wpbot (@wpbot@wptoots.social)
Summary, Dev Chat, October 8, 2025 https://make.wordpress.org/core/2025/10/08/summary-dev-chat-october-8-2025/ #WordPress #wpdev
Show Original Post
soc_goulash (@soc_goulash@infosec.exchange)
Morning, cyber pros! ☕ It's been a busy 24 hours with some major cyber attack updates, new insights into how threat actors are leveraging AI, and critical vulnerability disclosures. Plus, a significant win for privacy in the EU. Let's dive in:
Salesforce Data Theft & Extortion Refusal ⚠️
- Salesforce has publicly refused to pay a ransom demand from "Scattered Lapsus$ Hunters" (believed to be ShinyHunters) who claim to have stolen nearly 1 billion customer records from Salesforce instances.
- The data was exfiltrated via two campaigns in 2025: social engineering attacks impersonating IT support to link malicious OAuth apps, and exploiting stolen SalesLoft Drift OAuth tokens to access CRM environments.
- While the threat actors launched a data leak site to extort 39 major companies (e.g., FedEx, Disney, Google), the site has since been seized, likely by the FBI, impacting their public extortion efforts.
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/salesforce-refuses-to-pay-ransom-over-widespread-data-theft-attacks/
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/10/08/salesforce_refuses_to_pay_ransomware/
Kido Nursery Breach & Child Doxing Arrests 🚨
- Two 17-year-old boys have been arrested in the UK in connection with the cyberattack and attempted extortion of the Kido nursery chain, which involved doxing children's photos and personal data.
- The "Radiant Group" hackers leaked pictures and addresses of over 20 children, alongside contact details for parents, on a dark web site, making threatening calls to increase pressure for a Bitcoin ransom.
- The incident, which impacted around 8,000 children, highlights a disturbing shift in criminal tactics, prompting widespread condemnation and assistance to law enforcement from the cybersecurity community.
🗞️ The Record | https://therecord.media/kido-nursery-school-chain-hack-arrests-britain
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/london-police-arrests-suspects-linked-to-nursery-breach-child-doxing/
Asahi Breweries Hit by Qilin Ransomware 🍺
- The Qilin ransomware group has claimed responsibility for a cyberattack that disrupted operations at Japanese beverage giant Asahi, forcing production halts and delaying product launches.
- Qilin claims to have exfiltrated over 9,300 files (27GB) including financial records, employee data, and contracts, publishing screenshots as proof of theft after failed ransom negotiations.
- Asahi has resumed production at its domestic plants using a temporary manual ordering system, but the incident is expected to cause significant financial losses and product launch delays.
🗞️ The Record | https://therecord.media/qilin-ransomware-gang-alleged-asahi-hackers
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/qilin-ransomware-claims-asahi-brewery-attack-leaks-data/
US Law Firm Suffers Nation-State Zero-Day Breach 🏛️
- Williams & Connolly, a major US law firm, disclosed that suspected nation-state hackers used a zero-day vulnerability to breach a small number of attorneys' email accounts.
- The threat actor is believed to be a China-nexus group, previously reported by Google's Mandiant, targeting the US legal sector for national security and international trade intelligence.
- While the firm has taken steps to block the actor and engaged CrowdStrike, they have found no evidence of confidential client data being taken from central databases.
🗞️ The Record | https://therecord.media/us-law-firm-hackers-breached-email
AI Misuse by Nation-State & Criminal Groups 🤖
- OpenAI has disrupted three clusters of activity (Russian, North Korean, Chinese) misusing ChatGPT for malware development, C2 operations, and phishing campaigns.
- Russian-speaking actors used ChatGPT for RAT and credential stealer refinement, while North Korean groups leveraged it for macOS Finder extensions, Windows Server VPNs, and DLL loading techniques.
- Ukrainian CERT-UA reports Russian hackers are increasingly using AI to generate malware (e.g., PowerShell scripts in Wrecksteel) and phishing messages, adapting to stronger Ukrainian defenses with "Steal & Go" tactics.
