WordPress, Perplexity, Apache & macOS Targeted | Android & Adobe Patches | Oracle & Sensata Technologies Data Breaches

10 Security Flaws in Perplexity AI's Android Chatbot App

Researchers describe the company’s artificial intelligence chatbot as less secure than both ChatGPT and DeepSeek.

OttoKit WordPress Plugin Vulnerability Actively Exploited in the Wild

A vulnerability in the OttoKit WordPress plugin, which has over 100,000 active installations, is being actively exploited in the wild. According to WordPress security firm Defiant, threat actors are leveraging this flaw, potentially putting numerous websites at risk of full compromise.

Critical Vulnerability in WordPress Plugin Exploited Just 4 Hours After Disclosure

A critical vulnerability in the SureTriggers WordPress plugin has been actively exploited within just four hours of its public disclosure.

Android Security Update: Google Patches Two Critical Zero-Day Flaws

Google has released patches for 62 vulnerabilities, including two that have been actively exploited in the wild.

Adobe Patches 11 Critical ColdFusion Vulnerabilities Among 30 Security Flaws

Adobe has issued security updates to address a new set of vulnerabilities, including several critical-severity flaws in ColdFusion versions 2025, 2023, and 2021, which could lead to arbitrary file reading and code execution.

Apache Roller Vulnerability Allowed Unauthorized Access to Blog Sites

A critical security vulnerability in Apache Roller, tracked as CVE-2025-24859, has been discovered, allowing attackers to retain unauthorized access to blog systems even after password changes.

Rapid7 Uncovers RCE Path in Ivanti VPN Appliance Following Silent Patch

CVE-2025-22457, a critical vulnerability in Ivanti’s Connect Secure VPN appliances, has already been exploited by a China-linked hacking group known for targeting edge network devices. Security researchers at Rapid7 have publicly detailed a path to remote code execution.

Hackers Allegedly Renting Full System Control Malware to Target macOS Users

A new macOS malware-as-a-service (MaaS) threat named iNARi Loader has emerged, offering cybercriminals full system control over Apple devices

Nissan Leaf Vulnerabilities Enable Remote Spying and Physical Control Exploits

Researchers have discovered vulnerabilities that could be exploited to remotely take control of a Nissan Leaf’s functions, including its physical controls.

SonicWall Patches High-Severity NetExtender Vulnerability

SonicWall has released patches for three vulnerabilities in its NetExtender for Windows software, including one high-severity flaw. The fixes were announced this week to address potential security risks.

Malicious NPM Packages Exploit Cryptocurrency and PayPal Users

Threat actors are distributing malicious NPM packages designed to steal PayPal credentials and hijack cryptocurrency transactions, targeting users' sensitive information and funds.

Recent Data Breaches & Ransomware Attacks

Data Breaches and Ransomeware attack Including Malaysian Airport's, SEMrush, Numotion & Daisy Cloud Hacker Exposes Credentials Across a Wide Range of Services

10 Security Flaws in Perplexity AI's Android Chatbot App

Researchers from Appknox have uncovered ten security vulnerabilities in the Android version of Perplexity AI's chatbot application, highlighting significant concerns about the app's mobile security posture. This discovery suggests that Perplexity's Android app is less secure compared to other AI chatbots like ChatGPT and DeepSeek.

The identified vulnerabilities in Perplexity's Android app include:

• Insecure network configurations, which increase the risk of network-based attacks.
• Lack of SSL validation or certificate pinning, potentially allowing impersonation attacks (CVSS score: 5.9).
• Weak detection mechanisms for rooting or jailbreak attempts, enabling attackers to escalate privileges (CVSS score: 6.8).
• Susceptibility to the "StrandHogg" vulnerability, an older flaw in Android's task management system that permits application takeover (CVSS score: 6.5).
• Exposure to CVE-2017-13156, a known vulnerability that allows modification of installed Android apps without invalidating their digital signatures (CVSS score: 6.7).
• Vulnerability to "clickjacking" attacks, where a user's interface is manipulated to trigger unintended actions (CVSS score: 4.8).

