A critical command-injection bug in ICTBroadcast (an autodialer / call-center platform) — tracked as CVE-2025-2611 (CVSS ~9.3) — is being actively exploited in the wild. Researchers observed attackers using specially crafted HTTP requests that abuse unsafe handling of a session cookie (the BROADCAST cookie) to execute shell commands on exposed servers. Intelligence firms report ~200 internet-facing ICTBroadcast instances appear exposed, with attackers following a two-stage pattern (time-based probe, then attempts to establish reverse shells). Defenders must treat any exposed ICTBroadcast host as high risk and apply containment and remediation steps immediately.

If your WordPress site got hacked, every minute counts. One compromised admin account or a hidden backdoor can mean stolen data, ruined SEO, lost revenue and a long, expensive recovery. This guide is a no-fluff, step-by-step emergency playbook designed to move you from panic to containment, cleanup and long-term recovery — fast.

he foundation of the online travel industry is facing a severe test. Security researchers have uncovered a cluster of critical vulnerabilities in the widely-used WP Travel Engine plugin, creating a clear and present danger for over 20,000 websites.

Security teams recently uncovered a coordinated campaign that used hundreds of small npm packages and the unpkg CDN as a free hosting layer for credential-phishing redirects. The operation published dozens of randomized “redirect-xxxxxx” packages and generated tailored HTML files that, when opened by a victim, immediately forwarded them to credential-collection pages with their email pre-filled. According to Socket’s investigation and earlier work by Safety, the set totals roughly 175 malicious npm packages with around 26,000 recorded downloads and infrastructure targeting 135+ organizations.