Over 4,500 exploitation attempts already blocked as attackers target critical flaw allowing password reset hijackingA severe security vulnerability in the Post SMTP WordPress plugin has left more than 400,000 websites exposed to potential account takeover attacks. The flaw, discovered in mid-October 2025, allows unauthenticated attackers to access password reset emails and gain administrative control of

Continue Reading

Ubiquiti Networks has disclosed and patched a critical security vulnerability in its UniFi Access application that could have allowed attackers to bypass authentication and gain unauthorized control over door access systems. If you’re running UniFi Access for physical security management, this is one update you don’t want to skip. In the Security Advisory Bulletin 056,

Continue Reading

The Dovecot team has issued a security advisory for a vulnerability affecting versions 2.4.0 and 2.4.1 of the popular open-source IMAP server. The flaw, identified as CVE-2025-30189, could allow unauthorized access to user accounts under specific configurations. The vulnerability, rated at 7.4 out of 10 on the Common Vulnerability Scoring System (CVSS), is categorized as

Continue Reading

Dell Technologies has issued multiple security advisories addressing critical vulnerabilities across several enterprise products, with fixes now available for systems ranging from cloud platforms to data protection appliances. Organizations using affected Dell products are urged to apply patches immediately to mitigate potential security risks. Two of the most severe advisories carry critical severity ratings, affecting

Continue Reading

A new high-severity vulnerability has been disclosed in Docker Compose, identified as a path traversal flaw in how the tool handles remote OCI (Open Container Initiative) artifacts. The issue, published under advisory GHSA-gv8h-7v7w-r22q, could allow attackers to overwrite arbitrary files on a host system running vulnerable versions of Docker Compose. The flaw was reported and

Continue Reading

Researchers at Check Point have exposed and helped dismantle a large-scale malware operation that exploited YouTube to distribute dangerous software. The campaign, active since at least 2021, used thousands of videos to trick users into downloading credential-stealing programs. The operation relied on a network of compromised and fake YouTube accounts working in coordination. Some uploaded

Continue Reading

TP-Link has issued a security advisory addressing two significant vulnerabilities affecting multiple Omada gateway models. Organizations using these devices should prioritize patching to mitigate potential security risks. While the vulnerabilities require adjacent network access and high-level privileges which limit the attack surface, the critical and high severity ratings reflect the serious nature of these flaws.

Continue Reading

October marks Cybersecurity Awareness Month, an important reminder to stay vigilant about online threats. As cybercriminals become increasingly sophisticated, one group that remains disproportionately targeted is older adults. In 2024, reports show that people aged 60 and above lost a staggering $4.8 billion to fraud, with many of these scams happening on digital platforms like

Continue Reading