These findings underscore the importance of comprehensive security assessments for mobile applications, especially those leveraging advanced AI technologies. Organizations are advised to prioritize mobile app security alongside the development of their AI models to prevent potential exploitation of such vulnerabilities.

OttoKit WordPress Plugin Vulnerability Actively Exploited in the Wild

A critical vulnerability in the OttoKit WordPress plugin, formerly known as SureTriggers, is being actively exploited, putting over 100,000 websites at risk of full compromise.

• CVE Identifier: CVE-2025-3102
• Severity Score: 8.1 (High)
• Issue: Authentication bypass due to improper handling of empty secret keys

The flaw arises from a missing check for empty values in a function responsible for permission verification. If the plugin hasn't been configured with an API key, an attacker can exploit this oversight by sending a request with an empty secret key, which the system erroneously accepts. This grants access to the plugin's REST API endpoint, enabling the attacker to perform various administrative actions.

Potential Exploitation

Once access is gained, attackers can:

• Create new administrator accounts
• Upload malicious plugins or themes containing backdoors
• Modify website content to redirect users or inject spam

 Defiant, a WordPress security firm, warns that this vulnerability can lead to complete control over the affected site, allowing attackers to manipulate it as a legitimate administrator would.

Website administrators using OttoKit should act promptly to secure their sites against this actively exploited vulnerability.

Critical Vulnerability in WordPress Plugin Exploited Just 4 Hours After Disclosure

A critical vulnerability in the SureTriggers WordPress plugin (versions ≤1.0.78) has been actively exploited within just four hours of its public disclosure. This flaw allows unauthenticated attackers to create administrator accounts on vulnerable sites, potentially compromising over 100,000 installations worldwide.

• CVE Identifier: CVE-2025-3102
• Severity Score: 8.1 (High)
• Issue: Authentication bypass due to improper handling of empty secret keys
• Impact: Allows unauthorized creation of administrator accounts, leading to potential full site takeover

The flaw arises from a missing check for empty values in a function responsible for permission verification. If the plugin hasn't been configured with an API key, an attacker can exploit this oversight by sending a request with an empty secret key, which the system erroneously accepts. This grants access to the plugin's REST API endpoint, enabling the attacker to perform various administrative actions.

Android Security Update: Google Patches Two Critical Zero-Day Flaws

Google has patches for 62 vulnerabilities, two of which it said have been exploited in the wild.

The two high-severity vulnerabilities are listed below -

• CVE-2024-53150 (CVSS score: 7.8) - An out-of-bounds flaw in the USB sub-component of Kernel that could result in information disclosure
• CVE-2024-53197 (CVSS score: 7.8) - A privilege escalation flaw in the USB sub-component of Kernel

Google has released its April 2025 Android security update, addressing 62 vulnerabilities, including two critical zero-day flaws that have been actively exploited in targeted attacks.

The update also patches 60 other security issues across various components, including the Android Framework and System. These vulnerabilities range from information disclosure to remote code execution risks.

Adobe Patches 11 Critical ColdFusion Vulnerabilities Among 30 Security Flaws

Adobe has released critical security updates for ColdFusion versions 2025, 2023, and 2021, addressing 30 vulnerabilities, including 11 rated as critical. These flaws could lead to arbitrary file reads, code execution, and security feature bypasses.

• CVE-2025-24446 (CVSS 9.1): Improper input validation allowing arbitrary file system reads.
• CVE-2025-24447 (CVSS 9.1): Deserialization of untrusted data leading to arbitrary code execution.
• CVE-2025-30281 (CVSS 9.1): Improper access control resulting in arbitrary file system reads.
• CVE-2025-30282 (CVSS 9.1): Improper authentication enabling arbitrary code execution.
• CVE-2025-30284 to CVE-2025-30290: Various vulnerabilities, including deserialization issues, OS command injections, and path traversal, with CVSS scores ranging from 7.5 to 8.7.

