Google says 90 zero-days were exploited in attacks last year

Google Threat Intelligence Group (GTIG) tracked 90 zero-day vulnerabilities actively exploited throughout 2025, almost half of them in enterprise software and appliances.
SecurityWeek

Cisco Patches Critical Vulnerabilities in Enterprise Networking Products

Cisco has fixed 48 vulnerabilities in Firewall ASA, Secure FMC, and Secure FTD appliances, including two critical-severity ...
IEEE

SQL Injection Attacks Targeting E-Commerce Web Applications: Causes, Consequences, and Prevention Strategies

Abstract: SQL Injections are a type of web application attack, although common, this type of attack was identified to be one of the biggest threats in the digital world and still has continuous growth ...
Microsoft

Analysis of active exploitation of SolarWinds Web Help Desk

The Microsoft Defender Research Team observed a multi‑stage intrusion where threat actors exploited internet‑exposed SolarWinds Web Help Desk (WHD) instances to get an initial foothold and then ...
Redmond Magazine

Microsoft Warns of Active SolarWinds Web Help Desk Exploitation

Microsoft observed active exploitation of internet-exposed SolarWinds Web Help Desk vulnerabilities enabling lateral movement. Attackers abused legitimate tools, PowerShell, and RMM software to ...
Associated Press

AP’s cross-border reporting and high-impact visuals expose exploitation of Bangladeshi workers by Russian military

A single tip to Ukraine correspondent Samya Kullab sparked an international investigation that uncovered a disturbing pattern: Bangladeshi men promised civilian jobs in Russia were instead coerced ...
Infosecurity-magazine.com

SQL Injection Flaw Affects 40,000 WordPress Sites

More than 40,000 WordPress sites using the Quiz and Survey Master plugin have been affected by a SQL injection vulnerability that allowed authenticated users to interfere with database queries. The ...
blockonomi

Vitalik Buterin Calls for “Sovereign Web” to Counter Corporate Digital Exploitation

Buterin defines “corposlop” as corporate systems blending sleek branding with unethical profit maximization. Bitcoin maximalists recognized corporate threats early but relied on government ...
Chicago Sun-Times

Popular gaming platform Roblox enabled sexual exploitation of 9-year-old Chicago-area boy, lawsuit claims

Why are we asking for donations? Why are we asking for donations? This site is free thanks to our community of supporters. Voluntary donations from readers like you keep our news accessible for ...
TechCrunch

OpenAI says AI browsers may always be vulnerable to prompt injection attacks

Even as OpenAI works to harden its Atlas AI browser against cyberattacks, the company admits that prompt injections, a type of attack that manipulates AI agents to follow malicious instructions often ...
World Socialist Web Site

Abuse and exploitation endemic in Australia’s Pacific “guest worker” scheme

According to a report by the Australian Broadcasting Corporation (ABC) on December 5, an estimated 7,200 Pacific Islanders involved in Australia’s “guest worker” scheme have quit their employment over ...