📰 The Hacker News | https://thehackernews.com/2025/10/openai-disrupts-russian-north-korean.html
🗞️ The Record | https://therecord.media/russian-hackers-turn-to-ai-ukraine-cert
China-Linked APTs Deploy Nezha Monitoring Tool 🇨🇳
- Suspected China-based actors are using the open-source Nezha monitoring tool in compromises targeting over 100 machines in Taiwan, Japan, South Korea, and Hong Kong.
- Nezha, typically a legitimate server monitoring tool, is being used to facilitate follow-on activity from web intrusions, allowing remote command execution and subsequent malware deployment.
- Attribution clues include the use of simplified Chinese in administrative interfaces and overlaps with Ghost RAT and AntSword, tools previously linked to China-nexus APT groups targeting the Tibetan community.
🗞️ The Record | https://therecord.media/china-linked-hackers-target-asian-orgs-monitoring-tool
Crimson Collective Targets AWS Cloud for Data Theft ☁️
- The 'Crimson Collective' threat group is actively targeting AWS cloud environments to steal data and extort companies, recently claiming responsibility for the Red Hat attack.
- Their TTPs involve using TruffleHog to find exposed AWS credentials, creating new IAM users with 'AdministratorAccess', and then enumerating, modifying RDS master passwords, and exfiltrating data via S3 and EBS snapshots.
- Victims receive extortion notes via AWS Simple Email Service (SES) within the breached environment, highlighting the need for continuous scanning for leaked AWS secrets and robust IAM policies.
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/crimson-collective-hackers-target-aws-cloud-instances-for-data-theft/
New FileFix Attack Uses Cache Smuggling 🎣
- A new variant of the FileFix social engineering attack leverages "cache smuggling" to secretly download malicious ZIP archives, bypassing traditional security software.
- Attackers impersonate a "Fortinet VPN Compliance Checker," tricking users into pasting a seemingly legitimate network path into File Explorer, which is padded with spaces to hide a malicious PowerShell command.
- The PowerShell script then extracts a malicious ZIP from Chrome's cache (smuggled as a fake image file) and executes an executable, allowing malware deployment without explicit downloads or web requests from the script.
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/new-filefix-attack-uses-cache-smuggling-to-evade-security-software/
Figma MCP RCE Vulnerability (CVE-2025-53967) 🛠️
- A critical command injection vulnerability (CVE-2025-53967, CVSS 7.5) has been disclosed and patched in the figma-developer-mcp Model Context Protocol (MCP) server, allowing remote code execution.
- The flaw stems from unsanitized user input in shell commands, specifically in a fallback mechanism that executes curl via child_process.exec if the fetch API fails, enabling shell metacharacter injection.
- Attackers could trick the MCP client into executing unintended actions via indirect prompt injection or by sending a series of requests on the same network, making immediate patching to v0.6.3 essential.
📰 The Hacker News | https://thehackernews.com/2025/10/severe-figma-mcp-vulnerability-lets.html
Service Finder WordPress Theme Auth Bypass (CVE-2025-5947) 🔑
- Threat actors are actively exploiting a critical authentication bypass vulnerability (CVE-2025-5947, CVSS 9.8) in the Service Finder WordPress theme (versions 6.0 and older).
- The flaw allows attackers to log in as any user, including administrators, without authentication by manipulating the original_user_id cookie in the service_finder_switch_back() function.
- Over 13,800 exploitation attempts have been recorded since August 1st, with a surge in late September; administrators must update to version 6.1 immediately and review logs for suspicious activity.
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/hackers-exploit-auth-bypass-in-service-finder-wordpress-theme/
EU Warns of Russian 'Hybrid War' on Europe 🇷🇺
- The President of the European Commission, Ursula Von der Leyen, has warned that Russia is waging a "hybrid war" against Europe, encompassing cyberattacks, sabotage, and malign influence campaigns.
- She cited a "worrying pattern" of incidents including undersea cable cuts, paralysed airports and logistics hubs by cyberattacks, and targeted election interference, urging the EU to "urgently equip itself with a strategic capacity to respond."
