A critical unauthenticated SQL injection vulnerability has been discovered in the WordPress Paid Membership Subscriptions plugin, affecting versions up to 2.15.1. It allows unauthenticated attackers to inject malicious SQL queries into the database.

The Pennsylvania Office of Attorney General (OAG) experienced a ransomware attack in August 2025, leading to significant operational disruptions. The attack forced the OAG’s servers offline, impacting both civil and criminal court proceedings.

WhatsApp has patched a critical zero-day, zero-click vulnerability (CVE-2025-55177) that was exploited in a sophisticated spyware campaign. It is a flaw in WhatsApp’s handling of linked device synchronization messages due to incomplete authorization.

A series of cyberattacks against government organizations in Central Asia and the Asia-Pacific has been linked to a threat cluster known as ShadowSilk, according to new research by Group-IB.

A former software developer has been sentenced to four years in prison for deploying malicious code within the network of his US-based employer, causing widespread disruption and financial losses.

The breach, claimed by the Warlock ransomware group, exposed data of approximately 850,000 customers, including SIM card numbers and PUK codes—critical elements that can be exploited to hijack mobile identities and bypass MFA protections.

TPG Telecom confirmed the following data was compromised: - 280,000 active iiNet email addresses - 20,000 active iiNet landline phone numbers - 10,000 iiNet usernames, street addresses, and phone numbers - 1,700 modem setup passwords

On August 14, the telecommunications giant publicly confirmed that an internal system was breached. Although this system was disconnected from its customer-facing infrastructure, the company has taken some systems offline in respond to the incident.

A sophisticated wave of fraudulent “AI-powered” trading platforms is targeting global investors using deepfake technology and coordinated online deception. These exploit artificial intelligence to impersonate public figures and fabricate credibility.

The most common initial access vectors included: VPN accounts – 23.5% Domain user accounts – 19.9% Remote Desktop Protocol (RDP) – 16.7% Such access enables threat actors to perform lateral movement, defense evasion, and data exfiltration.