Wordfence is raising the alarm about a large-scale malware campaign in which attackers are exploiting critical vulnerabilities in the popular WordPress plugins GutenKit and Hunk Companion . The company blocked 8.7 million such attack attempts against its customers in just two days. Hackers are exploiting three critical vulnerabilities (9.8 on the CVS19 security scale): CVE-2024-9234, CVE-2024-9707, and CVE-2024-11972. All of these vulnerabilities allow remote code execution on vulnerable websites. CVE-2024-9234 affects the GutenKit plugin, which has 40,000 active installations . The vulnerability is related to an unauthenticated REST endpoint and allows the installation of arbitrary plugins without authentication. The issue affects GutenKit

Attackers are using an advanced phishing technique, known as CoPhish, that leverages Microsoft Copilot Studio to trick users into granting unauthorized access to their Microsoft Sign In ID accounts. A recent report details the attack and highlights how, despite Microsoft’s efforts to strengthen its consent policies, significant vulnerabilities remain in cloud-based AI tools. The growing adoption of tools like Copilot by organizations highlights the need for careful oversight of low-code platforms . In this space, user-configurable features designed to boost productivity can inadvertently facilitate phishing. This attack, discovered by researchers at Datadog Security Labs , uses customizable AI agents hosted on legitimate

Oracle has released its new quarterly security update, the October 2025 Critical Patch Update , which addresses 374 vulnerabilities identified in numerous Oracle products. This is one of the largest patches in recent years, with fixes spanning databases, middleware, enterprise applications, and communications systems. As always, Oracle recommends that customers apply patches without delay, as many of the fixed vulnerabilities can be exploited remotely, even without authentication. This makes the update particularly urgent for all organizations using Oracle infrastructure in critical environments. An update that affects much of the Oracle ecosystem The October bulletin covers a long list of products, including: In

Researchers at Koi Security have detected a supply chain attack using OpenVSX and the Visual Studio Code Marketplace . Criminal hackers are distributing self-replicating malware called GlassWorm, which has already been installed approximately 35,800 times. Experts have discovered at least eleven GlassWorm -infected extensions in OpenVSX and one in the Visual Studio Code Marketplace: The malware hides its malicious code using invisible Unicode characters. Furthermore, GlassWorm has worm-like functionality and can spread independently: using the victim’s stolen credentials, it infects other extensions the victim has access to. The attackers use the Solana blockchain to control their botnet, using Google Calendar as a

A Zero Salarium specialist has presented a method that temporarily disables antivirus processes and EDR agents on Windows using built-in system tools. The article details the concept and operational tool, EDR-Freeze , a way to specifically kill monitoring processes without installing additional vulnerable drivers , based on the behavior of native operating system components and race conditions between processes. The trick is that MiniDumpWriteDump forcibly suspends all threads of the target process while taking a snapshot, and the associated process that triggered the dump is responsible for resuming it. The research demonstrates how to force WerFaultSecure to run with protected process privileges

Sophos recently announced the fixes for five independent security vulnerabilities found in its firewalls, some critical and others high and medium. The vulnerabilities have been fixed via automatically distributed hotfixes, without requiring customers to take action, provided that the “Allow automatic installation of hotfixes” option is enabled, which is enabled by default in affected versions. Among the fixed vulnerabilities, two critical flaws stand out: the first (CVE-2025-6704) involves arbitrary file writing in the Secure PDF eXchange (SPX) feature, which could allow remote code execution before authentication in certain configurations in High Availability (HA) mode. The second (CVE-2025-7624) is a SQL injection in

A security bug, also known as a computer security bug, is a type of error or flaw in software that can be exploited by an attacker to compromise the security of a computer system. These bugs can be caused by a variety of factors, including programming errors, system design or configuration issues, security vulnerabilities in third-party libraries or other software used by the system, and so on. In some cases, security bugs can also be introduced during software maintenance, such as through the application of inadequately tested patches or security updates. Security bugs can be exploited by an attacker in a variety