WordPress Plugin flaw lets hackers access Admin accounts
CVE-2025-5947: WordPress Plugin flaw lets hackers access Admin accounts Pierluigi Paganini October 09, 2025 Threat actors are exploiting a critical flaw, tracked as CVE-2025-5947, in…
Category: Securityaffairs
Threat actors steal firewall configs, impacting all SonicWall Cloud Backup users
Threat actors steal firewall configs, impacting all SonicWall Cloud Backup users Pierluigi Paganini October 09, 2025 All SonicWall Cloud Backup users were impacted after hackers…
Discord denies massive breach, confirms limited exposure of 70K ID photos
Discord denies massive breach, confirms limited exposure of 70K ID photos Pierluigi Paganini October 09, 2025 Discord won’t pay threat actors claiming 5.5M user breach,…
Qilin ransomware claimed responsibility for the Asahi attack
Qilin ransomware claimed responsibility for the attack on the beer giant Asahi Pierluigi Paganini October 08, 2025 Qilin ransomware claimed responsibility for the recent attack…
DragonForce, LockBit, and Qilin, a new triad aims to dominate the ransomware landscape
DragonForce, LockBit, and Qilin, a new triad aims to dominate the ransomware landscape Pierluigi Paganini October 08, 2025 DragonForce, LockBit, and Qilin formed a ransomware…
DraftKings thwarts credential stuffing attack, but urges password reset and MFA
DraftKings thwarts credential stuffing attack, but urges password reset and MFA Pierluigi Paganini October 08, 2025 DraftKings warns of credential stuffing using stolen logins; No…
Redis patches 13-Year-Old Lua flaw enabling Remote Code Execution
Redis patches 13-Year-Old Lua flaw enabling Remote Code Execution Pierluigi Paganini October 08, 2025 Redis warns of CVE-2025-49844, a Lua script flaw enabling RCE via…
U.S. CISA adds Synacor Zimbra Collaboration Suite (ZCS) flaw to its Known Exploited Vulnerabilities catalog
U.S. CISA adds Synacor Zimbra Collaboration Suite (ZCS) flaw to its Known Exploited Vulnerabilities catalog Pierluigi Paganini October 07, 2025 U.S. Cybersecurity and Infrastructure Security…
GoAnywhere MFT zero-day used by Storm-1175 in Medusa ransomware campaigns
GoAnywhere MFT zero-day used by Storm-1175 in Medusa ransomware campaigns Pierluigi Paganini October 07, 2025 Storm-1175 exploits GoAnywhere MFT flaw CVE-2025-10035 in Medusa attacks, allowing…
U.S. CISA adds Oracle, Mozilla, Microsoft Windows, Linux Kernel, and Microsoft IE flaws to its Known Exploited Vulnerabilities catalog
U.S. CISA adds Oracle, Mozilla, Microsoft Windows, Linux Kernel, and Microsoft IE flaws to its Known Exploited Vulnerabilities catalog Pierluigi Paganini October 07, 2025 U.S. Cybersecurity…
Discord discloses third-party breach affecting customer support data
Discord discloses third-party breach affecting customer support data Pierluigi Paganini October 06, 2025 Discord reported a data breach at a third-party customer service provider that…
LinkedIn sues ProAPIs for $15K/Month LinkedIn data scraping scheme
LinkedIn sues ProAPIs for $15K/Month LinkedIn data scraping scheme Pierluigi Paganini October 06, 2025 LinkedIn sued ProAPIs and its CEO Rahmat Alam for running millions…