OttoKit WordPress Plugin Admin Creation Vulnerability Under Active Exploitation

A newly disclosed high-severity security flaw impacting OttoKit (formerly SureTriggers) has come under active exploitation within a few hours of public disclosure.
The vulnerability, tracked as CVE-2025-3102 (CVSS score: 8.1), is an authorization bypass bug that could permit an attacker to create administrator accounts under certain conditions and take control of susceptible websites.
“The

The Hacker News – ​Read More

Nakasone on Cyber Command, NSA firings and the future of the ‘dual-hat’ relationship

Nakasone said he didn’t know “what really occurred” and has not spoken to either Haugh or Noble since the presidential decisions were made, but he lauded both of them as “extraordinary leaders.”

The Record from Recorded Future News – ​Read More

Zero-Day in CentreStack File Sharing Platform Under Attack

Gladinet’s platform is widely used among managed service providers, and a critical deserialization flaw could put MSP customers in jeopardy.

darkreading – ​Read More

US to sign Pall Mall pact aimed at countering spyware abuses

The U.S. plans to sign an international agreement designed to govern the use of commercial spyware, the State Department said Thursday.

The Record from Recorded Future News – ​Read More

npm Malware Targets Atomic and Exodus Wallets to Hijack Crypto Transfers

ReversingLabs reveals a malicious npm package targeting Atomic and Exodus wallets, silently hijacking crypto transfers via software patching.

Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – ​Read More

AuthZEN Aims to Harmonize Fractured Authorization Controls

Managing permissions and authorizations across dozens or hundreds of cloud services and platforms poses significant headaches for companies. An open specification aims to change that.

darkreading – ​Read More

Writer unveils ‘AI HQ’ platform, betting on agents to transform enterprise work


Writer unveils AI HQ platform to transform enterprise work with autonomous agents that execute complex workflows across systems, potentially reducing workforce needs while delivering measurable ROI on AI investments.Read More

Security News | VentureBeat – ​Read More

Open Source Poisoned Patches Infect Local Software

Malicious packages lurking on open source repositories like npm have become less effective, so cyberattackers are using a new strategy: offering “patches” for locally installed programs.

darkreading – ​Read More

Google Eyes User Browsing Data Search in New Patent Filing

Tech giant Google may soon help users find content they’ve previously seen, not by searching the web but by scanning their own digital history.

Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – ​Read More