A critical vulnerability in Control Web Panel (CWP), tracked as CVE-2025-48703, allows remote, unauthenticated command execution.
The post CISA Warns of CWP Vulnerability Exploited in the Wild appeared first on SecurityWeek.
CISA Adds Gladinet and CWP Flaws to KEV Catalog Amid Active Exploitation Evidence
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added two security flaws impacting Gladinet and Control Web Panel (CWP) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.
The vulnerabilities in question are listed below –
The vulnerabilities in question are listed below –
CVE-2025-11371 (CVSS score: 7.5) – A vulnerability in files or directories accessible to
Hackers exploit WordPress plugin Post SMTP to hijack admin accounts
Threat actors are actively exploiting a critical vulnerability in the Post SMTP plugin installed on more than 400,000 WordPress sites, to take complete control by hijacking administrator accounts. […]
Apache OpenOffice disputes data breach claims by ransomware gang
The Apache Software Foundation disputes claims that its OpenOffice project suffered an Akira ransomware attack, after the threat actors claimed to have stolen 23 GB of corporate documents. […]
Malicious Android apps on Google Play downloaded 42 million times
Hundreds of malicious Android apps on Google Play were downloaded more than 40 million times between June 2024 and May 2025, notes a report from cloud security company Zscaler. […]
Microsoft removing Defender Application Guard from Office
Microsoft plans to remove Defender Application Guard from Office by December 2027, starting with the February 2026 release of Office version 2602. […]
A Cybercrime Merger Like No Other — Scattered Spider, LAPSUS$, and ShinyHunters Join Forces
The nascent collective that combines three prominent cybercrime groups, Scattered Spider, LAPSUS$, and ShinyHunters, has created no less than 16 Telegram channels since August 8, 2025.
“Since its debut, the group’s Telegram channels have been removed and recreated at least 16 times under varying iterations of the original name – a recurring cycle reflecting platform moderation and the operators’
“Since its debut, the group’s Telegram channels have been removed and recreated at least 16 times under varying iterations of the original name – a recurring cycle reflecting platform moderation and the operators’
Data breach at major Swedish software supplier impacts 1.5 million
The Swedish Authority for Privacy Protection (IMY) is investigating a cyberattack on IT systems supplier Miljödata that exposed data belonging to 1.5 million people. […]
Media giant Nikkei reports data breach impacting 17,000 people
Japanese publishing giant Nikkei announced earlier today that its Slack messaging platform had been compromised, exposing the personal information of over 17,000 employees and business partners. […]
Critical Flaw in Popular React Native NPM Package Exposes Developers to Attacks
Arbitrary command/code execution has been demonstrated through the exploitation of CVE-2025-11953 on Windows, macOS and Linux.
The post Critical Flaw in Popular React Native NPM Package Exposes Developers to Attacks appeared first on SecurityWeek.