Additionally, patches have been released for other Adobe products, including After Effects, Media Encoder, Bridge, Premiere Pro, Photoshop, Animate, and FrameMaker, to fix out-of-bounds write and heap-based buffer overflow bugs that could lead to arbitrary code execution

Apache Roller Vulnerability Allowed Unauthorized Access to Blog Sites

A critical security vulnerability has been identified in Apache Roller, a Java-based blogging platform, that could allow attackers to maintain unauthorized access to blog systems even after password changes. The vulnerability, tracked as CVE-2025-24859, has received the highest possible CVSS v4 score of 10, indicating severe risk to affected systems.

• CVE Identifier: CVE-2025-24859
• Severity Score: 10.0 (Critical)
• Affected Versions: Apache Roller versions 1.0.0 through 6.1.4
• Issue: Improper session invalidation after password changes
• Impact: Allows continued access to the application through old sessions even after password changes, potentially enabling unauthorized access if credentials were compromised. The vulnerability stems from a fundamental session management issue where active user sessions are not properly invalidated after password changes. This oversight means that all pre-existing sessions remain fully functional even after credential changes, potentially enabling unauthorized access if credentials were compromised.

The vulnerability creates a scenario where standard security practices become ineffective. When credentials are suspected of being compromised, the immediate response is typically to change passwords – but with this flaw, attackers who have already established sessions can continue operating within the system unimpeded.

Rapid7 Uncovers RCE Path in Ivanti VPN Appliance Following Silent Patch

Security researchers at Rapid7 have publicly disclosed a method to achieve remote code execution (RCE) on Ivanti's Connect Secure VPN appliances, highlighting a critical vulnerability that has already been exploited in the wild.

• CVE Identifier: CVE-2025-22457
• Affected Product: Ivanti Connect Secure VPN appliances
• Nature of Vulnerability: Unchecked buffer overflow in the HTTP(S) web server component, specifically related to the processing of the "X-Forwarded-For" HTTP header.

The flaw allows attackers to manipulate the length of the "X-Forwarded-For" header value, triggering a buffer overflow that can overwrite critical parts of the stack, leading to remote code execution.

Ivanti's Response

Upon learning of the active exploitation, Ivanti acknowledged the severity of the vulnerability and urged customers to update to Connect Secure version 22.7R2.6, which addresses the issue. The company emphasized that the vulnerability, initially thought to be non-exploitable, has been proven to be exploitable through sophisticated means.

Hackers Allegedly Renting Full System Control Malware to Target macOS Users

A new macOS malware-as-a-service (MaaS) threat named iNARi Loader has emerged, offering cybercriminals full system control over Apple devices. Advertised on underground forums, this sophisticated malware combines remote desktop capabilities with advanced data exfiltration techniques, posing a significant risk to macOS users.

Key Features of iNARi Loader

• Modular Architecture: Allows attackers to deploy various payloads, including Virtual Network Computing (VNC) for remote access and specialized data stealers.
• Bypass Mechanisms: Capable of circumventing password prompts, granting attackers unrestricted access to sensitive user data.
• Multiple Delivery Vectors: Distributed through terminal commands, disk image files (.dmg), package installers (.pkg), or malicious applications, increasing the likelihood of successful infections.
• Built-in Evasion Techniques: Unlike many malware variants, iNARi Loader reportedly does not require additional obfuscation services to evade detection, indicating sophisticated in-built stealth capabilities.

Rising Threat to macOS Users

The emergence of iNARi Loader marks a significant escalation in macOS-targeted threats. In recent years, multiple infostealer families—such as MacStealer, Pureland, Atomic, RealStealer, MetaStealer, and Banshee—have been documented, primarily targeting sensitive information like Keychain passwords, browser data, cryptocurrency wallets, and personal files. The addition of remote desktop capabilities in iNARi Loader provides attackers with persistent control over compromised systems.

Nissan Leaf Vulnerabilities Enable Remote Spying and Physical Control Exploits

Researchers from PCAutomotive have uncovered a series of critical vulnerabilities in the second-generation Nissan Leaf (model year 2020), revealing that attackers could remotely access and control various vehicle functions, including while the car is in motion.

Presented at Black Hat Asia 2025, the research demonstrated how the Leaf's infotainment system's Bluetooth capabilities could be exploited to infiltrate the car's internal network. Once inside, attackers could escalate privileges and establish a command-and-control (C&C) channel over cellular communications, allowing persistent and stealthy access to the vehicle over the internet.

