The The Woodmart theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.2.3. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode through the woodmart_get_products_shortcode() function. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.

CVE Database V5

Detailed information about CVE-2025-6744: CWE-94 Improper Control of Generation of Code ('Code Injection') in xTemos Woodmart affecting xTemos Woodmart. Get rea

CVE-2025-6744: CWE-94 Improper Control of Generation of Code ('Code Injection') in xTemos Woodmart - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-6744: CWE-94 Improper Control of Generation of Code ('Code Injection') in xTemos Woodmart

TAG-140 Targets Indian Government Via 'ClickFix-Style' Lure

Source: https://www.darkreading.com/threat-intelligence/tag-140-indian-government-clickfix-lure

The threat identified as TAG-140 is a targeted cyber espionage campaign focusing on the Indian government, utilizing a 'ClickFix-Style' lure to compromise victims. The lure likely mimics or leverages a known vulnerability or social engineering tactic associated with the ClickFix platform or a similarly named service, aiming to deceive government employees into interacting with malicious content. Although specific technical details are sparse, the campaign appears to employ spear-phishing or watering-hole techniques to deliver malware or exploit vulnerabilities, enabling unauthorized access or data exfiltration. The absence of known exploits in the wild suggests this is an emerging threat, possibly in reconnaissance or early deployment stages. The campaign's targeting of government entities indicates a high level of sophistication and intent to gather sensitive information or disrupt governmental operations. The use of a lure resembling a legitimate service increases the likelihood of successful compromise by exploiting user trust and familiarity. Given the high severity rating and the focus on government targets, this threat represents a significant risk to national security and critical infrastructure within the affected region.

Reddit InfoSec News

Detailed information about TAG-140 Targets Indian Government Via 'ClickFix-Style' Lure. Get real-time updates, technical details, and mitigation strategies.

TAG-140 Targets Indian Government Via 'ClickFix-Style' Lure - Live Threat Intelligence - Threat Radar | OffSeq.com

TAG-140 Targets Indian Government Via 'ClickFix-Style' Lure

Reddit Discussion: TAG-140 Targets Indian Government Via 'ClickFix-Style' Lure

Alleged Chinese hacker tied to Silk Typhoon arrested for cyberespionage

Source: https://www.bleepingcomputer.com/news/security/alleged-chinese-hacker-tied-to-silk-typhoon-arrested-for-cyberespionage/

The reported security threat involves the arrest of an alleged Chinese hacker linked to the Silk Typhoon group, a cyberespionage actor known for conducting sophisticated cyber operations. Silk Typhoon is associated with state-sponsored cyber espionage campaigns targeting government entities, defense contractors, and critical infrastructure organizations globally. Although the specific technical details of the hacker's activities are not provided, Silk Typhoon's operations typically involve advanced persistent threats (APTs) leveraging custom malware, spear-phishing, and exploitation of zero-day vulnerabilities to infiltrate high-value targets and exfiltrate sensitive information. The arrest indicates ongoing law enforcement efforts to disrupt these espionage activities, but it also highlights the persistent threat posed by nation-state actors employing stealthy and targeted cyber intrusions. No direct information about exploited vulnerabilities, affected software versions, or active exploits is available, limiting the ability to assess specific attack vectors. However, the high severity rating underscores the strategic impact of such espionage campaigns on national security and corporate confidentiality.

Detailed information about Alleged Chinese hacker tied to Silk Typhoon arrested for cyberespionage. Get real-time updates, technical details, and mitigation str

Alleged Chinese hacker tied to Silk Typhoon arrested for cyberespionage - Live Threat Intelligence - Threat Radar | OffSeq.com

Alleged Chinese hacker tied to Silk Typhoon arrested for cyberespionage

Reddit Discussion: Alleged Chinese hacker tied to Silk Typhoon arrested for cyberespionage

New Bert Ransomware Group Strikes Globally with Multiple Variants

Source: https://www.infosecurity-magazine.com/news/bert-ransomware-globally-multiple/

The Bert ransomware group is a newly identified threat actor that has emerged on the global cybersecurity landscape, deploying multiple variants of ransomware malware. Ransomware is a type of malicious software designed to encrypt victims' data, rendering it inaccessible until a ransom is paid, typically in cryptocurrency. The Bert group’s activity is notable for its rapid spread and the diversity of its ransomware variants, suggesting a sophisticated and adaptable operation. While specific technical details about the malware’s infection vectors, encryption algorithms, or command and control infrastructure are not provided, the presence of multiple variants indicates ongoing development and potential evasion techniques to bypass traditional detection mechanisms. The group’s activity was first reported via a trusted cybersecurity news source and discussed minimally on Reddit’s InfoSecNews subreddit, indicating early stages of public awareness but limited detailed intelligence. No known exploits or vulnerabilities have been directly linked to this ransomware yet, and no patches or mitigations specific to Bert ransomware variants have been published. However, the high severity rating reflects the inherent risk ransomware poses due to its potential to disrupt business operations, cause data loss, and lead to significant financial and reputational damage.

Detailed information about New Bert Ransomware Group Strikes Globally with Multiple Variants. Get real-time updates, technical details, and mitigation strategie

New Bert Ransomware Group Strikes Globally with Multiple Variants - Live Threat Intelligence - Threat Radar | OffSeq.com

New Bert Ransomware Group Strikes Globally with Multiple Variants

Reddit Discussion: New Bert Ransomware Group Strikes Globally with Multiple Variants

A vulnerability, which was classified as critical, was found in code-projects Crime Reporting System 1.0. This affects an unknown part of the file /headlogin.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Detailed information about CVE-2025-7172: SQL Injection in code-projects Crime Reporting System affecting code-projects Crime Reporting System. Get real-time up

CVE-2025-7172: SQL Injection in code-projects Crime Reporting System

CVE-2025-7172: SQL Injection in code-projects Crime Reporting System

Description

Technical Details

Related Threats

CVE-2025-6744: CWE-94 Improper Control of Generation of Code ('Code Injection') in xTemos Woodmart

CVE-2025-7171: SQL Injection in code-projects Crime Reporting System

CVE-2025-7170: SQL Injection in code-projects Crime Reporting System

CVE-2025-7169: SQL Injection in code-projects Crime Reporting System

CVE-2025-7168: SQL Injection in code-projects Crime Reporting System

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility