Vulnerabilities
-
Mass attacks exploit outdated GutenKit and Hunk Companion WordPress plugins
A mass exploitation campaign is targeting WordPress sites running outdated GutenKit and Hunk Companion plugins, leveraging three critical vulnerabilities that can lead to remote code execution; Wordfence said it blocked 8.7 million attack attempts over two days and urged administrators to update plugins and check for indicators of compromise.
-
Microsoft issues out-of-band fix for WSUS vulnerability CVE-2025-59287
Microsoft released an out-of-band cumulative update to address CVE-2025-59287, a critical WSUS deserialization vulnerability being exploited in the wild; admins should apply the patch or disable WSUS/block ports 8530 and 8531 until systems can be rebooted after updating.
-
Researchers find self‑propagating ‘GlassWorm’ targeting VS Code extensions using Solana for command control
Researchers have found a self‑spreading worm called GlassWorm that infects VS Code extensions on Open VSX and the Microsoft Marketplace, uses the Solana blockchain and Google Calendar for command control, and steals developer credentials and cryptocurrency assets.
-
Researchers warn spoofed AI sidebars can trick Atlas and Comet users into dangerous actions
Security researchers at SquareX say they can use a malicious browser extension to overlay a fake AI sidebar in Atlas and Comet, tricking users into phishing pages, OAuth theft of Gmail/Drive access, or running commands that install a reverse shell.
-
CISA Adds Critical Lanscope Endpoint Manager Flaw to KEV Catalog
CISA added CVE-2025-61932, a critical arbitrary-code vulnerability in Motex Lanscope Endpoint Manager, to its Known Exploited Vulnerabilities catalog and said it is being actively exploited; Motex has released patched versions and agencies are advised to remediate by Nov. 12, 2025.
-
BIND flaws could enable DNS cache poisoning; patches issued
BIND developers warned of two vulnerabilities, CVE-2025-40778 and CVE-2025-40780, that can enable DNS cache poisoning by allowing forged responses to be accepted; patches were released and operators are urged to apply them.
-
Hackers exploit critical SessionReaper flaw in Adobe Commerce, Sansec says
E-commerce security firm Sansec reported active exploitation of the critical SessionReaper flaw (CVE-2025-54236) in Adobe Commerce, blocking over 250 attempts and warning that a majority of stores remain unpatched.
-
High-severity parsing flaw in async-tar and forks could enable file overwrite and RCE
A boundary parsing flaw in async-tar and forks including tokio-tar, tracked as CVE-2025-62518 and dubbed TARmageddon, can allow nested TARs to be treated as outer entries and be used to overwrite files and enable remote code execution; users are advised to migrate to astral-tokio-tar v0.5.6.
-
TP-Link issues firmware updates for Omada gateways to fix four vulnerabilities, including two critical bugs
TP-Link released firmware updates for Omada gateway devices to fix four vulnerabilities, including two critical command injection flaws; users are advised to apply updates and verify device configurations.
-
Researchers Exploit 34 Zero‑Days on Opening Day of Pwn2Own Ireland 2025
On the opening day of Pwn2Own Ireland 2025 researchers exploited 34 zero‑day vulnerabilities and won $522,500 in prizes; Team DDOS earned $100,000 for chaining multiple flaws to compromise a QNAP router and NAS, and the Summoning Team led the leaderboard after day one.
