Critical WordPress flaw CVE-2025–5947 exploited in 13,800 attacks lets hackers hijack Service Finder sites.
Category: security
Computer advances and ‘invisibility cloak’ vie for physics Nobel
A math theory powering computer image compression, an “invisibility cloak” or the science behind the James Webb Space Telescope are some achievements that could be honored when the Nobel physics prize is awarded Tuesday.
The award, to be announced at 11:45 am (0945 GMT) in Stockholm, is the second Nobel of the season, after the Medicine Prize was awarded on Monday to a US-Japanese trio for research into the human immune system.
Mary Brunkow and Fred Ramsdell, of the United States, and Japan’s Shimon Sakaguchi were recognized by the Nobel jury for identifying immunological “security guards”
IDs of Some Discord Users Appealing Age Determination Have Been Leaked
As stated in Discord’s official statement addressing the breach, an “unauthorized party” compromised one of the platform’s third-party customer service providers, accessing information from a limited number of users who had contacted Discord’s Customer Support or Trust & Safety teams.
Due to this attack, the unnamed intruders obtained a number of government ID images, including driver’s licenses and passports, from some of the users who had appealed an age determination. In addition, the breach also resulted in the exposure of names, Discord usernames, emails, the last four digits of credit card numbers, purchase histories (if linked to the account), IP addresses, and messages with Discord’s customer service agents for some users.
The platform also clarified that more sensitive information, such as full credit card numbers or CVV codes, messages or activity on Discord outside of customer support interactions, and passwords or authentication data, was not impacted.
New EDR-Freeze tool uses Windows WER to suspend security software
A new method and proof-of-concept tool called EDR-Freeze demonstrates that evading security solutions is possible from user mode with Microsoft’s Windows Error Reporting (WER) system.
The technique eliminates the need of a vulnerable driver and puts security agents like endpoint detection and response (EDR) tools into a state of hibernation.
By using the WER framework together with the MiniDumpWriteDump API, security researcher TwoSevenOneThree (Zero Salarium) found a way to suspend indefinitely the activity of EDR and antivirus processes indefinitely.
