WordPress Core Patched for Critical SQL Injection and RCE Vulnerability Chain
WordPress core has been updated to fix a critical SQL injection flaw and a chained vulnerability leading to unauthenticated remote code execution.
Stories cluster related articles into a single narrative, linked to the underlying CVEs and affected products. 3,611 stories synthesized.
WordPress core has been updated to fix a critical SQL injection flaw and a chained vulnerability leading to unauthenticated remote code execution.
Abbott Laboratories is probing two distinct cybersecurity incidents, one involving unauthorized access to legacy Exact Sciences systems and another concerning a breach of its LabCentral portal, with threat actors claiming data theft.
Sophisticated AI-powered phishing toolkits are becoming widely accessible, enabling attackers to craft more personalized and effective campaigns that can bypass multi-factor authentication.
Seven malicious npm packages targeting the Vite ecosystem have been discovered, employing a novel blockchain-based C2 infrastructure to deliver a remote access trojan (RAT) to unsuspecting developers.
WordPress 7.0.2, released July 17, 2026, patches a critical SQL injection flaw and a high-severity REST API confusion leading to RCE, with forced updates enabled.
A newly discovered OpenSSL vulnerability, dubbed 'HollowByte,' enables unauthenticated remote attackers to cause a denial-of-service by sending a minimal 11-byte payload, exploiting memory allocation flaws during TLS handshakes.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has detailed its response and recommendations following a data leak incident where sensitive information was exposed on a public GitHub repository.
A new Go-based botnet named NadMesh is actively scanning the internet for and exploiting publicly accessible AI services to steal cloud API keys and Kubernetes tokens.
PentestCode, an open-source AI agent, automates penetration testing by integrating 18 specialized tools to perform reconnaissance, exploitation, and post-exploitation tasks with minimal human intervention.
Authorities in the US, UK, and EU have intensified efforts against cybercriminals, sanctioning Russian GRU and FSB-linked entities, a VPN provider, and indicting operators of bulletproof hosting services.
A subgroup of the GoldenEyeDog Chinese cybercrime group, CylindricalCanine, is linked to the April 2026 DigiCert breach where code-signing certificates were stolen.
Microsoft Security will present insights on defending against AI-powered threats and ongoing supply chain attacks at Black Hat USA 2026, highlighting how threat actors exploit trust in digital ecosystems.
Global professional services firm Ernst & Young (EY) has revealed a data breach stemming from the compromise of a third-party support ticket system, potentially exposing client tax information.
Cybercriminals are increasingly scrutinizing residential proxies, prioritizing 'clean' IPs with no prior fraud history to bypass advanced fraud detection systems.
North Korean state-sponsored actors are employing steganography within SVG image files to hide malware, delivered through social engineering lures disguised as job offers and coding challenges.
A critical vulnerability in Shark's AWS IoT policy allows a compromised robot vacuum to access other devices, potentially exposing cameras, home maps, and Wi-Fi passwords.
Google Cloud is integrating Wiz capabilities into a new agentic defense platform, aiming to automate threat detection and remediation against increasingly sophisticated AI-powered cyber threats.
Armenia has detained a Russian tourist, Aleksandr Ermakov, based on a U.S. extradition request for a key figure in the REvil ransomware group, though the detained man's lawyers assert he is the wrong individual.
Cybercriminals are increasingly leveraging GitHub to distribute malware by creating convincing, impersonating repositories that mimic legitimate brands and offer Trojanized software.
A critical bug in AWS Cost Explorer erroneously displayed trillion-dollar billing estimates to customers, causing widespread alarm despite actual charges remaining unaffected.
Three chained zero-day vulnerabilities in Siemens ROX II OT switches allow attackers to gain persistent root access, posing a significant threat to industrial control systems.
1Password and Anthropic's Claude AI are teaming up to allow the AI assistant to log into websites without directly exposing user credentials, enhancing security for AI-driven tasks.
A critical vulnerability in Android 16 allows Gemini to bypass lock screen PINs and send SMS and WhatsApp messages, with a fix rolling out this week.
A new buyer's guide ranks the top 10 Identity Threat Detection and Response (ITDR) solutions for 2026, highlighting their critical role in combating credential theft and identity-based attacks.