- The incidents are described as a "deliberate and targeted grey zone campaign" to unsettle citizens, test resolve, and weaken support for Ukraine, requiring a new mindset and unified deterrence from Europe.
🗞️ The Record | https://therecord.media/russia-hybrid-war-europe-von-der-leyen-speech
Germany Opposes EU 'Chat Control' Mass Scanning 🔒
- Germany has officially committed to opposing the EU's controversial "Chat Control" proposal, which would mandate mass scanning of private messages for child sexual abuse material, even on encrypted platforms.
- This stance, reiterated by Justice Minister Stefanie Hubig and other CDU members, creates a "blocking minority" in the EU Council, making it highly unlikely the legislation will pass in its current form.
- Privacy advocates and encrypted messaging services like Signal and Tuta Mail had vehemently opposed the measure, arguing it undermines end-to-end encryption and constitutes mass surveillance, threatening to exit the EU market if passed.
🤫 CyberScoop | https://cyberscoop.com/germany-opposes-eu-chat-control-mass-scanning-privacy/
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/10/08/germany_chat_control_opposition/
🗞️ The Record | https://therecord.media/chat-control-eu-germany-will-not-support-law
AI in Exposure Management: Cutting Noise, Reducing Risk 📊
- AI is reshaping cybersecurity, with adversaries weaponising it for automated attacks, while defenders struggle with vulnerability overload and finite resources.
- Effective AI integration can deduplicate and correlate data for a clean risk picture, prioritise exposures based on exploit likelihood and business context, and augment human judgment with an "intelligence layer" for foresight.
- Platforms like PlexTrac are investing in AI-driven capabilities to transform security data into actionable insights, enabling continuous risk reduction and empowering analysts to combat AI-powered threats.
📰 The Hacker News | https://thehackernews.com/2025/09/automation-is-redefining-pentest.html
Docker Hardened Images Now More Accessible 🐳
- Docker has made its Hardened Images catalog, offering container images with near-zero CVEs, affordable for startups and SMBs with unlimited access via subscription and a 30-day free trial.
- These images are built from source, continuously patched, lack unnecessary components (reducing attack surface by up to 95%), and include SBOM/VEX support, validated by SRLabs.
- With a seven-day patch SLA for new CVEs and FedRAMP-ready variants, this initiative aims to significantly elevate security across the container ecosystem.
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/docker-makes-hardened-images-catalog-affordable-for-small-businesses/
Microsoft Enables Exchange Online Auto-Archiving 📧
- Microsoft is enabling threshold-based auto-archiving by default in Exchange Online to proactively manage mailbox size and prevent email flow issues caused by rapid filling.
- When mailboxes approach 90% of their quota, the Managed Folder Assistant will automatically move the oldest items to the archive mailbox until usage drops below the threshold.
- This update, rolling out this month for public clouds and November for government clouds, complements existing time-based retention policies and honours "Never Move to Archive" flags.
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/microsoft/microsoft-enables-exchange-online-auto-archiving-by-default-to-fight-overflowing-mailboxes/
#CyberSecurity #ThreatIntelligence #Ransomware #NationState #APT #ZeroDay #Vulnerability #AI #DataPrivacy #InfoSec #CyberAttack #Malware #IncidentResponse #CloudSecurity #WordPress
Show Original Post
denispetitclerc (@denispetitclerc@mstdn.ca)
Vie Web en vrac pour organisme, entreprise, PME, autonomes et plus
Dernièrement, ça va de l’ajout de :
• gestionnaire des témoins pour la loi 25 de Québec
• crédibiliser un nom de domaine
• dépanner des WordPress pas à jour
• changer la version de PHP dans un hébergeur
Points importants : vérifier que les courriels se rendent et que votre site soit visible autant par réseau local, en donnée qu’en accès gratuit. Parfois, des surprises nous attendent.
#maintenanceweb #wordpress #joomla #wix
Show Original Post
Shobeck (@Shobeck@indieweb.social)
I manage a web site that uses WordPress. I created it about 10 years ago. I rarely touch it, just occasionally updating plugins. Spent this weekend doing maintenance and noticed that the Wordpress block editor has got so much better. Feels so satisfying to remove plugins as native editor now supports those features.
