All new extensions will be required to declare their data collection practices in their manifest file using a specific key.
The post New Firefox Extensions Required to Disclose Data Collection Practices appeared first on SecurityWeek.
Category Added in a WPeMatico Campaign
Year-Old WordPress Plugin Flaws Exploited to Hack Websites
Roughly 9 million exploit attempts were observed this month as mass exploitation of the critical vulnerabilities recommenced.
The post Year-Old WordPress Plugin Flaws Exploited to Hack Websites appeared first on SecurityWeek.
Ransomware Payments Dropped in Q3 2025: Analysis
Coveware has attributed the drop to large enterprises increasingly refusing to pay up and smaller amounts paid by mid-market firms.
The post Ransomware Payments Dropped in Q3 2025: Analysis appeared first on SecurityWeek.
Chrome Zero-Day Exploitation Linked to Hacking Team Spyware
The threat actor behind Operation ForumTroll used the same toolset typically employed in Dante spyware attacks.
The post Chrome Zero-Day Exploitation Linked to Hacking Team Spyware appeared first on SecurityWeek.
$1M WhatsApp Hack Flops: Only Low-Risk Bugs Disclosed to Meta After Pwn2Own Withdrawal
WhatsApp told SecurityWeek that the two low-impact vulnerabilities cannot be used for arbitrary code execution.
The post $1M WhatsApp Hack Flops: Only Low-Risk Bugs Disclosed to Meta After Pwn2Own Withdrawal appeared first on SecurityWeek.
OpenAI Atlas Omnibox Is Vulnerable to Jailbreaks
Researchers have discovered that a prompt can be disguised as an url, and accepted by Atlas as an url in the omnibox.
The post OpenAI Atlas Omnibox Is Vulnerable to Jailbreaks appeared first on SecurityWeek.
Critical Windows Server WSUS Vulnerability Exploited in the Wild
CVE-2025-59287 allows a remote, unauthenticated attacker to execute arbitrary code and a PoC exploit is available.
The post Critical Windows Server WSUS Vulnerability Exploited in the Wild appeared first on SecurityWeek.
Hackers Target Perplexity Comet Browser Users
Shortly after the browser was launched, numerous fraudulent domains and fake applications were discovered.
The post Hackers Target Perplexity Comet Browser Users appeared first on SecurityWeek.
North Korean Hackers Aim at European Drone Companies
Lazarus has used fake job offers in attacks targeting companies developing UAV technology, for information theft.
The post North Korean Hackers Aim at European Drone Companies appeared first on SecurityWeek.
In Other News: iOS 26 Deletes Spyware Evidence, Shadow Escape Attack, Cyber Exec Sold Secrets to Russia
Other noteworthy stories that might have slipped under the radar: Everest group takes credit for Collins Aerospace hack, Maryland launches VDP, gamers targeted with red teaming tool and RAT.
The post In Other News: iOS 26 Deletes Spyware Evidence, Shadow Escape Attack, Cyber Exec Sold Secrets to Russia appeared first on SecurityWeek.