Severe RCE Flaw Discovered in Everest Forms WordPress Plugin
Severe RCE Flaw Discovered in Everest Forms WordPress Plugin The Everest Forms: Contact Forms, Quiz, Survey, Newsletter and Payment Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary file upload, read, and deletion due to missing file type and path validation in the “format” method of the EVF_Form_Fields_Upload class in all versions up […]
Hackers Exploit Critical Confluence Server Flaw to Deploy LockBit Ransomware
Hackers Exploit Critical Confluence Server Flaw to Deploy LockBit Ransomware A recent cyberattack exposed the risks of unpatched servers, as hackers exploited a critical flaw in an Atlassian Confluence instance to deploy LockBit ransomware. The attack leveraged CVE-2023-22527, a remote code execution vulnerability, enabling attackers to run arbitrary commands on the server. This incident underscores […]
Critical Vulnerabilities Detected in HP LaserJet Printers
Critical Vulnerabilities Detected in HP LaserJet Printers HP has released a security advisory regarding critical vulnerabilities affecting multiple LaserJet Pro, LaserJet Enterprise and LaserJet Managed printers. These vulnerabilities, identified as CVE-2025-26506, CVE-2025-26508 and CVE-2025-26507, could enable attackers to execute arbitrary code or escalate privileges by sending specially crafted PostScript print jobs. To mitigate these risks, […]
Phishing Campaign Abuses Webflow CDN & CAPTCHAs to Steals Credit Card Data
Phishing Campaign Abuses Webflow CDN & CAPTCHAs to Steal Credit Card Data A recent cybersecurity report reveals a sophisticated phishing campaign that exploits the Webflow CDN and deceptive CAPTCHA images to steal credit card data. Attackers employ search engine optimization (SEO) tactics to drive victims to malicious PDFs, which lead them through a fake CAPTCHA […]
Chrome Buffer Overflow Vulnerabilities Allow Arbitrary Code Execution
Chrome Buffer Overflow Vulnerabilities Allow Arbitrary Code Execution Google has rolled out an urgent security update for its Chrome browser, patching three vulnerabilities including two critical heap buffer overflow flaws that could enable attackers to execute arbitrary code and seize control of affected systems. The update (version 133.0.6943.126/.127 for Windows/Mac and 133.0.6943.126 for Linux) follows […]
Orion Hackers Ransomware, LockBit 3.0 (LockBit Black)
Orion Hackers Ransomware, LockBit 3.0 (LockBit Black) Orion Hackers is a malicious software variant derived from the LockBit 3.0 (LockBit Black) ransomware. It is designed to encrypt data and extort victims by demanding payment for decryption. It propagates via phishing, software vulnerabilities and malicious downloads, making recovery challenging without backups. Paying the ransom does not […]
AWS Exploited by A New “whoAMI” Attack
AWS Exploited by A New “whoAMI” Attack In February 2025, cybersecurity researchers found out attack vector termed “whoAMI” which exploits misconfigurations in the retrieval of Amazon Machine Images (AMIs) within Amazon Web Services (AWS) environments. This attack leverages a name confusion vulnerability Enabling malicious actors to gain unauthorized code execution privileges within targeted AWS accounts. […]
Lazarus Group Deploys Sophisticated Infostealer Malware
Lazarus Group Deploys Sophisticated Infostealer Malware North Korea’s Lazarus Group is targeting software developers and IT experts through an advanced infostealer malware campaign. Utilizing malicious Python scripts, fake job interviews, and social engineering, they steal sensitive data and establish persistent access to systems. The malware incorporates multiple layers of encoding and evasion techniques, ultimately delivering […]
Microsoft Releases Fixes for 63 Flaws and Two Actively Used Zero-Day Vulnerabilities
Microsoft Releases Fixes for 63 Flaws and Two Actively Used Zero-Day Vulnerabilities On February 11th, 2025, Microsoft released a new security update that aims to fix total of 63 security risks, and two zero-day vulnerabilities that are being exploited. Of the 63 identified vulnerabilities, three are classified as critical, 57 are deemed important, and one […]
Ivanti Addresses Critical Vulnerabilities Affecting Several Products
Ivanti Addresses Critical Vulnerabilities Affecting Several Products Ivanti has disclosed critical vulnerabilities in its Connect Secure, Policy Secure, Secure Access Client and Cloud Services Application products. These flaws could enable remote code execution, unauthorized data access and system compromise. The most severe issues include stack-based buffer overflows and OS command injection vulnerabilities. Ivanti strongly advises […]