A critical security vulnerability in the popular Post SMTP WordPress plugin has left over 400,000 websites exposed to potential account takeover attacks, allowing even the lowest-privileged users to gain administrator access and achieve full site control.
The vulnerability, tracked as CVE-2025-24000, stems from broken...
A threat actor on a dark-web forum is advertising “full-stack” access to Airpay’s production environment alongside a trove of personally identifiable information (PII) and financial data.
Although Airpay has not yet confirmed the incident publicly, screenshots posted by the attacker and a detailed sales...
Tea, a women-only dating safety app that allows users to anonymously review and comment on men they've dated, has suffered a significant data breach exposing approximately 72,000 user images, including 13,000 sensitive selfies and photo identification documents submitted during account verification processes.
The incident,...
A significant data breach that exposes the browsing habits and personal information of users visiting illegal hacking forums.
On Friday, July 18, the team discovered an unsecured Elasticsearch database containing approximately 22 million web request records, with 95% of the traffic directed to Leakzone.net,...
Organizations about an active campaign targeting Microsoft SharePoint servers using a sophisticated exploit chain dubbed "ToolShell."
The attacks combine previously patched vulnerabilities with new zero-day exploits to achieve complete remote control of enterprise systems, prompting CISA to add the associated CVEs to its catalog...
A critical security vulnerability has been discovered in LG Innotek's LNV5110R camera model that could allow remote attackers to gain full administrative control of the devices.
The Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory on July 24, 2025, warning that the authentication...