A WordPress plugin, PhishWP, is being used by cybercriminals to collect sensitive data such as credit card numbers, CVVs and billing addresses from victims by creating fake payment pages. The plugin’s data is relayed to the attackers in real time via Telegram, with the harvested data used for fraudulent transactions or sold on the dark web. The plugin’s ability to convincingly mimic legitimate payment pages and evade detection makes it particularly dangerous.
PoC Exploit Tool Released for FortiWeb WAF Vulnerability Exploited in the Wild
A proof-of-concept (PoC) exploit tool for CVE-2025-64446 has been publicly released on GitHub. This vulnerability, affecting FortiWeb devices from Fortinet, involves a critical path traversal
