Popular WordPress plugin Gravity Forms compromised in supply-chain attack.
Posted inCybersecurity News

Popular WordPress plugin Gravity Forms compromised in supply-chain attack.

The popular WordPress plugin Gravity Forms has been compromised in a supply-chain attack. For a brief window in July 2025, attackers managed to infect the manual installer packages available for download from the official Gravity Forms website with a backdoor. This incident did not affect automatic updates or installations performed through the built-in plugin updater, only manual downloads and composer installations.
Computer hacker holding a large metal lock and key
Posted inCybersecurity News

Force Push Scanner technique uncovers thousands of sensitive credentials and tokens in GitHub repositories.

White-hat researchers have recently exploited the Force Push Scanner technique to uncover thousands of active secrets in GitHub repositories. Security researcher Sharon Brizinov used the tool to scan "deleted" (dangling) commits and discovered a trove of sensitive credentials, including admin access tokens for major projects like Istio.
Alarm sounded over a critical vulnerability in Wing FTP Server (CVE-2025-47812) that is currently being exploited in the wild.
Posted inCybersecurity News

Alarm sounded over a critical vulnerability in Wing FTP Server (CVE-2025-47812) that is currently being exploited in the wild.

Security researchers and threat intelligence teams are sounding the alarm over a critical vulnerability in Wing FTP Server, tracked as CVE-2025-47812, which is currently being exploited in the wild. The flaw, which affects all versions up to and including 7.4.3, enables remote attackers to execute arbitrary code on vulnerable servers, potentially leading to full system compromise.
Computer hacker with Android robot on desk
Posted inCybersecurity News

Google dusts off its hands. Its job is done. For the first time in nearly a decade, there will be no monthly security update for Android.

In a notable departure from nearly a decade of routine, July 2025 marks the first month since August 2015 that Google has not released any security updates for Android devices. This pause in the monthly update cycle is unprecedented and has drawn attention from both industry experts and the broader Android community.
Computer hacker in front of a Chinese flag
Posted inCybersecurity News

China’s Tencent is trying to shut down online archives of content censored from WeChat.

Tencent, the technology conglomerate behind China’s ubiquitous WeChat platform, is facing criticism from digital rights advocates after allegedly pressuring the shutdown of FreeWeChat.com—a prominent online archive dedicated to preserving content censored from WeChat. The incident has sparked debate about the use of legal tactics to suppress independent documentation of digital censorship in China.
Computer hacker holding a hammer tool
Posted inCybersecurity News

The first practical demonstration (POC) confirms that Rowhammer-style memory attacks can effectively target GPU memory. NVIDIA, meet GPUHammer.

A study from the University of Toronto has revealed that modern graphics processing units (GPUs) are susceptible to Rowhammer-style memory attacks, challenging long-held assumptions about the security of GPU memory. The attack, named GPUHammer, represents the first practical demonstration of a Rowhammer exploit targeting high-performance, discrete GPUs, specifically those utilizing GDDR6 memory.
Computer hacker talking on the phone
Posted inCybersecurity News

Researchers say critical flaws enable malicious actors to hijack smartphone accounts through SIM swap attacks.

A significant security vulnerability affecting embedded Subscriber Identity Module (eSIM) technology has come to light, placing millions of mobile devices at risk of espionage and unauthorized account access. Security researchers have identified critical flaws in the provisioning and management of eSIMs, which could allow malicious actors to intercept communications, perform SIM swap attacks, and gain control over user accounts.