Oh WordPress… while you’re not a firewall, you sure seem to belong in the same club as Fortinet and SonicWall — always making headlines for vulnerabilities that attackers can’t resist exploiting. It really comes as no surprise that you’re in the news again.

This time, the spotlight is on CVE‑2025‑8489, a critical‑severity privilege escalation vulnerability in the King Addons for Elementor plugin. Attackers are actively exploiting this flaw to obtain administrative permissions during the registration process, effectively handing themselves the keys to the kingdom.

Alright everyone, an important public service announcement — but this one’s for those in green bubble land.

Don’t worry, iPhone users can keep sipping their lattes. But if you’re rocking an Android device, it’s time to pay attention. Google has just released its December 2025 security bulletin, patching a staggering 107 vulnerabilities across multiple components. Some of these flaws are already being exploited in the wild, which means attackers aren’t waiting around for you to hit “update.”

The holiday season is a time of joy, generosity, and celebration. But while we’re busy shopping online, booking travel, and donating to charities, cybercriminals are equally busy looking for ways to exploit the festive rush. Every year, we see a spike in phishing scams, fake websites, and fraudulent deals designed to trick distracted consumers. Staying vigilant is more important than ever — because one careless click could turn holiday cheer into holiday chaos.

When it comes to identity and access management, Microsoft continues to show that proactive security is more than just a slogan — it’s a strategy. Microsoft is flexing its proactive muscles again by enhancing the Entra ID authentication system with a strengthened Content Security Policy (CSP) designed to block external script injection attacks. This update is not just another incremental tweak, it’s a meaningful step forward in protecting users against one of the most persistent threats in web security: cross‑site scripting (XSS) and malicious script injection.

SonicWall has disclosed a critical SonicOS SSLVPN vulnerability that can crash firewalls outright, raising fresh concerns about the reliability of budget firewall solutions. While there’s no evidence of active exploitation yet, the company is urging customers to patch immediately or disable SSLVPN until updates can be applied. This flaw is just the latest in a string of incidents that have put SonicWall in the headlines. And when you zoom out, a troubling pattern emerges: SonicWall and Fortinet — two of the most popular “affordable” firewall vendors — seem to be trading places in the news cycle, each grappling with vulnerabilities that undermine trust in their products.