Latest Cybersecurity News and Articles
03 December 2025
A critical security flaw impacting a WordPress plugin known as King Addons for Elementor has come under active exploitation in the wild.
The vulnerability, CVE-2025-8489 (CVSS score: 9.8), is a case of privilege escalation that allows unauthenticated attackers to grant themselves administrative privileges by simply specifying the administrator user role during registration.
It affects versions
03 December 2025
The threat actor known as Water Saci is actively evolving its tactics, switching to a sophisticated, highly layered infection chain that uses HTML Application (HTA) files and PDFs to propagate a worm that deploys a banking trojan via WhatsApp in attacks targeting users in Brazil.
The latest wave is characterized by the attackers shifting from PowerShell to a Python-based variant that spreads the
03 December 2025
The startup will invest the funds in accelerating development of its second-generation fully homomorphic encryption (FHE) platforms.
The post Niobium Raises $23 Million for FHE Hardware Acceleration appeared first on SecurityWeek.
03 December 2025
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Dec. 3, 2025 – Read the full story in IoT for all IoT for all reports that over the past decade, ransomware has evolved from a small-scale threat targeting personal computers into a
The post A Decade of Ransomware Chaos – How Much It Costs appeared first on Cybercrime Magazine.
03 December 2025
A critical-severity vulnerability in the King Addons for Elementor plugin for WordPress has been exploited to take over websites.
The post Critical King Addons Vulnerability Exploited to Hack WordPress Sites appeared first on SecurityWeek.
03 December 2025
Arizona is the latest state to sue Temu and its parent company PDD Holdings over allegations that the Chinese online retailer is stealing customers’ data.
The post Arizona Attorney General Sues Chinese Online Retailer Temu Over Data Theft Claims appeared first on SecurityWeek.
03 December 2025
Veza Security was recently valued at more than $800 million after raising $108 million in Series D funding.
The post ServiceNow to Acquire Identity Security Firm Veza in Reported $1 Billion Deal appeared first on SecurityWeek.
03 December 2025
Remember when phishing emails were easy to spot? Bad grammar, weird formatting, and requests from a "Prince" in a distant country?
Those days are over.
Today, a 16-year-old with zero coding skills and a $200 allowance can launch a campaign that rivals state-sponsored hackers. They don't need to be smart; they just need to subscribe to the right AI tool.
We are witnessing the industrialization of
03 December 2025
The University of Pennsylvania and the University of Phoenix confirm that they are victims of the recent Oracle EBS hacking campaign.
The post Penn and Phoenix Universities Disclose Data Breach After Oracle Hack appeared first on SecurityWeek.
03 December 2025
AWS and cybersecurity vendors have made several announcements at the cloud giant’s re:Invent 2025 event.
The post re:Invent 2025: AWS and Security Vendors Unveil New Products and Capabilities appeared first on SecurityWeek.
03 December 2025
Windows now displays in the properties tab of LNK files critical information that could reveal malicious code.
The post Microsoft Silently Mitigated Exploited LNK Vulnerability appeared first on SecurityWeek.
03 December 2025
Most people know the story of Paul Bunyan. A giant lumberjack, a trusted axe, and a challenge from a machine that promised to outpace him. Paul doubled down on his old way of working, swung harder, and still lost by a quarter inch. His mistake was not losing the contest. His mistake was assuming that effort alone could outmatch a new kind of tool.
Security professionals are facing a similar
03 December 2025
Online criminals foiled by National Cyber Security Centre’s Share and Defend service in partnership with industry.
03 December 2025
Three critical security flaws have been disclosed in an open-source utility called Picklescan that could allow malicious actors to execute arbitrary code by loading untrusted PyTorch models, effectively bypassing the tool's protections.
Picklescan, developed and maintained by Matthieu Maitre (@mmaitre314), is a security scanner that's designed to parse Python pickle files and detect suspicious
03 December 2025
Chrome 143 stable was released with patches for 13 vulnerabilities, including a high-severity flaw in the V8 JavaScript engine.
The post Chrome 143 Patches High-Severity Vulnerabilities appeared first on SecurityWeek.
03 December 2025
Cybersecurity researchers have discovered a malicious Rust package that's capable of targeting Windows, macOS, and Linux systems, and features malicious functionality to stealthily execute on developer machines by masquerading as an Ethereum Virtual Machine (EVM) unit helper tool.
The Rust crate, named "evm-units," was uploaded to crates.io in mid-April 2025 by a user named "ablerust,"
02 December 2025
India's Department of Telecommunications (DoT) has issued directions to app-based communication service providers to ensure that the platforms cannot be used without an active SIM card linked to the user's mobile number.
To that end, messaging apps like WhatsApp, Telegram, Snapchat, Arattai, Sharechat, Josh, JioChat, and Signal that use an Indian mobile number for uniquely identifying their
02 December 2025
The cybersecurity startup will use the investment to accelerate product innovation and global expansion.
The post Zafran Security Raises $60 Million in Series C Funding appeared first on SecurityWeek.
02 December 2025
A joint investigation led by Mauro Eldritch, founder of BCA LTD, conducted together with threat-intel initiative NorthScan and ANY.RUN, a solution for interactive malware analysis and threat intelligence, has uncovered one of North Korea’s most persistent infiltration schemes: a network of remote IT workers tied to Lazarus Group’s Famous Chollima division.
For the first time, researchers managed
02 December 2025
The supply chain campaign known as GlassWorm has once again reared its head, infiltrating both Microsoft Visual Studio Marketplace and Open VSX with 24 extensions impersonating popular developer tools and frameworks like Flutter, React, Tailwind, Vim, and Vue.
GlassWorm was first documented in October 2025, detailing its use of the Solana blockchain for command-and-control (C2) and harvest npm,