#wordpress
Show Original Post
wpa11yday (@wpa11yday@wptoots.social)
Platinum Sponsor Spotlight: WooCommerce
Powering over a quarter of all online stores, WooCommerce makes e-commerce flexible, customizable, and open-source. They’re partnering with Equalize Digital to improve frontend accessibility and create more inclusive shopping experiences.
Learn more: https://2025.wpaccessibility.day/woocommerce-makes-accessible-ecommerce-easier/
#WPA11yDay #WPAD2025 #Accessibility #WordPress
Show Original Post
threadi (@threadi@mastodon.social)
Wer nutzt auch #phpMyAdmin? Das Tool wurde heute aktualisiert - und existiert seit 1998. Also eigentlich aus der gefühlten Frühzeit des Internets. Und damit noch älter als #WordPress. Und es gibt es immernoch. Und es ist auch OpenSource :) https://www.phpmyadmin.net/news/2025/10/8/phpmyadmin-523-is-released/
Show Original Post
threadi (@threadi@mastodon.social)
Danke an der Stelle übrigens an @pierre für das wunderbare "APCu Manager" #WordPress Plugin :) Es funktioniert ansonsten bei inzwischen Dutzenden Websites absolut problemlos. O.g. war mein Fehler :| Wobei eine aktive Info "hey, dem Plugin fehlt plötzlich etwas" schon schön wäre .. https://wordpress.org/plugins/apcu-manager/
Show Original Post
tugatech (@tugatech@masto.pt)
Tema popular do WordPress tem falha grave e hackers já estão a atacar para obter controlo total
🔗 https://tugatech.com.pt/t72598-tema-popular-do-wordpress-tem-falha-grave-e-hackers-ja-estao-a-atacar-para-obter-controlo-total
#ataque #base #cve #grave #hackers #malware #segurança #sem #servidores #vulnerabilidade #WordPress
Show Original Post
maniabel (@maniabel@mastodon.de)
Das WordPress Premium-Theme „ServiceFinder“ hatte bis Version 6.0 ein erhebliches Sicherheitsproblem. Dadurch konnten Angreifende die Authentifizierung umgehen und sich als Administratoren anmelden, berichtet WordFence.
Die Schwachstelle wird als CVE‑2025‑5947 (fehlerhafte Validierung des original_user_id‑Cookies in der Funktion service_finder_switch_back()) geführt und hat einen kritischen Schweregrad‑Score von 9,8.
Theme‑Hersteller Aonetheme behob das Sicherheitsproblem bereits am 17. Juli d. J. mit Version 6.1. Und trotzdem gibt es wohl ungepatchte Versionen, die immer noch ausgenutzt werden.
Schenkt Wordpress, den Themes und PlugIns ein wenig Liebe und aktualisiert entweder automatisiert oder regelmäßig manuell.
#infosec #wordpress #theme #BeDiS
Show Original Post
WordCampCanada (@WordCampCanada@wptoots.social)
📢 Speaker Spotlight: Sandi Gauder
Sandi is a web accessibility expert with 15+ years of experience helping teams build accessible sites and meet AODA guidelines.
At #WCCanada2025, she’ll present:
✨ Audit and Remediate a WordPress Site for Accessibility
📅 October 15, 2025 | 1:00 pm | Track 1
🔗 Sandi Gauder – WordCamp Canada 2025
#WordCampCanada #WCCanada2025 #WordPress #WCEH2025
Show Original Post
wpbot (@wpbot@wptoots.social)
Getting the Word Out: A Content-First Approach https://wordpress.tv/2025/10/08/getting-the-word-out-a-content-first-approach/ #WordPress #wpmisc
Show Original Post
wpbot (@wpbot@wptoots.social)
Ladies and Gentlemen… and others. La comunicazione inclusiva sul web https://wordpress.tv/2025/10/08/ladies-and-gentlemen-and-others-la-comunicazione-inclusiva-sul-web/ #WordPress #wpmisc
Show Original Post