Quarterly WordPress Threat Intelligence Report – Q4 2025

As the leader in WordPress security, Wordfence provides unparalleled security coverage that fully encompasses protection, active monitoring, detection, and response all built around our threat intelligence, demonstrating a strong commitment to security. Our mission is to ensure comprehensive...

Microsoft SDL: Evolving security practices for an AI-powered world

As AI reshapes the world, organizations encounter unprecedented risks, and security leaders take on new responsibilities. Microsoft’s Secure Development Lifecycle SDL is expanding to address AI-specific security concerns in addition to the traditional software security areas that it has...

Chrome Zero-Day Vulnerability: Are You Protected?

With billions of users, Google Chrome is more than just a browser; it’s a fundamental part of your organization's attack surface. It’s installed on nearly every endpoint, from the C-suite to the intern pool. This ubiquity is precisely what makes a Chrome zero-day vulnerability so uniquely...

ICYMI: Experts on Experts – Season One Roundup

In 2025, we launched Experts on Experts: Commanding Perspectives as a pilot video series designed to spotlight the ideas shaping cybersecurity, directly from the people driving them. Over five episodes, Rapid7 leaders shared short, candid conversations on topics like agentic AI, MDR ROI,...

Meet Moltbook, the Social Platform Where AI Agents Talk and Humans Watch

Moltbook is a new social platform where AI agents post and interact while humans observe, raising questions about autonomy, security, and agent behavior...

Cross-site Scripting (XSS)

Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Cross-site Scripting XSS via improper sanitization of AI prompt responses. An attacker can execute arbitrary scripts in the context of another user's session by injecting malicious HTML or JavaScrip...

CVE-2025-67849

CVE-2025-67849 affects Moodle with an XSS flaw caused by improper sanitization of AI prompt responses. The vulnerability allows injecting malicious HTML/script into pages viewed by other users, potentially stealing sessions or manipulating the UI. Connected sources (Nessus/NASL, CVE records, OSV/...

CVE-2025-67849 Moodle: moodle: cross-site scripting (xss) via improper sanitization of ai prompt responses

A flaw was found in Moodle. This cross-site scripting XSS vulnerability, caused by improper sanitization of AI prompt responses, allows attackers to inject malicious HTML or script into web pages. When other users view these compromised pages, their sessions could be stolen, or the user interface...

Mozilla Adds One-Click Option to Disable Generative AI Features in Firefox

Mozilla on Monday announced a new controls section in its Firefox desktop browser settings that allows users to completely turn off generative artificial intelligence GenAI features. "It provides a single place to block current and future generative AI features in Firefox," Ajit Varma, head of...

HCL AION 安全漏洞

HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from an information disclosure vulnerability which is caused due to lack of content security policy. An attacker can exploit the vulnerability to cause unauthorized access...

Exploit for Expression Language Injection in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

ExploitAtlas A full-stack Rust application for CVE intelligen...

Building AI Security Together: New Ways to Partner with Wiz for AI Security in 2026

Enhancing the Wiz Integration Network with a new WIN MCP, developer AI agent, WIN AI security category, and partner AI hackathon...

Scam-checking just got easier: Malwarebytes is now in ChatGPT

If you’ve ever stared at a suspicious text, email, or link and thought “Is this a scam… or am I overthinking it?” Well, you’re not alone. Scams are getting harder to spot, and even savvy internet users get caught off guard. That’s why Malwarebytes is the first cybersecurity provider available...

ctf-skills

ctf-skills Claude Codehttps://docs.anthropic.com/en/docs/c...

security-code-analyzer

security-code-analyzer An...

ZERO_SPLOIT_USB_v6

ZEROSPLOITUSB v6.0: The Singularity Edition The Si...

ROC vs. CTEM: How a Risk Operations Center Evolves Beyond Continuous Threat Exposure Management in 2026

Key Takeaways: The Essentials of ROC vs. CTEM What is a ROC? A risk operations center ROC is a centralized command hub that unifies cyber risk management across security, IT, and compliance. It uses agentic AI to provide a real-time view of business risk, prioritize what matters, and then automat...

The Year in Wiz Research: 2025 Most Read Blogs

A look back at the cloud security investigations and vulnerabilities that defined the year, from AI breakthroughs to supply chain shifts...

Ex-Google Engineer Convicted for Stealing AI Secrets for China Startup

A former Google engineer accused of stealing thousands of the company's confidential documents to build a startup in China has been convicted in the U.S., the Department of Justice DoJ announced Thursday. Linwei Ding aka Leon Ding, 38, was convicted by a federal jury on seven counts of economic...

Human-Centered Explainability in AI-Enhanced UI Security Interfaces: Designing Trustworthy Copilots for Cybersecurity Analysts

Artificial intelligence AI copilots are increasingly integrated into enterprise cybersecurity platforms to assist analysts in threat detection, triage, and remediation. However, the effectiveness of these systems depends not only on the accuracy of underlying models but also on the degree to whic...