This episode covers the week's biggest cybersecurity stories. A widespread campaign is exploiting critical, outdated vulnerabilities in WordPress plugins GutenKit and Hunk Companion, with millions of attacks already blocked. Microsoft has issued emergency out-of-band patches to fix a critical, potentially wormable remote code execution flaw in Windows Server Update Service (WSUS) after a proof-of-concept exploit was made public.

Amazon explains its massive AWS outage, tracing the 14-hour incident back to a major DNS failure in its DynamoDB infrastructure. We also look at the "YouTube Ghost Network," a malicious operation using over 3,000 videos on hacked channels to distribute stealer malware disguised as game cheats and pirated software.

Plus, a breakdown of the "Smishing Triad," a China-linked group behind 194,000 malicious domains used for global phishing scams , and a new infostealer built from the RedTiger tool that targets Discord accounts and payment data. Finally, a recap of Pwn2Own Ireland 2025, where hackers earned over $1 million for finding 73 zero-day vulnerabilities.

bleepingcomputer.com

https://thehackernews.com