Beamglea Phishing Infrastructure: 175 Malicious npm Packages Exploited unpkg CDN

Security teams recently uncovered a coordinated campaign that used hundreds of small npm packages and the unpkg CDN as a free hosting layer for credential-phishing redirects. The operation published dozens of randomized “redirect-xxxxxx” packages and generated tailored HTML files that, when opened by a victim, immediately forwarded them to credential-collection pages with their email pre-filled. According to Socket’s investigation and earlier work by Safety, the set totals roughly 175 malicious npm packages with around 26,000 recorded downloads and infrastructure targeting 135+ organizations.

Read More

Web Security Weekly: Oracle EBS, Redis & WordPress

This weekly digest highlights the highest-priority web security events from Oct 3–10, 2025: a mass extortion campaign abusing Oracle E-Business Suite, a critical Redis RCE, and active WordPress theme compromises that use stealth delivery techniques. Read on for plain-language explanations, key indicators, and a prioritized action plan your team can run in the next 24–72 hours.

Read More

Critical authentication-bypass in Service Finder Bookings being actively exploited — what site owners must do now

A critical authentication-bypass vulnerability in the Service Finder “Bookings” plugin/theme (affecting versions up to 6.0) allows unauthenticated attackers to take over accounts — including administrator accounts — on vulnerable WordPress sites. Multiple security researchers and vendors have confirmed active exploitation in the wild. If your site uses the Service Finder theme or bundled Bookings plugin, update to the fixed release immediately (or remove the plugin) and follow the emergency checklist below.

Read More

Magento (Adobe Commerce / Magento Open Source) — 2025 vulnerability roundup

In 2025 several high-impact vulnerabilities affecting Adobe Commerce and Magento Open Source were publicly disclosed and patched. The most critical is the so-called SessionReaper (CVE-2025-54236) — an improper input validation flaw in the Web API that can lead to session takeover and, in specific conditions, unauthenticated remote code execution. Adobe released an out-of-band hotfix and urged immediate application. Other important 2025 CVEs include a set of access-control and authorization bugs (several CVE entries), and multiple XSS/authorization issues fixed across release updates. Apply vendor patches immediately and follow the detection checklist below.

Read More

WordPress Security in 2025 — Key Risks, Real-World Incidents and Practical Fixes

In 2025 the WordPress ecosystem continued to produce a large number of security disclosures, with third-party plugins and themes remaining the dominant source of high-impact vulnerabilities. Attackers quickly weaponized several unauthenticated remote code execution, arbitrary file upload and broken-access-control flaws, and exploit campaigns often began within days of disclosure. Industry mitigations such as virtual patching (WAF rules) and vendor “rapid mitigate” systems played a major role in reducing live exploitation while site owners applied official patches. If you manage WordPress sites, the priority remains the same: maintain an accurate inventory; patch high-risk components immediately; remove unused extensions; and combine short-term virtual patches with longer-term hardening and monitoring.

Read More

Top 10 Website Security Threats in 2025 and How to Protect Against Them

Website security is more crucial than ever in 2025. As technology continues to evolve, so too do the tactics used by cybercriminals. Websites are often the first line of defense for organizations, housing sensitive user data and business-critical information. Yet, they are also prime targets for hackers who exploit vulnerabilities to steal data, inject malware, or disrupt operations. Understanding the latest website security threats and how to protect against them is vital for maintaining a secure online presence.

In this article, we will explore the top 10 website security threats in 2025, supported by statistics and real-world examples, and provide actionable advice on how to protect your website from these dangers.

Read More

Which CMS Is the Most Secure? A Comprehensive Analysis of WordPress, Drupal, and Joomla (Updated)

As more businesses, organizations, and individuals create websites to enhance their online presence, the importance of website security has never been more critical. Content Management Systems (CMS) are the backbone of most websites today, providing a user-friendly platform for managing and publishing content. However, with the rise of cybercrime and increasingly sophisticated attacks, it’s essential to choose a CMS that offers the highest level of security. In this article, we will examine the security features, vulnerabilities, and best practices of three of the most popular CMS platforms—WordPress, Drupal, and Joomla—based on the most recent data and security statistics.

Read More

How AI Has Changed Website Security: The Revolution of Cyber Defense

wordpress security

In the digital age, websites are an integral part of every business, organization, and individual. With the growing reliance on online services, security has become a paramount concern. Cyber threats are evolving at a rapid pace, and traditional security measures are often no longer enough to protect sensitive data and infrastructure. This is where Artificial Intelligence (AI) comes into play. AI has significantly transformed website security, offering more advanced, proactive, and efficient methods to defend against cyberattacks. This article explores how AI has revolutionized website security and the benefits it brings to businesses and individuals alike.

Read More