Vulnerability ManagementCloudflare, Gh0stRAT, npm, North Koreans, Arch, Steam, Documentaries, Aaran Leyland.. – SWN #530November 18, 2025Cloudflare, Gh0stRAT, npm, North Korean Employees, Arch Linux Steam Machine, Documentaries, Aaran Leyland, and more on the Security Weekly News.
Application securityHackers actively exploiting year-old flaws in WordPress plug-insSteve ZurierOctober 28, 2025Vulnerabilities in GutenKit and Hunk Companion plug-ins could lead to remote code execution (RCE).
Vulnerability ManagementPython-socket.io module flaw lets attackers access business serversSteve ZurierOctober 27, 2025Security pros say teams that build apps in python-socket.io should patch right away.
Application securityWhen yesterday’s code becomes today’s threatBrian TrzupekOctober 21, 2025New npm supply chain attack exposes risks of outdated dependencies, highlighting need for real-time code risk alerts.
RansomwareNew Astaroth banking trojan leverages GitHub reposSteve ZurierOctober 13, 2025Malware uses public GitHub repos to store configuration files and redirection instructions.
DevSecOpsAlleged Huawei hack exposes internal source codeSC StaffOctober 9, 2025Cybernews reports that Huawei, the world's leading telecommunications equipment maker, had its data purportedly stolen and peddled on a hacking forum.
Application securityAttackers exploit XXS flaw in Zimbra Collaboration SuiteSteve ZurierOctober 7, 2025The attack leveraged a malicious iCalendar invite over Zimbra email.
Application securityCritical 9.9 Redis vulnerability enables remote code executionLaura FrenchOctober 6, 2025Crafted Lua scripts could be used to trigger a use-after-free flaw in affected instances.