Vulnerabilities
-
Critical authentication bypass in JobMonster WordPress theme exploited, users urged to patch
A critical authentication bypass (CVE-2025-5397) in the JobMonster WordPress theme is being actively targeted; Wordfence blocked multiple attempts. The flaw affects versions up to 4.8.1, requires social login to be enabled, and was fixed in version 4.8.2. Administrators should update or disable social login and enable two-factor authentication.
-
Google AI agent Big Sleep credited with finding five WebKit bugs in Safari; Apple issues patches
Apple credited Google’s AI agent Big Sleep with finding five WebKit vulnerabilities affecting Safari that could cause crashes or memory corruption; Apple issued patches in iOS 26.1, macOS Tahoe 26.1, tvOS 26.1, watchOS 26.1, visionOS 26.1 and Safari 26.1 and urged users to update.
-
Malicious Open VSX extension delivers SleepyDuck RAT and uses Ethereum contract for fallback control
Researchers warned that a malicious Open VSX extension, juan-bianco.solidity-vlang, installs a SleepyDuck remote access trojan that uses an Ethereum smart contract and a fallback RPC mechanism to update its command-and-control details.
-
Microsoft finds SesameOp backdoor that uses OpenAI Assistants API for C2
Microsoft’s DART reported discovery of a custom .NET backdoor called SesameOp that uses the OpenAI Assistants API as a covert command-and-control channel; Microsoft shared its findings with OpenAI, which disabled a suspected API key, and the victim remains unnamed.
-
Researchers detail BankBot‑YNRK and DeliveryRAT Android trojans that steal credentials and payment data
Researchers say two Android trojans, BankBot‑YNRK and DeliveryRAT, have been observed harvesting credentials, payment and device data; reports from CYFIRMA and F6 detail targeted device checks, use of accessibility services, persistence mechanisms and distribution via fake apps and malware‑as‑a‑service.
-
Australia warns of ongoing BADCANDY attacks on unpatched Cisco IOS XE devices
The Australian Signals Directorate warned of ongoing attacks using a Lua-based web shell called BADCANDY that exploits CVE-2023-20198 in unpatched Cisco IOS XE devices, estimated to have affected about 400 devices in Australia since July 2025 and urging patching and hardening measures.
-
China-linked Tick group exploits Lanscope flaw to deploy Gokcpdoor backdoor
A critical Lanscope Endpoint Manager flaw (CVE-2025-61932, CVSS 9.3) has been exploited by the Tick espionage group to deploy a Gokcpdoor backdoor and other tooling, with JPCERT/CC confirming active abuse and researchers advising prompt patching and review of internet-exposed servers.
-
CISA adds VMware local privilege‑escalation zero-day to Known Exploited Vulnerabilities catalog
CISA added CVE-2025-41244, a high-severity VMware local privilege‑escalation flaw, to its Known Exploited Vulnerabilities catalog after reports of active exploitation. Broadcom-owned VMware has issued a patch, NVISO Labs reported zero-day use since October 2024, and federal agencies must apply mitigations by Nov. 20, 2025.
-
Researcher discloses ‘Brash’ flaw that can crash Chromium-based browsers by spamming tab title
A researcher has published details of ‘Brash’, a vulnerability in Chromium’s Blink engine that can crash Chromium-based browsers by rapidly updating the document.title field, causing massive DOM mutations and UI thread saturation.
-
Attackers exploit patched WSUS flaw to deploy infostealer on unpatched Windows servers
Attackers have been observed exploiting CVE-2025-59287 in WSUS to deploy an infostealer on unpatched Windows servers, exfiltrate data to webhook.site URLs and use follow-up tooling including Velociraptor and a UPX-packed Skuld Stealer; agencies and vendors are urging immediate patching and investigation.
