Stay updated with the latest in cybersecurity threats, data privacy, and digital marketing trends. CyberPulse delivers breaking stories, expert analysis, and insights for today’s digital professionals
WordPress is the most widely used content management system (CMS), making it a prime target for attackers. Recent vulnerabilities highlight the importance of staying updated on security issues surrounding this platform.
Infostealers have become a significant threat, with over 330 million compromised credentials connected to malware activities. According to a report by Kela, these credentials were found linked to infostealer activity on at least 4.3 million machines. Access to sensitive corporate services such as cloud solutions, content management systems, email, and user authentication is at risk.
China’s Salt Typhoon campaign has been actively breaching telecommunications companies, with researchers identifying attempts to compromise over 1,000 Cisco network devices globally. This includes targeting organizations in the U.S., South Africa, Italy, and Thailand. The group seems to have created a list of target devices based on their association with telecom networks. In December alone, the Insikt Group observed the hackers conducting reconnaissance on various IP addresses.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the high-severity security flaw CVE-2025-23209 to its Known Exploited Vulnerabilities (KEV) catalog due to evidence of active exploitation. This vulnerability affects Craft CMS versions 4 and 5, with a CVSS score of 8.1. It was addressed by the project maintainers in late December 2024, in versions 4.13.8 and 5.5.8.
China has initiated a global effort to develop post-quantum cryptographic algorithms, diverging from US-led efforts to establish encryption standards. The Institute of Commercial Cryptography Standards (ICCS) is soliciting proposals for encryption methods that can withstand quantum attacks, evaluating them based on security, performance, and feasibility. This initiative signifies a move towards establishing national standards for encryption that can resist quantum threats, covering public-key cryptography, hash functions, and block ciphers. The effort encourages international participation, with the algorithms being assessed critically.
The RansomHub ransomware group has emerged as one of the most prolific cybercrime syndicates of 2024–2025. The group has expanded its arsenal to target Windows, VMware ESXi, Linux, and FreeBSD systems, employing advanced evasion techniques, cross-platform encryption, and exploiting vulnerabilities in enterprise infrastructure. Group-IB analysts have discovered that RansomHub has compromised over 600 organizations, including sectors such as healthcare, finance, and critical infrastructure RansomHub.
CyberWarFare Labs offers comprehensive cybersecurity courses aimed at enhancing skills in the digital realm. Participants can sign up for various courses that include structured learning paths, practical hands-on labs, and earn badges for skill mastery.
Gmail users have been warned about sophisticated scams that utilize AI to steal personal information and hijack accounts. These attacks have been characterized as "devastating," with criminals leveraging AI to create convincing voice, video messages, and emails. The FBI has previously alerted users about the rise in AI-fueled scams, highlighting the serious risks of identity theft and financial loss.
Microsoft Threat Intelligence has identified an evolved iteration of the XCSSET malware family actively exploiting macOS developers via weaponized Xcode projects. This modular backdoor, first documented in 2020, now employs advanced obfuscation techniques, refined persistence mechanisms, and novel infection vectors to subvert Apple’s security frameworks and compromise software supply chains.