Forminator plugin flaw exposes WordPress sites to takeover attacks
The Forminator plugin for WordPress is vulnerable to an unauthenticated arbitrary file deletion flaw that could enable full site takeover attacks. The security issue is…
Category: Bleeping Computer
Dozens of fake wallet add-ons flood Firefox store to drain crypto
More than 40 fake extensions in Firefox’s official add-ons store are impersonating popular cryptocurrency wallets from trusted providers to steal wallet credentials and sensitive data. Some…
Microsoft fixes ‘Print to PDF’ feature broken by Windows update
Microsoft has fixed a known bug that breaks the ‘Print to PDF’ feature on Windows 11 24H2 systems after installing the April 2025 preview update.…
DNS issue blocks delivery of Exchange Online OTP codes
Microsoft is working to fix a DNS misconfiguration that is causing one-time passcode (OTP) message delivery failures in Exchange Online for some users. Recipients may…
Grok 4 spotted ahead of launch with special coding features
Elon Musk-funded xAI is skipping Grok 3.5 and releasing Grok 4 after Independence Day in the United States, and it could be the best model…
Qantas discloses cyberattack amid Scattered Spider aviation breaches
Australian airline Qantas disclosed that it detected a cyberattack on Monday after threat actors gained access to a third-party platform containing customer data. Qantas is…
AT&T rolls out “Wireless Lock” feature to block SIM swap attacks
AT&T has launched a new security feature called “Wireless Lock” that protects customers from SIM swapping attacks by preventing changes to their account information and…
New FileFix attack runs JScript while bypassing Windows MoTW alerts
A new FileFix attack allows executing malicious scripts while bypassing the Mark of the Web (MoTW) protection in Windows by exploiting how browsers handle saved…
Microsoft open-sources VS Code Copilot Chat extension on GitHub
Microsoft has released the source code for the GitHub Copilot Chat extension for VS Code under the MIT license. This provides the community access to…
Kelly Benefits says 2024 data breach impacts 550,000 customers
Kelly & Associates Insurance Group (dba Kelly Benefits) is informing more than half a million people of a data breach that compromised their personal information.…
Aeza Group sanctioned for hosting ransomware, infostealer servers
The U.S. Department of the Treasury has sanctioned Russian hosting company Aeza Group and four operators for allegedly acting as a bulletproof hosting company for…
US disrupts North Korean IT worker “laptop farm” scheme in 16 states
The U.S. Department of Justice (DoJ) announced coordinated law enforcement actions against North Korean government’s fund raising operations using remote IT workers. North Korean workers…