Security & IT News

Grafana has disclosed that an "unauthorized party" obtained a token that granted them the ability to access the company's GitHub environment and download its codebase. "Our investigation has determined that no customer data or personal information was accessed during this incident, and we have found no evidence of impact to customer systems or operations," Grafana said in a series of

A security researcher claims Microsoft quietly fixed an Azure Backup for AKS vulnerability after rejecting his report, and without issuing a CVE. Microsoft disputes the claim, telling BleepingComputer the behavior was expected and that "no product changes were made," despite the researcher documenting a silent fix. [...]

A critical security vulnerability impacting the Funnel Builder plugin for WordPress has come under active exploitation in the wild to inject malicious JavaScript code into WooCommerce checkout pages with the goal of stealing payment data. Details of the activity were published by Sansec this week. The vulnerability currently does not have an official CVE identifier. It

The Russian hacker group Secret Blizzard has developed its long-running Kazuar backdoor into a modular peer-to-peer (P2P) botnet designed for long-term persistence, stealth, and data collection. [...]

Explore AI voice cloning technology, leading companies, real-world uses, ethical risks, and future trends shaping synthetic voices.

Critical Claw Chain vulnerabilities in OpenClaw expose thousands of AI servers to data theft, backdoors, and admin-level attacks globally this week. .

Article about the bigfin squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Blog moderation policy.

AI agents are reshaping cybersecurity. Learn why verification, trusted identity standards, and runtime controls are now essential.

A critical vulnerability in the Funnel Builder plugin for WordPress is being actively exploited to inject malicious JavaScript snippets into WooCommerce checkout pages. [...]

Weaponizing a text editor for fun and profit Gather round, dear readers, because today, we (by we, we mean @h00die) dropped the ultimate persistence mechanism: Vim plugin persistence. And honestly, calling it "persistence" feels redundant — Vim is already the most persistent thing ever. Somewhere, somehow, there will still be a Vim session open since 2011, because no one has figured out how to close it. So we are not so much establishing a foothold here as we are joining an existing hostage situation. Elsewhere this week, Marvell's QConvergeConsole has been caught handing arbitrary files to unauthenticated visitors, as is tradition (CVE-2025-6793), GestioIP 3.5.7 ships an upload handler, so trusting it will cheerfully let an admin overwrite the handler with a backdoor and then dutifully execute it (CVE-2024-48760). And of course, we can't forget about Dolibarr ERP/CRM, which blocks PHP injections by checking — and we cannot stress this enough — by searching for string ?php. So @M4nu02 brought an elaborate module which changes ?php to ?PHP in the payload to successfully bypass this mitigation (CVE-2023-30253). Truly a wonderful time to be alive. New module content (4) Marvell QConvergeConsole Path Traversal (CVE-2025-6793) Authors: Michael Heinzl and rgod Type: Auxiliary Pull request: #21322 contributed by h4x-x0r Path: gather/qconvergeconsole_traversal CVE reference: ZDI-25-450 Description: This adds a new auxiliary module that exploits a path traversal vulnerability (CVE-2025-6793) in Marvell QConvergeConsole to read arbitrary files from the target host. Marvell QConvergeConsole versions 5.5.0.85 and earlier are vulnerable, and no authentication is required to exploit the issue. VIM Plugin Persistence Author: h00die Type: Exploit Pull request: #21206 contributed by h00die Path: linux/persistence/vim_plugin Description: This adds a new Linux persistence module, which establishes persistence by writing a Vim plugin to the target user's ~/.vim/plugin/ directory. The next time that user launches Vim, the plugin executes the configured payload and opens a new session as that user. GestioIP 3.5.7 Remote Command Execution Authors: maxibelino and odeez24 Type: Exploit Pull request: #21041 contributed by Odeez24 Path: multi/http/gestioip_rce AttackerKB reference: CVE-2024-48760 Description: This adds an exploit module for an authenticated remote code execution vulnerability in GestioIP 3.5.7 (CVE-2024-48760). An attacker with admin credentials can abuse the unsafe upload handler at /api/upload.cgi to overwrite the script itself with a backdoor, which is then invoked to execute attacker-supplied commands. Dolibarr ERP/CRM Authenticated Code Injection Authors: Emanuele Cervelli and Tinexta Cyber Offensive Security Team Type: Exploit Pull request: #21362 contributed by M4nu02 Path: unix/http/dolibarr_cms_rce_cve_2023_30253 AttackerKB reference: CVE-2023-30253 Description: This adds a new exploit module for Dolibarr ERP/CRM (CVE-2023-30253), an authenticated

The tech company that maintains the hotel check-in system set its cloud storage to public, allowing anyone to access customers' data without a password.

​During the second day of Pwn2Own Berlin 2026, competitors collected $385,750 in cash awards after exploiting 15 unique zero-day vulnerabilities in multiple products, including Windows 11, Microsoft Exchange, and Red Hat Enterprise Linux for Workstations. [...]

Hackers have injected credential-stealing malware into newly published versions of node-ipc, a popular inter-process communication package, in a new supply chain attack targeting npm. [...]

The Russian state-sponsored hacking group known as Turla has transformed its custom backdoor Kazuar into a modular peer-to-peer (P2P) botnet that's engineered for stealth and persistent access to compromised hosts. Turla, per the U.S. Cybersecurity and Infrastructure Security Agency (CISA), is assessed to be affiliated with Center 16 of Russia's Federal Security Service (FSB)

Hackers are hiding XWorm malware in PyInstaller files to bypass Windows security, steal data and remotely control devices through ads.

Two vulnerabilities in the Avada Builder plugin for WordPress, with an estimated one million active installations, allow hackers to read arbitrary files and extract sensitive information from the database. [...]

While the summit appeared cordial, China remains a key adversary of the United States, given its advanced intelligence and espionage capabilities.

Microsoft is updating the Edge web browser to ensure it no longer loads saved passwords into process memory in clear text at startup after previously stating it was "by design." [...]

A new Gremlin stealer variant has evolved into a modular toolkit with advanced evasion and data theft capabilities, according to new Unit 42 research

Stolen browser sessions and authentication tokens are becoming more valuable than stolen passwords. Flare explains how the REMUS infostealer evolved around session theft and operational scalability. [...]