Post SMTP plugin flaw exposes 200K WordPress sites to hijacking attacks
More than 200,000 WordPress websites are using a vulnerable version of the Post SMTP plugin that allows hackers to take control of the administrator account. [...]
Vulnerabilities are flaws attackers can exploit to access systems or data; timely patching, isolation, and least privilege reduce the impact.
Search across headline titles and summaries.
Background for this topic.
A vulnerability is a weakness in a system’s design, code, configuration, or operating process that could allow an attacker to violate a security requirement. It may affect software, hardware, networks, cloud services, or exposed interfaces, and is not automatically exploitable: practical risk depends on factors such as exposure, required privileges, available attack paths, and existing controls. Outcomes can include unauthorized access, information disclosure, code execution, or disruption of service.
Effective vulnerability management combines accurate asset inventory with code review, security testing, scanning, and trusted vulnerability intelligence. Organizations should prioritize weaknesses affecting reachable, business-critical systems—especially when exploitation is known or requires little access—then patch or otherwise mitigate them and verify the fix. Where patching is delayed, controls such as disabling an exposed feature, restricting network access, or strengthening authentication can reduce the attack surface. Records should preserve affected versions, risk decisions, remediation owners, and validation results.
More than 200,000 WordPress websites are using a vulnerable version of the Post SMTP plugin that allows hackers to take control of the administrator account. [...]
State Seeks Public Input on New Reporting Rules and Regulations for Water SectorNew York State has unveiled a comprehensive set of water and wastewater cybersecurity regulations aimed at bolstering defenses for the vulnerable critical infrastructure sector, in addition to a new competitive investment program to help modernize under-resourced entities.
Sean Plankey Dodges Election Security Questions in Senate Confirmation HearingSean Plankey, a former Energy Department and National Security Council cybersecurity official, faced tough questions from lawmakers about President Donald Trump's false claims of voting machine vulnerabilities and election fraud in the 2020 election during his Thursday confirmation hearing.
Threat hunters have disclosed two different malware campaigns that have targeted vulnerabilities and misconfigurations across cloud environments to deliver cryptocurrency miners
Sean Plankey Dodges Election Security Questions in Senate Confirmation HearingSean Plankey, a former Energy Department and National Security Council cybersecurity official, faced tough questions from lawmakers about President Donald Trump's false claims of voting machine vulnerabilities and election fraud in the 2020 election during his Thursday confirmation hearing.
Shadowserver claims miscreants were already poking at a critical hole in early July, long before Switchzilla patched it Threat actors have actively exploited a newly patched vulnerability in Cisco's Identity Services Engine (ISE) software since early July, weeks before the networking giant got around to issuing a fix.…
Mitel has released security updates to address a critical security flaw in MiVoice MX-ONE that could allow an attacker to bypass authentication protections
Mitel Networks has released security updates to patch a critical-severity authentication bypass vulnerability impacting its MiVoice MX-ONE enterprise communications platform. [...]
Sophos and SonicWall have alerted users of critical security flaws in Sophos Firewall and Secure Mobile Access (SMA) 100 Series appliances that could be exploited to achieve remote code execution. The two vulnerabilities impacting Sophos Firewall are listed below - CVE-2025-6704 (CVSS score: 9.8) - An arbitrary file writing vulnerability in the Secure PDF eXchange (SPX) feature can lead
Microsoft said Chinese actor Storm-2603 is deploying Warlock ransomware following the exploitation of vulnerabilities in on-prem SharePoint systems
SonicWall urges customers to patch SMA 100 series appliances against a critical authenticated arbitrary file upload vulnerability that can let attackers gain remote code execution. [...]
A Chinese hacking group is deploying Warlock ransomware on Microsoft SharePoint servers vulnerable to widespread attacks targeting the recently patched ToolShell zero-day exploit chain. [...]
Chinese threat actors have been feeding off the same Ivanti RCE vulnerabilities we've known about since last year, partly thanks to complications in patching.
Researchers Find Flaws in Tridium Niagara FrameworkVulnerabilities in Honeywell smart building middleware could allow hackers to manipulate physical systems or disable security alarms, warn security researchers. Hackers would already need access to the network. An attack would also depend on the Tridium Niagara customer not encrypting Syslog data.
US DOE among breached government agencies More than 400 organizations have been compromised in the Microsoft SharePoint attack, according to Eye Security, which initially sounded the alarm on the mass exploitation last Friday, even before Redmond confirmed the critical vulnerabilities.…
As crawlers and bots bog down websites in the era of AI, some researchers say that the solution for the Internet's most vulnerable websites is already here.
The threat actor behind the exploitation of vulnerable Craft Content Management System (CMS) instances has shifted its tactics to target Magento CMS and misconfigured Docker instances
Threat actors are piling on the zero-day vulnerabilities in SharePoint, including at least three Chinese nation-state cyberespionage groups.
Unknown threat actors have breached the National Nuclear Security Administration's network in attacks exploiting a recently patched Microsoft SharePoint zero-day vulnerability chain. [...]
Unknown threat actors have reportedly breached the National Nuclear Security Administration's (NNSA) network in attacks exploiting a recently patched Microsoft SharePoint zero-day vulnerability chain. [...]