Q1 2025: 159 Vulnerabilities Exploited in the Wild – Is Your Firm Still Behind on Patching? Threat-intelligence analysts have counted 159 distinct CVEs actively exploited in the wild during Q1 2025—a 28 percent rise on the same period last year. Nearly half of the in-use flaws date from 2023 or earlier, confirming that organisations still […]
How Small Vulnerabilities Trigger Big Breaches – Five Lessons from the Front Line A research team from Intruder dissected five real-world security incidents to show how seemingly “low-risk” flaws can snowball into full-scale breaches: 1. SSRF → AWS credential theft – an application followed a 302 redirect to the EC2 metadata service, leaking cloud keys. […]
Phishers Use Real-Time Checks to Outsmart Security Measures According to the report, cybercriminals have begun using real-time checks within phishing campaigns to determine whether a victim’s system or browser is under active security inspection. By performing quick, automated lookups in the moment a user clicks a malicious link, attackers can decide whether to serve genuine […]
Fortinet Cautions Users: Attackers Staying Hidden in Networks Despite Patches Fortinet has issued a warning that cybercriminals continue to lurk in networks even after organisations have patched known vulnerabilities in Fortinet products. Attackers who exploited older flaws have managed to maintain persistence by using compromised credentials, backdoor accounts, or hidden footholds. Although many organisations patched […]
PipeMagic Trojan Exploits Windows CLFS for Stealth Attacks A newly identified PipeMagic trojan exploits the Common Log File System (CLFS) in Windows to launch sophisticated attacks. Security researchers observed the malware injecting itself into system processes using a previously undocumented technique related to Windows’ CLFS driver. This stealthy approach helps bypass many endpoint defences, allowing […]
WordPress Sites Under Threat from Stealthy MU Plugins Cybercriminals are exploiting WordPress MU plugins (commonly known as “must-use” plugins) to maintain persistent access to WordPress sites. By disguising their backdoors or malicious scripts as MU plugins, attackers can evade standard plugin checks and remain undetected. These sneaky plugins load automatically whenever WordPress runs, making it […]
The Top Three MS Office Exploits Hackers Are Using Right Now Recent findings highlight the top three Microsoft Office exploits that cybercriminals are frequently using in real-world attacks. These include flaws in macro-enabled documents, malicious embedded objects, and privilege escalation vulnerabilities—often leveraged via phishing emails or booby-trapped Office files. Attackers exploit users’ trust in familiar […]
10 Critical Network Penetration Test Findings Every Organisation Should Know The article highlights the 10 most common and critical findings from network penetration tests, illustrating how weaknesses in infrastructure, misconfigurations, and unpatched systems can expose organisations to serious threats. It starts by stressing the importance of regular pentesting and quickly dives into each finding: Ensuring […]
Researchers Reveal 46 Critical Security Vulnerabilities in Embedded Systems Researchers have identified 46 critical vulnerabilities affecting a range of embedded systems, including IoT devices and other networked hardware. These flaws pose significant risks, as attackers could potentially exploit them to gain remote access, disrupt operations, or exfiltrate sensitive data. The vulnerabilities affect multiple vendors, some […]
