A critical security vulnerability impacting the Funnel Builder plugin for WordPress has come under active exploitation in the wild to inject malicious JavaScript code into WooCommerce checkout pages with the goal of stealing payment data. Details of the activity were published by Sansec this week. T
The company may also need to demonstrate robust security certifications and compliance with India's data protection framework to win customer trust.
A newly revealed Exim BDAT vulnerability is affecting some email server setups that use Exim as their Mail Transfer Agent (MTA), prompting security attention due to its severity. Tracked as CVE-2026-45185 with a CVSS score of 9.8 and internally referred to as “Dead.Letter,” the issue is classified a
The growing use of AI vulnerability management tools is changing how organisations identify security flaws, but the UK’s National Cyber Security Centre (NCSC) has warned that companies must not rush into adopting artificial intelligence without understanding the risks and operational challenges invo
Foxconn, one of the world’s largest electronics manufacturers and a major supplier to Apple, has confirmed that a recent Foxconn cyberattack disrupted operations at several of its North American facilities. According to online reports, a ransomware group known as Nitrogen claimed responsibility for
A critical vulnerability in the Amazon Redshift JDBC driver has put enterprise applications at severe risk of Remote Code Execution (RCE). Threat actors can exploit this newly disclosed flaw simply by manipulating database connection URLs. This hidden vulnerability allows attackers to hijack the app
A recent intrusion uncovered by security researchers revealed a calculated attack campaign that used a legitimate enterprise management tool as a weapon. The threat actor gained access through a compromised third-party IT services provider, then quietly moved through the victim’s environment using t
A chain of four critical vulnerabilities discovered in OpenClaw, one of the fastest-growing open-source platforms for autonomous AI agents, has left an estimated 245,000 publicly accessible server instances exposed to remote exploitation, credential theft, and persistent backdoor installation. Origi
The refresh resolves critical-severity use-after-free and other types of bugs in various browser components. The post Chrome 148 Update Patches Critical Vulnerabilities appeared first on SecurityWeek.
Hackers are leveraging a critical authentication bypass vulnerability in the WordPress plugin Burst Statistics to obtain admin-level access to websites. [...]
The TeamPCP hacker group is threatening to leak source code from the Mistral AI project unless a buyer is found for the data. [...]
A critical vulnerability in the Funnel Builder plugin for WordPress is being actively exploited to inject malicious JavaScript snippets into WooCommerce checkout pages. [...]
The U.S.Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a newly disclosed vulnerability impacting Cisco Catalyst SD-WAN Controller to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to remediate the issue by May
Microsoft has disclosed a new security vulnerability impacting on-premise versions of Exchange Server that it said has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-42897 (CVSS score: 8.1), has been described as a spoofing bug stemming from a cross-site scripting
In Your Biggest Security Risk Isn't Malware — It's What You Already Trust, we made a simple argument: the most dangerous activity inside most organizations no longer looks like an attack. It looks like administration. PowerShell, WMIC, netsh, Certutil, MSBuild — the same trusted utilities your IT te
... (CERT-In).After Hidma was eliminated by security forces in November last ye...
Coordinated reviews by CERT-In, the Finance Ministry and MeitY reflect how seriously the system views this shift. Loading... However, what is ...
A newly uncovered malware framework is raising serious alarms across the cybersecurity community. Researchers have identified a previously unknown implant called TencShell, a sophisticated tool capable of giving attackers full remote control over a compromised system. The discovery highlights how th
A Russian state-sponsored hacking group known as Sandworm has been caught making a calculated pivot from compromised IT networks into operational technology systems that control physical infrastructure. The campaign is alarming because it does not rely on cutting-edge exploits. Instead, Sandworm wal
The acquisition enables Akamai to expand its Zero Trust portfolio to add protection directly into the browser. The post Akamai to Acquire AI and Browser Security Firm LayerX for $205 Million appeared first on SecurityWeek.