Conduent Discloses Data Breach Impacting 10.5 Million Individuals
October 30, 2025
A data breach at Conduent has exposed personal and medical information of over 10.5 million people through the MOVEit vulnerability,
Application Security
Conduent Discloses Data Breach Impacting 10.5 Million Individuals
A data breach at Conduent has exposed personal and medical information of over 10.5 million people through the MOVEit vulnerability, underscoring the massive risks of ...
WordPress Security Plugin Vulnerability Exposes Private Server Files to Site Subscribers
A flaw in the Anti-Malware Security and Brute-Force Firewall plugin let WordPress subscribers access private server files, prompting urgent updates to prevent data exposure.
Microsoft Faces Lawsuit Over Misleading Customers Into Copilot-Enhanced Microsoft 365 Subscriptions
The Australian regulator alleges Microsoft misled 2.7 million consumers into Copilot-integrated Microsoft 365 plans by concealing a cheaper Classic tier, prompting legal action and potential ...
OpenAI Atlas Omnibox Vulnerability: Prompt Injection Flaw Exposes Unauthorized Access Risks
Researchers discovered a prompt injection flaw in OpenAI’s ChatGPT Atlas browser that lets attackers manipulate its AI agent via malformed omnibox input. The bug exposes ...
Massive Gmail Data Breach Exposes 183 Million User Credentials
A massive Gmail breach exposed 183 million user credentials compiled by Synthient, prompting cybersecurity warnings about reused passwords and urging users to enable multi-factor authentication.
RedTiger Toolkit Weaponized to Steal Discord Tokens and Crypto Wallets
Malware built on the RedTiger red-teaming toolkit is actively stealing Discord tokens, browser credentials and crypto wallet data, enabling account takeover even after victims reset ...
SS7 Alarm: TCAP Tag Exploit Lets Attackers Intercept SMS and Track Users
Researchers uncovered a TCAP-layer SS7 bypass that lets attackers intercept SMS, reroute calls, manipulate billing, and track locations by embedding extended TCAP tags to evade ...
WhatsApp Hack Uncovers 2 Low-Risk Vulnerabilities, No Arbitrary Code Execution
Meta has patched two low-risk WhatsApp flaws—CVE-2025-55177 and CVE-2025-30401—affecting desktop and mobile sync features. Both required user interaction and posed no remote code execution risk, ...
CoPhish Exploit via Microsoft Copilot: OAuth Token Theft Exposes Trusted Domains
A new phishing technique called “CoPhish” exploits Microsoft Copilot Studio to deliver OAuth-based attacks through legitimate Microsoft domains. By embedding malicious login flows in Copilot ...
GutenKit, Hunk Companion, WP Ghost Exploits Drive New WordPress RCE Surge
A global wave of remote code execution attacks is targeting outdated WordPress plugins, including GutenKit, Hunk Companion, and WP Ghost. Despite available patches, sluggish updates ...
WordPress Security Plugin Vulnerability Exposes Private Server Files to Site Subscribers
October 30, 2025
A flaw in the Anti-Malware Security and Brute-Force Firewall plugin let WordPress subscribers access private server files, prompting urgent updates
Microsoft Faces Lawsuit Over Misleading Customers Into Copilot-Enhanced Microsoft 365 Subscriptions
October 29, 2025
The Australian regulator alleges Microsoft misled 2.7 million consumers into Copilot-integrated Microsoft 365 plans by concealing a cheaper Classic tier,
OpenAI Atlas Omnibox Vulnerability: Prompt Injection Flaw Exposes Unauthorized Access Risks
October 27, 2025
Researchers discovered a prompt injection flaw in OpenAI’s ChatGPT Atlas browser that lets attackers manipulate its AI agent via malformed
Massive Gmail Data Breach Exposes 183 Million User Credentials
October 27, 2025
A massive Gmail breach exposed 183 million user credentials compiled by Synthient, prompting cybersecurity warnings about reused passwords and urging
RedTiger Toolkit Weaponized to Steal Discord Tokens and Crypto Wallets
October 27, 2025
Malware built on the RedTiger red-teaming toolkit is actively stealing Discord tokens, browser credentials and crypto wallet data, enabling account
SS7 Alarm: TCAP Tag Exploit Lets Attackers Intercept SMS and Track Users
October 27, 2025
Researchers uncovered a TCAP-layer SS7 bypass that lets attackers intercept SMS, reroute calls, manipulate billing, and track locations by embedding
WhatsApp Hack Uncovers 2 Low-Risk Vulnerabilities, No Arbitrary Code Execution
October 27, 2025
Meta has patched two low-risk WhatsApp flaws—CVE-2025-55177 and CVE-2025-30401—affecting desktop and mobile sync features. Both required user interaction and posed
CoPhish Exploit via Microsoft Copilot: OAuth Token Theft Exposes Trusted Domains
October 27, 2025
A new phishing technique called “CoPhish” exploits Microsoft Copilot Studio to deliver OAuth-based attacks through legitimate Microsoft domains. By embedding
GutenKit, Hunk Companion, WP Ghost Exploits Drive New WordPress RCE Surge
October 27, 2025
A global wave of remote code execution attacks is targeting outdated WordPress plugins, including GutenKit, Hunk Companion, and WP Ghost.
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.