๐ October 2025 WordPress: Critical SQL Injection + 40+ Plugin CVEs
Sucuri's October 2025 WordPress roundup highlights several critical plugin vulnerabilities exploited in the wild. What's concerning: unauthenticated SQL injection in Product Filter by WBW (CVE-2025-8416) rated Critical, broken access control across multiple plugins (BackWPup, ShortPixel, SureForms), and numerous XSS flaws in popular addons.
๐ October 2025 WordPress: Critical SQL Injection + 40+ Plugin CVEs
Sucuri's October 2025 WordPress roundup highlights several critical plugin vulnerabilities exploited in the wild. What's concerning: unauthenticated SQL injection in Product Filter by WBW (CVE-2025-8416) rated Critical, broken access control across multiple plugins (BackWPup, ShortPixel, SureForms), and numerous XSS flaws in popular addons.
๐ด October 2025 WordPress: Critical SQL Injection + 40+ Plugin CVEs
Canonical issued USN-7835-4 addressing critical Linux kernel vulnerabilities affecting Ubuntu 22.04 LTS and hardware enablement (HWE) variants. The advisory resolves multiple privilege escalation and denial-of-service issues across networking and memory subsystems.
๐ด CVE-2025-12444: Chromium Fullscreen UI Spoofing Flaw
Microsoft disclosed CVE-2025-12444, a Chromium vulnerability involving incorrect security UI behavior when browsers enter fullscreen mode. The flaw allows malicious web pages to spoof browser elements and mislead users into performing sensitive actions like entering credentials or approving permissions.
๐ CISA/NSA Release Exchange Server Hardening Guidance Amid Attack Surge
CISA and NSA issued advisory on hardening on-premises Microsoft Exchange Server instances amid persistent attack surge. The guidance follows CISA's August warning about CVE-2025-53786, a high-severity post-auth vulnerability allowing lateral movement from on-premises Exchange to M365 cloud environments.
โ ๏ธ Sandworm's Ukraine Campaign: Custom Webshell + LotL Persisten
Russia-linked Sandworm (UAC-0082, UAC-0145, APT44, Seashell Blizzard) conducted a two-month campaign against a major Ukrainian business services company and a week-long attack on a state entity starting late June 2025.
โ ๏ธ Agent Session Smuggling: Malicious AI Agents Weaponizing A2A Trust
Unit 42 discovered agent session smuggling, a technique where malicious AI agents exploit the Agent2Agent (A2A) protocol's stateful nature to inject covert instructions into victim agents.
๐ด CVE-2024-1086: 10-Year-Old Linux Kernel Bug Now in Ransomware Toolchains
CISA warns ransomware gangs are exploiting CVE-2024-1086, a Linux kernel use-after-free bug in netfilter: nf_tables that was introduced in 2014 and patched in January 2024. The vulnerability enables local privilege escalation and has been integrated into rootkits for kernel-level access.
๐ด CVE-2025-9491: Windows LNK Flaw Exploited Since 2017โMicrosoft Won't Patch
CVE-2025-9491 (aka ZDI-CAN-25373) is a Windows LNK file vulnerability that state actors have quietly exploited since at least 2017. The technique is elegant: attackers embed command-line arguments in LNK Target fields but pad them with whitespace, pushing malicious commands beyond visible UI boundsโusers inspecting properties see only benign targets.
๐จ Conduent Breach: 10.5M Records, 85 Days Dwell Time, 8.5TB Claimed
Conduent disclosed a breach impacting over 10.5 million individuals after attackers maintained access from October 21, 2024 to January 13, 2025โ85 days of dwell time before detection. SafePay ransomware gang claimed responsibility in February 2025, stating they exfiltrated 8.5TB including names, SSNs, DOBs, medical info, and health insurance details.
