A high-severity security flaw, CVE-2025-3102, impacting OttoKit (formerly SureTriggers) that could allow an attacker to create administrator accounts and gain control of vulnerable websites, has been discovered and is under exploitation. Users are advised to apply updates immediately to protect their WordPress sites. Attackers are creating bogus admin accounts, which have originated from two different IP addresses. The flaw has since been addressed in later versions of the plugin.
ASUS Confirms Critical Flaw in AiCloud Routers; Users Urged to Update Firmware
ASUS has disclosed a critical security flaw (CVE-2025-2492, CVSS score 9.2/10) in routers with AiCloud enabled, which could allow remote attackers to perform unauthorized actions.
