WordPress Sites Under Attack Due to Old Plugin Flaws in GutenKit and Hunk Companion
A large-scale hacking campaign is targeting WordPress websites that are still using outdated versions of the GutenKit and Hunk Companion plugins.
Bijay Pokharel,
October 25, 2025
2 min read
Hackers Are Actively Targeting Critical SessionReaper Bug in Adobe Commerce
Hackers are now actively exploiting a major security flaw known as SessionReaper, tracked as CVE-2025-54236, in Adobe Commerce platforms, previously called Magento.
Bijay Pokharel,
October 23, 2025
2 min read
Russian Hacker Group Star Blizzard Deploys New Robot Malware in Sophisticated Cyber-Espionage Campaigns
The Russian state-backed hacker group Star Blizzard, also known as ColdRiver, UNC4057, and Callisto, has intensified its cyber-espionage operations with new malware families that evolve rapidly to evade detection.
Bijay Pokharel,
October 22, 2025
3 min read
TP-Link Warns of Critical Command Injection Flaws in Omada Gateway Devices
TP-Link has issued an urgent security advisory warning users of multiple command injection vulnerabilities found in its Omada gateway devices.
Bijay Pokharel,
October 22, 2025
2 min read
China Accuses U.S. of Hacking National Time Center and Stealing Sensitive Data
China has accused the United States of conducting long-term cyberattacks on its National Time Service Center, claiming that the breaches could have endangered the country’s communication systems, financial networks, power grids, and even the international standard time.
Bijay Pokharel,
October 20, 2025
1 min read
Experian Netherlands Fined €2.7 Million for Misusing Personal Data Under GDPR
Experian Netherlands has been fined €2.7 million ($3.2 million) by the Dutch Data Protection Authority (AP) for multiple violations of the General Data Protection Regulation (GDPR).
Bijay Pokharel,
October 20, 2025
2 min read
Cybercriminals Using TikTok Videos to Spread Malware Disguised as Free Software Activation Guides
Cybercriminals are now using TikTok to trick users into downloading malware by pretending to share free activation guides for popular software like Windows, Spotify, and Netflix.
Bijay Pokharel,
October 20, 2025
2 min read
North Korean Hackers Use Blockchain Smart Contracts to Spread Malware and Steal Cryptocurrency
North Korean hackers have started using a new method called EtherHiding to hide and deliver malware through blockchain smart contracts.
Bijay Pokharel,
October 17, 2025
3 min read
Microsoft Disrupts Rhysida Ransomware Wave Targeting Teams Users
Microsoft has disrupted a surge of Rhysida ransomware attacks in early October by revoking over 200 certificates used to sign fake Microsoft Teams installers.
Bijay Pokharel,
October 17, 2025
2 min read
MANGO Alerts Customers of Data Breach After Marketing Vendor Hack
Spanish fashion retailer MANGO has begun notifying customers about a data breach involving one of its external marketing service providers.
Bijay Pokharel,
October 16, 2025
1 min read
College Student Sentenced to 4 Years for Massive PowerSchool Cyberattack
A 19-year-old college student, Matthew D. Lane from Worcester, Massachusetts, has been sentenced to four years in prison for orchestrating a major cyberattack on PowerSchool in December 2024 that led to a massive data breach.
Bijay Pokharel,
October 16, 2025
1 min read
UK Fines Capita £14 Million for 2023 Data Breach Affecting 6.6 Million People
The UK’s Information Commissioner’s Office (ICO) has fined Capita £14 million ($18.7 million) for a 2023 data breach that exposed the personal information of around 6.6 million people.
Bijay Pokharel,
October 16, 2025
1 min read
U.S. Seizes $15 Billion in Bitcoin Linked to Massive Prince Group Crypto Scam
The U.S. Department of Justice has seized $15 billion worth of bitcoin from the leader of the Prince Group, a massive criminal network accused of running large-scale cryptocurrency investment scams, often known as “romance baiting” or “pig butchering.”
Bijay Pokharel,
October 15, 2025
2 min read
Oracle Quietly Fixes Actively Exploited E-Business Suite Vulnerability After Exploit Leak
Oracle has quietly released an out-of-band update that fixes a critical vulnerability in Oracle E-Business Suite tracked as CVE 2025 61884 after a proof of concept exploit was leaked by the ShinyHunters extortion group.
Bijay Pokharel,
October 15, 2025
2 min read
Chinese Hackers Exploit ArcGIS Tool to Stay Hidden for Over a Year
Chinese state-sponsored hackers reportedly went undetected for more than a year by turning a legitimate ArcGIS component into a stealthy web shell, allowing deep access to targeted systems.
Bijay Pokharel,
October 15, 2025
2 min read
5CA Denies Breach After Discord Data Leak Involving 70,000 ID Photos
5CA, a customer service company that works with Discord, has denied being the source of a recent data breach that may have exposed 70,000 users’ government ID photos.
Bijay Pokharel,
October 15, 2025
2 min read
Microsoft Restricts Internet Explorer Mode in Edge After Zero-Day Exploit Found
Microsoft has restricted access to Internet Explorer (IE) mode in its Edge browser after discovering that hackers were exploiting zero-day vulnerabilities in the Chakra JavaScript engine to gain control of users’ devices.
Bijay Pokharel,
October 14, 2025
2 min read
Harvard University Investigates Possible Data Breach After Clop Ransomware Claim
Harvard investigates Clop ransomware claim exploiting Oracle E-Business Suite zero-day with patch applied and limited impact reported
Bijay Pokharel,
October 13, 2025
2 min read
Qantas Confirms Customer Data Leaked After Major Cyber Breach
Qantas Airways has confirmed that customer data stolen during a major cyberattack in July has now been published online by cybercriminals.
Bijay Pokharel,
October 13, 2025
1 min read
FBI Seizes BreachForums Domain Used by ShinyHunters in Salesforce Data Leak Extortion Scheme
The FBI and French authorities have seized the BreachForums domain used by the ShinyHunters group in Salesforce data leak extortion attacks, gaining access to forum databases and backend servers.
Bijay Pokharel,
October 11, 2025
2 min read





