Security Alerts

Attackers are exploiting CVE-2025–8489 in the King Addons for Elementor plugin for WordPress & obtain administrative permissions during the registration process. It’s used on roughly 10,000 websites.

Google says there are “indications” that CVE-2025-48633 and CVE-2025-48572 “may be under limited, targeted exploitation.”

CVE-2025-21042 was discovered in Samsung’s libimagecodec.quram.so library, allowing remote attackers to gain code execution on devices running Android 13 and later.

CVE-2025-49844. This critical (CVSS 10.0) use-after-free (UAF) vulnerability in Lua scripting could allow authenticated attackers to execute remote code on older versions of Redis and Valkey with Lua scripting enabled.

CVE-2025-48593, a remote code execution (RCE) bug discovered in the System component. The flaw affects multiple versions of the Android Open Source Project (AOSP).

Attackers are already targeting a vulnerability in the Post SMTP plug-in that allows them to fully compromise an account and website for nefarious purposes.

CVE-2025-58726 – Ghost SPNs service names referencing hostnames that don’t resolve in DNS create exploitable attack surfaces in Active Directory environments.

CVE-2025-2783 (CVSS score: 8.3), a case of sandbox escape as part of a campaign dubbed Operation ForumTroll targeting organizations in Russia. The cluster is tracked as TaxOff/Team 46.

Nation-State Cyber Threat Actor Poses Immediate Risk to Federal Networks. CISA has issued Emergency Directive 26-01. This directive, the third issued under the Trump Administration.

CVE-2025-59287, a WSUS remote code execution vulnerability impacting Windows Server 2012, 2016, 2019, 2022, 2025. WSUS is a component of the Windows Server OS to centrally manage updates & patches.

A new technique allows hackers to extract encrypted authentication tokens from Microsoft Teams on Windows, enabling unauthorized access to chats, emails, and SharePoint files.

Fortinet CVE-2025-58325 in its FortiOS enable local authenticated attackers to execute arbitrary system commands. With a CVSS v3.1 score of 7.8 (AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H), it poses significant risks to enterprise.

CVE-2025-32463 targets the chroot feature in Sudo versions 1.9.14 through 1.9.17, enabling local attackers to escalate privileges to root level with minimal effort.

It also addresses 8 “Critical” vulnerabilities. The bugs-80 Elevation of Privilege, 11 Security Bypass, 31 Remote Code Execution, 28 Info Disclosure, 11 DOS, 10 Spoofing.

CVE-2025-61984 could allow an attacker to achieve remote code execution on a victim’s machine. It is a bypass of a previous fix for a similar issue (CVE-2023-51385).

CVE-2025-49844, was discovered by Wiz Research and has been assigned the highest possible CVSS severity score of 10.0, a rating reserved for the most severe security issues.

Chrome 141 to address 21 security vulnerabilities, rolling out across Windows, Mac, and Linux platforms, patches several high-severity vulnerabilities that pose significant risks to user security.

Broadcom has patched CVE-2025-41244 in its VMware Aria Operations and VMware Tools software, which has been exploited in zero-day attacks since October 2024. European security company linked the attacks to

Cisco has reported threat actor ArcaneDooris actively exploiting multiple zero-day vulnerabilities in Cisco Adaptive Security Appliance & Firepower Threat Defense.

The first-ever malicious Model-Context-Prompt (MCP) server discovered in a trojanized npm package named postmark-mcp secretly exfiltrating sensitive data from emails.