Top 3 MS Office Exploits Hackers Use in 2025 – Stay Alert!

Hackers have long used Word and Excel documents as delivery vehicles for malware, and in 2025, these tricks are far from outdated. From phishing schemes to zero-click exploits, malicious Office files are still one of the easiest ways into a victim’s system.
Here are the top three Microsoft Office-based exploits still making the rounds this year and what you need to know to avoid them.
1.

The Hacker News – ​Read More

Which Top Cybersecurity Role of 2024 Was Featured in 64,000+ Job Postings?

IT and security workforce management firm CyberSN surveyed job listings from 2022 to 2024. Yes, decreases in demand for some job titles may be related to AI.

Security | TechRepublic – ​Read More

150,000 Sites Compromised by JavaScript Injection Promoting Chinese Gambling Platforms

An ongoing campaign that infiltrates legitimate websites with malicious JavaScript injects to promote Chinese-language gambling platforms has ballooned to compromise approximately 150,000 sites to date.
“The threat actor has slightly revamped their interface but is still relying on an iframe injection to display a full-screen overlay in the visitor’s browser,” c/side security analyst Himanshu

The Hacker News – ​Read More

NHS vendor Advanced to pay £3M fine following 2022 ransomware attack

NHS vendor Advanced will pay just over £3 million ($3.8 million) in fines for not implementing basic security measures before it suffered a ransomware attack in 2022, the U.K.’s data protection regulator has confirmed.  It’s half the fine that the Information Commissioner’s Office had initially sought in August 2024, when the data watchdog said it […]

Security News | TechCrunch – ​Read More

CISA Warns of Sitecore RCE Flaws; Active Exploits Hit Next.js and DrayTek Devices

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two six-year-old security flaws impacting Sitecore CMS and Experience Platform (XP) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
The vulnerabilities are listed below –

CVE-2019-9874 (CVSS score: 9.8) – A deserialization vulnerability in the Sitecore.Security.AntiCSRF

The Hacker News – ​Read More

NetApp SnapCenter Flaw Could Let Users Gain Remote Admin Access on Plug-In Systems

A critical security flaw has been disclosed in NetApp SnapCenter that, if successfully exploited, could allow privilege escalation.
SnapCenter is an enterprise-focused software that’s used to manage data protection across applications, databases, virtual machines, and file systems, offering the ability to backup, restore, and clone data resources.

The vulnerability, tracked as

The Hacker News – ​Read More

Internet Archive (Archive.org) Goes Down Following “Power Outage”

The Internet Archive (Archive.org), home to the Wayback Machine, is temporarily offline due to a reported power outage.…

Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News – ​Read More

British company Advanced fined £3m by privacy regulator over ransomware attack

A business that provides IT services to numerous healthcare providers in the United Kingdom has been fined about $4 million by the country’s privacy regulator over a ransomware attack in 2022.

The Record from Recorded Future News – ​Read More

Security Expert Troy Hunt Lured in by Mailchimp Phish

Hunt quickly took to his blog to notify the public of the breach and provide further details on how this could have happened.

darkreading – ​Read More

Mike Waltz Left His Venmo Friends List Public

A WIRED review shows national security adviser Mike Waltz, White House chief of staff Susie Wiles, and other top officials left sensitive information exposed via Venmo—until WIRED asked about it.

Security Latest – ​Read More