HomeTopics 5Website Security

Website Security

Technology & Telecom

Critical WordPress Flaw Exposes 500K+ Sites: Kirki Plugin Vulnerability Enables Full Account Takeover

Africa

Hackers Breach Multiple Kenyan Government Websites, Temporarily Seize Presidency Portal

Application Security

Phishing Campaigns “I Paid Twice” Target Booking.com Hotels and Customers

Advanced Persistent Threat

Salt Typhoon & UNC4841: Silent Push Uncovers New Domains in Global Espionage Campaign

Silent Push threat analysts have uncovered dozens of new domains linked to Salt Typhoon and UNC4841, two China-backed Advanced Persistent Threat (APT) groups infamous...

AI & Cybersecurity

CVE‑2025‑7847: Arbitrary File Upload in AI Engine Puts 100K+ WordPress Sites at Risk of RCE

On 18 July 2025, researchers at Wordfence disclosed CVE‑2025‑7847, a high-severity (CVSS 8.8) arbitrary file upload vulnerability in the widely used AI Engine WordPress plugin, affecting versions...

Vulnerability Management

Hackers Actively Exploit Critical RCE in WordPress Alone Theme (CVE-2025-5394)

A newly disclosed flaw in the Alone – Charity Multipurpose Non-profit WordPress Theme (versions ≤ 7.8.3) enables unauthenticated attackers to deploy arbitrary plugin ZIP files-containing...

America

U.S. Treasury Sanctions Aeza Group Bulletproof Russian Bulletproof Hosting Provider in Major Cybercrime Crackdown

On 1 July 2025, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned Aeza Group, a Russia‑based bulletproof hosting service, for enabling...

DoS & DDoS

Monster 7.3 Tbps DDoS Attack Blocked by Cloudflare in Historic Mitigation

In mid‑May 2025, Cloudflare successfully deflected the largest DDoS attack ever recorded peaking at 7.3 terabits-per-second targeting a hosting provider using its Magic Transit service,...

Breached

Victoria’s Secret Hit by Security Incident: Website, Email, and Operations Disrupted

On 28 May 2025, Victoria’s Secret & Co. suffered a significant security incident that disrupted its digital infrastructure, including website availability, internal email systems,...

Website Security

Unpatched Zero-Day in TI WooCommerce Wishlist Plugin Exposes Over 100K Sites to RCE Risk

A critical unauthenticated file upload flaw in the TI WooCommerce Wishlist plugin, tracked as CVE-2025-47577, remains unpatched leaving over 100,000 WordPress e-commerce sites exposed...

12 3...6 Page 1 of 6

- Never miss a story with notifications

- Gain full access to our premium content

- Browse free from up to 5 devices at once

Must read

AI & Cybersecurity

Critical Alert: IBM WebSphere Plug-ins Flaws Expose Enterprises to Remote Code Execution

When the Browser Becomes the Attack Vector: ChatGPT “Summarize Page” Flaw Opens Door to Phishing and Data Leakage

The Gentlemen” Ransomware: The Silent Worm Turning Encryption into a Network-Wide Catastrophe

Fast & Furious: Iranian Cyber Unit “Nimbus Manticore” Deploys AI-Driven Malware in Escalating Cyber War

Critical Alert: IBM WebSphere Plug-ins Flaws Expose Enterprises to Remote Code Execution

When the Browser Becomes the Attack Vector: ChatGPT “Summarize Page” Flaw Opens Door to Phishing and Data Leakage

The Gentlemen” Ransomware: The Silent Worm Turning Encryption into a Network-Wide Catastrophe

Fast & Furious: Iranian Cyber Unit “Nimbus Manticore” Deploys AI-Driven Malware in Escalating Cyber War

Website Security

Critical WordPress Flaw Exposes 500K+ Sites: Kirki Plugin Vulnerability Enables Full Account Takeover

Hackers Breach Multiple Kenyan Government Websites, Temporarily Seize Presidency Portal

Phishing Campaigns “I Paid Twice” Target Booking.com Hotels and Customers

AI Meets Cybercrime: New Malware Framework Uses AI Agents to Outsmart EDR Defenses

Critical WordPress Flaw Exposes 500K+ Sites: Kirki Plugin Vulnerability Enables Full Account Takeover

Critical Alert: IBM WebSphere Plug-ins Flaws Expose Enterprises to Remote Code Execution

When the Browser Becomes the Attack Vector: ChatGPT “Summarize Page” Flaw Opens Door to Phishing and Data Leakage

Critical Alert: IBM WebSphere Plug-ins Flaws Expose Enterprises to Remote Code Execution

When the Browser Becomes the Attack Vector: ChatGPT “Summarize Page” Flaw Opens Door to Phishing and Data Leakage

The Gentlemen” Ransomware: The Silent Worm Turning Encryption into a Network-Wide Catastrophe

Fast & Furious: Iranian Cyber Unit “Nimbus Manticore” Deploys AI-Driven Malware in Escalating Cyber War

Cybercory Magazine

Latest

AI Meets Cybercrime: New Malware Framework Uses AI Agents to Outsmart EDR Defenses

Critical WordPress Flaw Exposes 500K+ Sites: Kirki Plugin Vulnerability Enables Full Account Takeover

Critical Alert: IBM WebSphere Plug-ins Flaws Expose Enterprises to Remote Code Execution

Popular

AI Meets Cybercrime: New Malware Framework Uses AI Agents to Outsmart EDR Defenses

Critical WordPress Flaw Exposes 500K+ Sites: Kirki Plugin Vulnerability Enables Full Account Takeover

Critical Alert: IBM WebSphere Plug-ins Flaws Expose Enterprises to Remote Code Execution

Useful Links

Quick Links