Security
Headlines
HeadlinesLatestCVEs

Tag

#wordpress

Critical Site Takeover Flaw Affects 400K WordPress Sites

Attackers are already targeting a vulnerability in the Post SMTP plug-in that allows them to fully compromise an account and website for nefarious purposes.

DARKReading
Open in Source
#vulnerability#web#wordpress
CISA Adds Gladinet and CWP Flaws to KEV Catalog Amid Active Exploitation Evidence

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added two security flaws impacting Gladinet and Control Web Panel (CWP) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerabilities in question are listed below - CVE-2025-11371 (CVSS score: 7.5) - A vulnerability in files or directories accessible to

Experts Reports Sharp Increase in Automated Botnet Attacks Targeting PHP Servers and IoT Devices

Cybersecurity researchers are calling attention to a spike in automated attacks targeting PHP servers, IoT devices, and cloud gateways by various botnets such as Mirai, Gafgyt, and Mozi. "These automated campaigns exploit known CVE vulnerabilities and cloud misconfigurations to gain control over exposed systems and expand botnet networks," the Qualys Threat Research Unit (TRU) said in a report

Cybersecurity on a budget: Strategies for an economic downturn

This blog offers practical strategies, creative defenses, and talent management advice to help your business stay secure when every dollar counts.

Mass Attack Targets WordPress via GutenKit and Hunk Companion Plugins

Mass exploitation attacks are once again targeting WordPress websites, this time through serious vulnerabilities in two popular plugins,…

⚡ Weekly Recap: WSUS Exploited, LockBit 5.0 Returns, Telegram Backdoor, F5 Breach Widens

Security, trust, and stability — once the pillars of our digital world — are now the tools attackers turn against us. From stolen accounts to fake job offers, cybercriminals keep finding new ways to exploit both system flaws and human behavior. Each new breach proves a harsh truth: in cybersecurity, feeling safe can be far more dangerous than being alert. Here’s how that false sense of security

SocGholish Malware Using Compromised Sites to Deliver Ransomware

New research on SocGholish (FakeUpdates) reveals how this MaaS platform is used by threat actors like Evil Corp and RansomHub to compromise websites, steal data, and launch high-impact attacks on healthcare and businesses worldwide.

Home Depot Halloween phish gives users a fright, not a freebie

Boo! A Home Depot Halloween “giveaway” isn’t a treat—it’s a phishing trick. Fake links, tracking pixels, and compromised sites are the real prizes here.

A week in security (October 13 – October 19)

A list of topics we covered in the week of October 13 to October 19 of 2025

Under the engineering hood: Why Malwarebytes chose WordPress as its CMS

It might surprise some that a security company would choose WordPress as the backbone of its digital content operations. Here's what we considered when choosing it.