Latest Intelligence
Critical Exploit Lets Hackers Bypass Authentication in WordPress Service Finder Theme
A critical security flaw in the Service Finder WordPress theme allows hackers to bypass authentication and gain unauthorized access to any account, including those of administrators. This vulnerability, tracked as CVE-2025-5947, poses a significant risk to susceptible sites. Read Original »
Vampire Bot Malware Sinks Fangs Into Job Hunters
The article discusses a new malware campaign named Vampire Bot, which targets job seekers and is attributed to the cybercrime group BatShadow based in Vietnam. This highlights the increasing threats posed by such groups in the cybersecurity landscape. Read Original »
Red Hat Hackers Team Up With Scattered Lapsus$ Hunters
The Crimson Collective has breached the GitLab instance of Red Hat Consulting and is now collaborating with the Lapsus$ cybercriminal group. This partnership raises concerns about the potential for increased cyber threats and attacks on affected organizations. Read Original »
LockBit, Qilin & DragonForce Join Forces in Ransomware 'Cartel'
LockBit, Qilin, and DragonForce have formed a collaboration, referred to as a ransomware 'cartel', to share attack information and resources. This alliance comes in response to the release of LockBit 5.0 and aims to invite other e-crime attackers to join their efforts. Read Original »
Framelink Figma MCP Server Opens Orgs to Agentic AI Compromise
A vulnerability identified as CVE-2025-53967 has been discovered in a third-party option for connecting Figma to agentic AI, which could allow for remote code execution. Users are urged to patch this issue promptly to mitigate potential risks. Read Original »
Hackers Exploit WordPress Sites to Power Next-Gen ClickFix Phishing Attacks
Cybersecurity researchers have identified a campaign that exploits WordPress sites by injecting malicious JavaScript, which redirects users to dubious websites. This tactic includes the use of drive-by malware, such as fake Cloudflare verification prompts. Read Original »
AI Takes Center Stage at DataTribe’s Cyber Innovation Day
The DataTribe Challenge highlights innovative cybersecurity solutions, particularly focusing on the use of AI in defending against threats and enhancing robotic safety. This event showcases the potential of AI technologies in shaping the future of cybersecurity. Read Original »
Will AI-SPM Become the Standard Security Layer for Safe AI Adoption?
The article discusses the importance of security posture management (AI-SPM) in safeguarding AI systems against various risks such as model poisoning, excessive agency, and jailbreaking. It emphasizes the potential of AI-SPM to become a standard security layer for safe AI adoption. Read Original »
Virtual Event Today: Zero Trust & Identity Strategies Summit
The article announces a virtual event focused on digital identity management, emphasizing the importance of zero-trust principles and related technologies. Participants will explore strategies for implementing these concepts in cybersecurity. Read Original »
China-Nexus Actors Weaponize 'Nezha' Open Source Tool
A threat actor is exploiting a Chinese open source tool, 'Nezha', to enhance traditional remote monitoring and management (RMM) attacks. This represents a shift in tactics, utilizing open source resources for malicious purposes. Read Original »
Chinese Hackers Weaponize Open-Source Nezha Tool in New Attack Wave
Chinese hackers have exploited the open-source monitoring tool Nezha to distribute the Gh0st RAT malware. This attack involves a technique known as log poisoning to deploy a web shell on targeted systems. Read Original »
Calling All Influencers: Spear-Phishers Dangle Tesla, Red Bull Jobs
Cyberattackers are targeting job seekers, particularly social media professionals, by impersonating brands like Tesla and Red Bull in an effort to steal résumés. This evolving phishing campaign highlights the risks associated with job hunting in the digital age. Read Original »
Google DeepMind’s New AI Agent Finds and Fixes Vulnerabilities
Google DeepMind has introduced a new AI agent named CodeMender, designed to identify and rectify vulnerabilities in code to mitigate future exploits. This innovation aims to enhance cybersecurity measures by automating the vulnerability fixing process. Read Original »
Google Offers Up to $20,000 in New AI Bug Bounty Program
Google has launched a new AI bug bounty program, offering rewards of up to $20,000 for identifying vulnerabilities. The program has been updated to combine rewards for both abuse and security issues into a single framework. Read Original »
Step Into the Password Graveyard… If You Dare (and Join the Live Session)
Weak passwords continue to cause significant financial losses each year, with many breaches preventable through better security practices. IT teams face challenges such as frequent password resets and compliance issues due to these vulnerabilities. Read Original »