Latest news as of 2/18/2026, 11:10:29 PM
Bleeping Computer
The popular WordPress plugin Gravity Forms has been compromised in what seems a supply-chain attack where manual installers from the official website were infected with a backdoor. [...]
The Register
Intruders looked up how to use curl mid-attack - rookie errors kept damage minimal Huntress security researchers observed exploitation of the CVSS 10.0 remote code execution (RCE) flaw in Wing FTP Server on July 1, just one day after its public disclosure.…
Dark Reading
Cyber-insurance premiums continue to decline from their explosive growth from 2020 to 2022, but coverage is more important than ever to manage risks, experts say.
Bleeping Computer
NVIDIA is warning users to activate the System Level Error-Correcting Code mitigation to protect against Rowhammer attacks on graphical processors with GDDR6 memory. [...]
The Hacker News
Fortinet has released fixes for a critical security flaw impacting FortiWeb that could enable an unauthenticated attacker to run arbitrary database commands on susceptible instances. Tracked as CVE-2025-25257, the vulnerability carries a CVSS score of 9.6 out of a maximum of 10.0. "An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] in
Bleeping Computer
Learn how one overlooked flaw in OpenVSX discovered by Koi Secureity could've let attackers hijack millions of dev machines via an extension supply chain attack. The zero-day threat's been patched—but the wake-up call is clear: extensions are a new, massive supply chain risk. [...]
Bleeping Computer
The U.S. Cybersecurity & Infrastructure Security Agency has confirmed active exploitation of the CitrixBleed 2 vulnerability (CVE-2025-5777) in Citrix NetScaler ADC and Gateway and is giving federal agencies one day to apply fixes. [...]
Graham Cluley
A Russian professional basketball player has been arrested for allegedly acting as a negotiator for a ransomware gang... and despite his lawyer claiming he's "useless" with computers. Read more in my article on the Hot for Security blog.
Dark Reading
As financial institutions continue to embrace digital transformation, their success will depend on their ability to establish and maintain robust and responsible cybersecurity practices.
Dark Reading
DEK: Privacy experts say Google's quiet policy update on digital fingerprinting opens the door to deeper surveillance, discrimination, and data misuse—while the company insists nothing has changed. Digital fingerprinting eliminates the user's ability to opt out of data collection, and could expose users to increased surveillance, identity theft, and discriminatory practices.