Website Security

On 18 July 2025, researchers at Wordfence disclosed CVE‑2025‑7847, a high-severity (CVSS 8.8) arbitrary file upload vulnerability in the widely used AI Engine WordPress plugin, affecting versions...

A newly disclosed flaw in the Alone – Charity Multipurpose Non-profit WordPress Theme (versions ≤ 7.8.3) enables unauthenticated attackers to deploy arbitrary plugin ZIP files-containing...

On 1 July 2025, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned Aeza Group, a Russia‑based bulletproof hosting service, for enabling...

In mid‑May 2025, Cloudflare successfully deflected the largest DDoS attack ever recorded peaking at 7.3 terabits-per-second targeting a hosting provider using its Magic Transit service,...

On 28 May 2025, Victoria’s Secret & Co. suffered a significant security incident that disrupted its digital infrastructure, including website availability, internal email systems,...

A critical unauthenticated file upload flaw in the TI WooCommerce Wishlist plugin, tracked as CVE-2025-47577, remains unpatched leaving over 100,000 WordPress e-commerce sites exposed...

A critical vulnerability tracked as CVE‑2025‑4389 (CVSS 9.8) allows unauthenticated attackers to upload any file type including web‑shells via the crawlomatic_generate_featured_image() hook in Crawlomatic Multipage Scraper Post...