A critical vulnerability in the User Registration & Membership plugin for WordPress is being actively exploited. This flaw allows attackers to create administrator accounts without authentication, affecting over 60,000 sites.

A Chinese state-sponsored threat actor, UAT-9244, has been identified targeting telecommunications providers in South America with a sophisticated malware toolkit. This group is associated with the FamousSparrow and Tropic Trooper groups.

APT36, a Pakistan-linked hacking group, is targeting Indian government networks with AI-generated malware known as "Vibeware." This strategy involves overwhelming security systems with numerous low-quality malware samples.

Passaic County, New Jersey, is dealing with a significant malware attack that has disrupted its phone lines and IT systems. This incident is part of a broader trend of cyberattacks targeting smaller municipalities and healthcare institutions.

A self-propagating JavaScript worm has impacted Wikipedia, vandalizing pages and modifying user scripts. Wikimedia engineers responded by temporarily restricting editing to investigate and mitigate the attack.

The Children's Council of San Francisco has notified 12,655 individuals of a data breach that compromised names and Social Security numbers. The breach, claimed by the ransomware group SafePay, occurred on August 3, 2025.

LastPass users are being targeted by a sophisticated phishing campaign that uses spoofed security alerts to steal master passwords. The campaign involves fake email threads and display name spoofing to deceive users into revealing their credentials.

The "BadPaw" malware campaign targets Ukraine, leveraging a Ukrainian email service to enhance credibility. The attack involves a decoy document referencing a Ukrainian government border crossing appeal.

A threat actor has launched an extortion campaign targeting patrons of restaurants using the HungerRush POS platform. The attacker claims to have access to sensitive customer data and demands a response from HungerRush to prevent data exposure.

Security researchers from Huntress, Jai Minton, and Ryan Dowd, identified malicious GitHub repositories exploiting Bing AI search results to distribute information stealers and GhostSocks malware.