has introduced Device Trust from Android Enterprise, a new solution for making sure that private Android devices used for work are secure enough to access corporate resources and data. Device Trust from Android Enterprise (Source: Google) What i… Continue reading Google strengthens secure enterprise access from BYOD Android devices
On May 2025 Patch Tuesday, Microsoft has released security fixes for 70+ vulnerabilities, among them five actively exploited zero-days and two publicly disclosed (but not exploited) vulnerabilities. The zero-days and the publicly disclosed flaws Among … Continue reading Patch Tuesday: Microsoft fixes 5 actively exploited zero-days
Fortinet has patched a critical vulnerability (CVE-2025-32756) that has been exploited in the wild to compromise FortiVoice phone / conferencing systems, the company’s product security incident response team has revealed on Tuesday. About CVE-202… Continue reading Zero-day exploited to compromise Fortinet FortiVoice systems (CVE-2025-32756)
Attackers have exploited vulnerabilities in open-source libraries to compromise on-prem Ivanti Endpoint Manager Mobile (EPMM) instances of a “very limited” number of customers, Ivanti has confirmed on Tuesday, and urged customers to install… Continue reading Ivanti EPMM vulnerabilities exploited in the wild (CVE-2025-4427, CVE-2025-4428)