Risk
-
Critical privilege-escalation flaw in King Addons plugin under active exploitation
A high-severity privilege-escalation vulnerability (CVE-2025-8489, CVSS 9.8) in the King Addons for Elementor WordPress plugin is being actively exploited; administrators should update to version 51.1.35, audit for suspicious admin users, and monitor for unusual activity.
-
Water Saci campaign in Brazil uses WhatsApp worm, HTA and Python to deliver banking trojan; RelayNFC Android malware also active
Researchers say the Water Saci group has adopted a layered HTA/PDF/WhatsApp Web worm and a Python-based propagation script to deliver an AutoIt-backed banking trojan in Brazil, while a separate RelayNFC Android threat targets contactless payments.
-
University of Phoenix discloses data breach after Oracle E-Business Suite exploit
The University of Phoenix disclosed a data breach after attackers exploited a zero-day flaw in Oracle E-Business Suite, saying personal and financial records for students, staff and suppliers were accessed; the parent company filed an 8-K and affected individuals will be notified by mail.
-
Three critical bugs in Picklescan could let malicious PyTorch models execute code, researchers say
Researchers disclosed three high-severity vulnerabilities in Picklescan that can be abused to bypass scanning and execute arbitrary code when loading malicious PyTorch models; fixes were released in Picklescan 0.0.31 and related analysis is available from JFrog, SecDim and others.
-
Kensington and Chelsea says data was copied during London councils IT outage
Kensington and Chelsea Council said evidence shows some data was copied and removed during a recent cyber incident affecting a shared IT environment used by three London councils. The authority has not specified what was taken, who is affected or how long attackers had access, and investigations by the NCSC and the Metropolitan Police are…
-
Researchers expose North Korean scheme to rent engineer identities for remote jobs
Security researchers say North Korean recruiters tied to Famous Chollima have been soliciting software engineers to rent their identities, using stolen identities, deepfakes and remote access to secure jobs at Western firms and route activity through compromised machines.
-
Calendly-themed phishing campaign spoofs top brands to hijack ad manager accounts
Security researchers found a targeted phishing campaign using fake Calendly invites and brand impersonation to steal Google Workspace and Facebook business credentials and seize advertising manager accounts for malvertising and other attacks.
-
Iran-linked MuddyWater group deploys MuddyViper backdoor against Israeli targets
Researchers say Iranian-linked MuddyWater has used a new MuddyViper backdoor, delivered via a Fooder loader, to target Israeli organisations across multiple sectors and to harvest credentials and browser data.
-
Google issues December Android security updates, patches 107 flaws including two exploited in the wild
Google released December 2025 Android security patches that fix 107 vulnerabilities across multiple components, including two Framework flaws reported as exploited in the wild; users and manufacturers are urged to apply the 2025-12-01 or 2025-12-05 updates.
-
Long-running ‘ShadyPanda’ campaign amassed more than 4.3 million browser extension installs, researchers say
Researchers say the ShadyPanda campaign turned hundreds of browser extensions into spyware and backdoors, accumulating more than 4.3 million installs across Chrome and Edge and exfiltrating browsing data to multiple domains.
