Latest news as of 7/22/2025, 8:17:40 AM
The Hacker News
Cybersecurity researchers have disclosed a critical unpatched security flaw impacting TI WooCommerce Wishlist plugin for WordPress that could be exploited by unauthenticated attackers to upload arbitrary files. TI WooCommerce Wishlist, which has over 100,000 active installations, is a tool to allow e-commerce site customers to save their favorite products for later and share the lists on social
Graham Cluley
Why is a cute Star Wars fan website now redirecting to the CIA? How come Cambodia has become the world's hotspot for scam call centres? And can a WhatsApp image really drain your bank account with a single download, or is it just a load of hacker hokum? All this and much more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Allan Liska.
The Register
Knickers outlet knackered Underwear retailer Victoria's Secret’s website has been down for three days, with the company blaming an unspecified security problem.…
The Register
The financial sector is adept at balancing risk and opportunity. Adversarial AI is its next big challenge From the use of ATMs to online banking, the financial services sector has always been at the forefront of technology. Now, it's leading the charge in AI. In their third annual survey of financial institutions the Bank of England and Financial Conduct Authority 75% of companies already using AI with another 10% planning to do so over the next three years.… Partner content found
Bleeping Computer
Microsoft has released the optional KB5058481 preview cumulative update for Windows 10 22H2 with seven changes, including restoring seconds to the time display in the calendar flyout for those who previously lost it. [...]
Bleeping Computer
Microsoft has released the KB5058499 preview cumulative update for Windows 11 24H2 with forty-eight new features or changes, with many gradually rolling out, such as the new Windows Share feature and tje Click to Do Preview. [...]
Bleeping Computer
The Chinese APT41 hacking group uses a new malware named 'ToughProgress' that abuses Google Calendar for command-and-control (C2) operations, hiding malicious activity behind a trusted cloud service. [...]
Dark Reading
Researchers at Oasis Security say the problem has to do with OneDrive File Picker having overly broad permissions.
Bleeping Computer
A newly discovered Go-based Linux botnet malware named PumaBot is brute-forcing SSH credentials on embedded IoT devices to deploy malicious payloads. [...]
The Register
Data analytics and risk management biz says software dev platform breached, not itself LexisNexis Risk Solutions (LNRS) is the latest big-name organization to disclose a serious cyberattack leading to data theft, with the number of affected individuals pegged at 364,333.…