LATEST POST
Hackers took over 8.7 million WordPress sites in two days, targeting critical vulnerabilities in popular plugins.
As seen on a Russian-language hacking forum, this news report: A major vulnerability exploitation campaign has hit WordPress sites: attackers are targeting resources running the GutenKit and Hunk Companion plugins, which are vulnerable to critical vulnerabilities that allow arbitrary code execution on the server. Wordfence , a WordPress security company, recorded 8.7 million attack attempts in just two days—October […]
Hackers Target Swedish Power Grid Operator
Security Week reports: Swedish state-owned power grid operator Svenska kraftnät on Monday confirmed that it fell victim to a cyberattack that resulted in a data breach. The incident, the company said, was discovered on Saturday and affected an isolated, external file transfer solution, but not the power grid. The country’s electricity supply has not been affected […]
Marks & Spencer Cuts Ties With Tata Consultancy Services, But It Wasn’t Because of the Data Breach
The Cyber Security Hub Newsletter reports: British retail giant Marks & Spencer (M&S) has officially ended its long-standing partnership with Indian IT services leader Tata Consultancy Services (TCS) after suffering one of the most damaging cyberattacks in its history. The high-profile breach, which occurred earlier this year, is estimated to have cost the company around […]
Qilin Ransomware Exploits MSPaint and Notepad to Find Sensitive Information
Cyber Press reports: Cisco Talos has identified a sophisticated technique employed by the Qilin ransomware group, in which threat actors leverage legitimate Windows utilities, specifically MSPaint and Notepad, to inspect and locate high-sensitivity information across compromised networks manually. […] During the credential access and exfiltration phase, attackers execute a comprehensive credential-harvesting workflow using tools such […]
Newly Patched Critical Microsoft WSUS Flaw Comes Under Active Exploitation
The Hacker News reports: Microsoft on Thursday released out-of-band security updates to patch a critical-severity Windows Server Update Service (WSUS) vulnerability with a proof-of-concept (Poc) exploit publicly available and has come under active exploitation in the wild. The vulnerability in question is CVE-2025-59287 (CVSS score: 9.8), a remote code execution flaw in WSUS that was originally fixed by the […]
Everest Ransomware Says It Stole 1.5M Dublin Airport Passenger Records
HackRead reports: Today, the Everest ransomware group published listings for two new victims, Dublin Airport and Air Arabia, on its dark web leak site. This announcement comes just days after the group claimed responsibility for breaching AT&T Careers, alleging the theft of 576,000 records containing personal details of applicants and employees. Like the AT&T listing, both […]
Integris Health reaches $30M class action data breach settlement
TechTarget reports: Integris Health settled a class action data breach lawsuit to resolve claims alleging that it failed to protect the sensitive data of its patients. The data breach in question occurred in November 2023, impacting nearly 2.4 million individuals, including 224,000 minors. The Oklahoma-based health system, which operates 16 hospitals and other healthcare facilities throughout the […]
OpenText Cybersecurity 2025 Global Ransomware Survey: Rising Confidence Meets a Growing AI Threat
OpenText released the findings of its fourth annual Global Ransomware Survey. Read the full press release or download the full report.