The vulnerabilities enabled attackers to:

• Track the vehicle's real-time location.
• Capture screenshots of the infotainment system.
• Record conversations within the car.
• Remotely control physical functions such as doors, wipers, horn, mirrors, windows, lights, and even the steering wheel, including while the vehicle was in motion.

These security flaws have been assigned eight CVE identifiers: CVE-2025-32056 through CVE-2025-32063. Disclosure to Nissan began in August 2023, with the company confirming the findings in January 2024. However, the CVEs were only recently assigned.

In response, a Nissan spokesperson acknowledged the research but declined to provide specific details about countermeasures, citing security reasons.

SonicWall Patches High-Severity NetExtender Vulnerability

SonicWall has released critical security updates for its NetExtender VPN client for Windows, addressing three vulnerabilities, including a high-severity flaw that could allow authenticated attackers to alter application configurations.

1. CVE-2025-23008 (CVSS 7.2) – An improper privilege management issue that could be exploited by authenticated users to modify the application's configuration.
2. CVE-2025-23009 – A medium-severity vulnerability allowing arbitrary file deletion.
3. CVE-2025-23010 – A medium-severity path manipulation vulnerability.

These vulnerabilities affect both 32-bit and 64-bit versions of the NetExtender Windows client and have been resolved in version 10.3.2. SonicWall has confirmed that the Linux version of NetExtender is not impacted.

Malicious NPM Packages Exploit Cryptocurrency and PayPal Users

Threat actors have been publishing malicious NPM packages to steal the information and funds of PayPal and cryptocurrency wallet users.

PayPal Credential Theft via NPM Packages

Fortinet discovered that PayPal users have been targeted with multiple information-stealing packages that were likely created in early March by a threat actor known as tommyboy_h1 and tommyboy_h2. These packages used PayPal-related themes such as oauth2-paypal and buttonfactoryserv-paypal to trick developers into installing them. To evade detection, a preinstall hook is used in the malicious packages.

Cryptocurrency Wallet Hijacking

Users of the cryptocurrency wallet applications Atomic Wallet and Exodus have been targeted with a malicious NPM package designed to hijack fund transfers and divert them to crypto addresses controlled by threat actors. Named pdf-to-office and published in March, the package poses as a library that supports the conversion of PDF files to Microsoft Office documents.

The malicious code was also seen sending a ZIP archive to a remote server, suggesting that it could also harvest sensitive information from an infected system.

Incomplete NVIDIA Patch Leaves CVE-2024-0132 Vulnerable to Container Escapes

Cybersecurity researchers have detailed a case of an incomplete patch for a previously addressed security flaw impacting the NVIDIA Container Toolkit that, if successfully exploited, could put sensitive data at risk.

The original vulnerability CVE-2024-0132 (CVSS score: 9.0) is a Time-of-Check Time-of-Use (TOCTOU) vulnerability that could lead to a container escape attack and allow for unauthorized access to the underlying host.

Recent Data Breaches & Ransomware Attacks

Hackers Breach Morocco’s Social Security Database

• Hackers have leaked troves of personal data from Morocco's social security agency on Telegram.
• The attack was reportedly in response to alleged harassment by Morocco against Algeria on social media.

Operations of Sensor Giant Sensata Disrupted by Ransomware Attack

• Sensata Technologies, a leading sensor manufacturer, reported significant disruptions to its shipping, manufacturing, and other operations due to a recent ransomware attack.
• The company informed the U.S. Securities and Exchange Commission (SEC) about the incident.

Oracle Faces Mounting Criticism After Data Breach

• Oracle is facing growing backlash for its delayed and controversial handling of a recent data breach.
• The company is now notifying customers, having initially denied the breach occurred.

1.6 Million People Impacted by Data Breach at Laboratory Services Cooperative

• The Laboratory Services Cooperative (LSC) disclosed a breach that compromised the personal and medical data of 1.6 million individuals.
• The breach took place in October 2024, and affected individuals are being notified.

These incidents highlight the ongoing risks to both personal data and operational continuity in various sectors, stressing the importance of cybersecurity vigilance and timely incident response.