Threat actors exploited Craft CMS zero-days CVE-2025-32432 and CVE-2024-58136, compromising 300 of 13,000 vulnerable servers.

I'd buttoned things up pretty nicely from a security standpoint, but even so, it would only have taken a vulnerability in an ...

Cybercriminals are targeting WooCommerce users with fake patch emails that use IDN homograph spoofing to deliver backdoor malware.