Threat actors are exploiting a critical-severity vulnerability in Motors theme for WordPress to change arbitrary user passwords.
The post Motors Theme Vulnerability Exploited to Hack WordPress Websites appeared first on SecurityWeek.
Threat actors are exploiting a critical-severity vulnerability in Motors theme for WordPress to change arbitrary user passwords.
The post Motors Theme Vulnerability Exploited to Hack WordPress Websites appeared first on SecurityWeek.
WhatsApp told SecurityWeek that it linked the exploited FreeType vulnerability CVE-2025-27363 to a Paragon exploit.
The post FreeType Zero-Day Found by Meta Exploited in Paragon Spyware Attacks appeared first on SecurityWeek.
Qualys has disclosed two Linux vulnerabilities that can be chained for full root access, and CISA added a flaw to its KEV catalog.
The post Linux Security: New Flaws Allow Root Access, CISA Warns of Old Bug Exploitation appeared first on SecurityWeek.
Google has released a Chrome 137 update to resolve two memory bugs in the browser’s V8 and Profiler components.
The post Chrome 137 Update Patches High-Severity Vulnerabilities appeared first on SecurityWeek.
GreyNoise warns of a spike in exploitation attempts targeting a two-year-old vulnerability in Zyxel firewalls.
The post Zyxel Firewall Vulnerability Again in Attacker Crosshairs appeared first on SecurityWeek.
CISA warns that a vulnerability impacting multiple discontinued TP-Link router models is exploited in the wild.
The post Organizations Warned of Vulnerability Exploited Against Discontinued TP-Link Routers appeared first on SecurityWeek.
A critical Langflow vulnerability tracked as CVE-2025-3248 has been exploited to ensnare devices in the Flodrix botnet.
The post Recent Langflow Vulnerability Exploited by Flodrix Botnet appeared first on SecurityWeek.
CISA warns that vulnerable SimpleHelp RMM instances have been exploited against a utility billing software provider’s customers.
The post SimpleHelp Vulnerability Exploited Against Utility Billing Software Users appeared first on SecurityWeek.
Exploitation of a critical-severity RCE vulnerability in Roundcube started only days after a patch was released.
The post Exploited Vulnerability Impacts Over 80,000 Roundcube Servers appeared first on SecurityWeek.
CVE-2025-24016, a critical remote code execution vulnerability affecting Wazuh servers, has been exploited by Mirai botnets.
The post Mirai Botnets Exploiting Wazuh Security Platform Vulnerability appeared first on SecurityWeek.