Security news.
Today's security news highlights critical vulnerabilities and active exploitation, with CISA adding a new F5 BIG-IP APM flaw to its KEV catalog. Additionally, Iranian-linked threat actors are making headlines for high-profile breaches and wiper attacks, while new macOS infostealers and WordPress plugin vulnerabilities pose ongoing threats.
File Read Flaw in Smart Slider Plugin Impacts 500K WordPress Sites
A vulnerability in the Smart Slider 3 WordPress plugin, active on over 800,000 websites, allows subscriber-level users to access arbitrary files on the server.
Iran-Linked Hackers Breach FBI Director’s Personal Email, Hit Stryker With Wiper Attack
Threat actors tied to Iran breached the personal email of FBI Director Kash Patel, leaking documents, and also claimed a wiper attack against medical technology firm Stryker.
Citrix NetScaler Under Active Recon for CVE-2026-3055 (CVSS 9.3) Memory Overread Bug
A critical memory overread flaw, CVE-2026-3055, in Citrix NetScaler ADC and NetScaler Gateway is experiencing active reconnaissance, potentially leading to sensitive information leakage.
CISA Adds CVE-2025-53521 to KEV After Active F5 BIG-IP APM Exploitation
CISA has added CVE-2025-53521, a critical F5 BIG-IP Access Policy Manager (APM) vulnerability allowing remote code execution, to its Known Exploited Vulnerabilities catalog due to active exploitation.
New Infinity Stealer Malware Grabs macOS Data via ClickFix Lures
A new info-stealing malware, Infinity Stealer, is targeting macOS systems through ClickFix lures and a Python payload packaged as an executable.
TA446 Deploys DarkSword iOS Exploit Kit in Targeted Spear-Phishing Campaign
Proofpoint reports that Russian state-sponsored threat group TA446 is using the DarkSword exploit kit in targeted spear-phishing campaigns against iOS devices.
Backdoored Telnyx PyPI Package Pushes Malware Hidden in WAV Audio
TeamPCP hackers compromised the Telnyx package on the Python Package Index, distributing malicious versions that deliver credential-stealing malware concealed within WAV files.
Apple Sends Lock Screen Alerts to Outdated iPhones Over Active Web-Based Exploits
Apple is issuing Lock Screen notifications to users with outdated iOS/iPadOS versions, urging them to update due to active web-based attacks.