Critical WordPress Flaw Exploited, SonicWall Backup Breach, Oracle Zero-Day Patched
Tuesday, October 14, 2025
Top 5 Cybersecurity Stories You Should Know
-
Critical WordPress Flaw Exploited, SonicWall Backup Breach, Oracle Zero-Day Patched — tl;dr: A critical vulnerability in the WordPress Service Finder theme (CVE-2025-5947) has led to over 13,800 attack attempts, allowing hackers to hijack administrator accounts. SonicWall confirmed a breach exposing firewall backup files for all cloud backup customers, increasing the risk of targeted attacks. Oracle rushed an emergency patch for a zero-day flaw (CVE-2025-61882) in its E-Business Suite exploited by the Cl0p ransomware group. Affected users are advised to update credentials, check access logs, and apply patches immediately to mitigate risks.
↪ https://www.duocircle.com/announcements/cybersecurity-news-update-week-42-of-2025 -
Ransomware Attack on Albemarle County Exposes Sensitive Resident Data — tl;dr: Albemarle County, Virginia, suffered a ransomware attack that compromised sensitive personal information of local government and public school employees, including Social Security numbers and driver's license details. Despite existing cybersecurity measures, attackers exploited vulnerabilities to access on-premises servers. The county is conducting a thorough investigation and has activated its incident response plan, including enhanced security measures and offering identity protection services to affected individuals. Residents are advised to monitor their financial accounts and consider enrolling in credit monitoring services to mitigate risks associated with potential identity theft.
↪ https://gbhackers.com/ransomware-attack-on-albemarle-county/ -
Google Fixes Chrome Zero-Day CVE-2023-6345 Exploited in the Wild — tl;dr: Google has addressed a critical zero-day vulnerability, CVE-2023-6345, in Chrome, which was actively exploited in the wild. This integer overflow issue in the Skia graphics library poses risks such as arbitrary code execution and system crashes. The fix is included in the latest Chrome update (version 119.0.6045.199 for Mac and Linux, and 119.0.6045.199/.200 for Windows), released on November 24, 2023. Users are strongly advised to update their browsers immediately to mitigate potential threats, along with additional fixes for five other high-severity vulnerabilities.
↪ https://blog.deurainfosec.com/chrome-zero-day-vulnerability-that-exploited-in-the-wild/ -
Chrome Introduces Local Network Access Prompt to Mitigate Security Risks — tl;dr: Google Chrome is rolling out a new security feature called Local Network Access, which prompts users for permission when websites or apps attempt to connect to their localhost or internal local network devices. This update aims to combat increasing threats from malicious sites that exploit CSRF vulnerabilities to access local routers and IoT devices for nefarious purposes. Users are encouraged to enable this feature in the Chrome flags section to enhance their security against potential local network attacks, which could lead to data breaches or unauthorized tracking.
↪ https://news.risky.biz/risky-bulletin-chrome-gets-a-new-prompt-to-prevent-sneaky-local-network-attacks/ -
KnowBe4 Releases Comprehensive Cybersecurity Glossary for Awareness Training — tl;dr: KnowBe4 has published an extensive glossary of cybersecurity terms, aimed at enhancing understanding in the field of security awareness training. This resource includes definitions of key concepts such as Active Directory, Acceptable Use Policy, and various types of malware. It serves as a valuable tool for organizations looking to improve their cybersecurity posture by educating employees about essential terminology and practices. Users are encouraged to leverage this glossary to bolster their security awareness programs and mitigate risks associated with cyber threats.
↪ https://www.knowbe4.com/knowbe4-glossary
Featured LufSec Resource
Consulting (First Session Free) — Build your security & AI risk program right.
Explore →
Connect with LufSec
- YouTube: https://www.youtube.com/@lufsec
- Instagram: https://www.instagram.com/lufsec
