#wordpress

Scattered LAPSUS$ Hunters admin "Rey," allegedly a 15-year-old named Saif Khader from Jordan, has been named in a report linking him to the group. He denies the claim.

## Summary When using Astro's Cloudflare adapter (@astrojs/cloudflare) with `output: 'server'`, the image optimization endpoint (`/_image`) contains a critical vulnerability in the `isRemoteAllowed()` function that unconditionally allows `data:` protocol URLs. This enables Cross-Site Scripting (XSS) attacks through malicious SVG payloads, bypassing domain restrictions and Content Security Policy protections. ## Details On-demand rendered sites built with Astro include an `/_image` endpoint for image optimization. While this endpoint is designed to restrict processing to local images and authorized remote domains (configured via `image.domains` or `image.remotePatterns`), a critical vulnerability exists in the underlying validation logic. The `isRemoteAllowed()` function in [packages/internal-helpers/src/remote.ts](https://github.com/withastro/astro/blob/b8ca69b97149becefaf89bf21853de9c905cdbb7/packages/internal-helpers/src/remote.ts) (lines 128-131) unconditionally allows ALL `data...

The malware known as GootLoader has resurfaced yet again after a brief spike in activity earlier this March, according to new findings from Huntress. The cybersecurity company said it observed three GootLoader infections since October 27, 2025, out of which two resulted in hands-on keyboard intrusions with domain controller compromise taking place within 17 hours of initial infection. "

Attackers are already targeting a vulnerability in the Post SMTP plug-in that allows them to fully compromise an account and website for nefarious purposes.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added two security flaws impacting Gladinet and Control Web Panel (CWP) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerabilities in question are listed below - CVE-2025-11371 (CVSS score: 7.5) - A vulnerability in files or directories accessible to

Cybersecurity researchers are calling attention to a spike in automated attacks targeting PHP servers, IoT devices, and cloud gateways by various botnets such as Mirai, Gafgyt, and Mozi. "These automated campaigns exploit known CVE vulnerabilities and cloud misconfigurations to gain control over exposed systems and expand botnet networks," the Qualys Threat Research Unit (TRU) said in a report

This blog offers practical strategies, creative defenses, and talent management advice to help your business stay secure when every dollar counts.

Mass exploitation attacks are once again targeting WordPress websites, this time through serious vulnerabilities in two popular plugins,…

Security, trust, and stability — once the pillars of our digital world — are now the tools attackers turn against us. From stolen accounts to fake job offers, cybercriminals keep finding new ways to exploit both system flaws and human behavior. Each new breach proves a harsh truth: in cybersecurity, feeling safe can be far more dangerous than being alert. Here’s how that false sense of security

New research on SocGholish (FakeUpdates) reveals how this MaaS platform is used by threat actors like Evil Corp and RansomHub to compromise websites, steal data, and launch high-impact attacks on healthcare and businesses worldwide.