UK Faces Russian Cyberattack Crisis Today

Welcome to today’s cybersecurity briefing – your daily insight into the ever-evolving digital threat landscape. In recent updates, Britain has been thrust into the crosshairs as MI5 warns of sustained Russian cyberattacks, making the UK a central battleground in the emerging cyber conflict. Let’s take a closer look at the latest vulnerabilities and incidents, from critical WordPress plugin flaws to network software hazards affecting organisations worldwide.

UK in Focus: Russian Cyberattacks and MI5 Alerts

Recent reports indicate that Britain is now considered ground zero for Russian cyberattacks, with MI5 cautioning against a series of persistent threats. As cyber adversaries target both public bodies and private enterprises, staying ahead of these sophisticated attacks is essential. Such warnings remind us that robust security measures and thorough compliance – a speciality for consultants like Synergos Consultancy based in Huddersfield – remain imperative.

WordPress Vulnerabilities Under the Microscope

CVE-2025-7444: LoginPress Pro Authentication Bypass

The LoginPress Pro plugin for WordPress, in all versions up to and including 5.0.1, is facing a critical authentication bypass vulnerability. Due to insufficient verification of social login tokens, attackers can impersonate any user – even administrators – if they manage to access the associated email.

CVE-2025-7643: Attachment Manager Remote File Deletion

An arbitrary file deletion flaw in the Attachment Manager plugin (versions up to 2.1.2) has been rated critical. The vulnerability can allow unauthenticated attackers to delete key files on a server, potentially enabling remote code execution.

CVE-2025-6718: B1.lt SQL Injection

The B1.lt WordPress plugin has a SQL injection vulnerability, stemming from a missing capability check in its b1_run_query AJAX action. Even users with only Subscriber-level access might be able to run arbitrary SQL commands, making this a high-severity risk.

CVE-2025-6222: WooCommerce Refund and Exchange Arbitrary File Upload

This vulnerability affects the WooCommerce Refund And Exchange with RMA – Warranty Management theme, where missing file type validation allows unauthenticated attackers to upload malicious files. The potential exists for remote code execution, with the severity rated as critical.

CVE-2025-6813: aapanel WP Toolkit Privilege Escalation

A flaw in the auto_login() function of the aapanel WP Toolkit plugin permits authenticated users (from Subscriber level upward) to bypass role checks and obtain full administrative rights. This issue carries a high severity rating, reminding site administrators to verify plugin updates regularly.

CVE-2025-3740: WordPress School Management System Local File Inclusion

A Local File Inclusion vulnerability in the School Management System for WordPress (up to version 93.1.0) enables attackers to include and execute files remotely. Not only can this lead to code execution, but chaining exploits can also facilitate privilege escalation in multisite environments.

Other Software and Network Vulnerabilities

BIND 9: Exposing Cache Poisoning and DoS Risks

Organisations worldwide are at risk due to two critical vulnerabilities found in the BIND 9 DNS resolver software. Attackers could exploit these flaws to carry out cache poisoning and denial-of-service attacks, which could disrupt essential network functions.

Signal App Clone: Actively Exploited for Password Theft

A critical vulnerability in the TeleMessageTM SGNL – a Signal app clone – is currently under active exploitation. Cybercriminals are leveraging the flaw to steal passwords and sensitive information, especially from government agencies and large enterprises.

CitrixBleed 2: Pre-Empting Public Exploits

A severe Citrix NetScaler weakness, tracked as CVE-2025-5777 and nicknamed “CitrixBleed 2,” was exploited nearly two weeks before proof-of-concept exploits were released. Despite initial claims of no evidence for active attacks, the early exploitation underscores the speed at which vulnerabilities can be weaponised.

CVE-2025-7762 and CVE-2025-7758: Buffer Overflow Concerns

Two devices are currently in the spotlight: the D-Link DI-8100 (CVE-2025-7762) and TOTOLINK T6 (CVE-2025-7758) both suffer from critical buffer overflow vulnerabilities within their HTTP request handlers. These flaws, which can be triggered remotely, could lead to uncontrolled code execution on the target systems.

Disruptions in the Utility Sector

A cyber attack on Nova Scotia Power, a Canadian electric utility, resulted in the disconnection of power meters—hindering accurate billing. This incident highlights the real-world impact cyberattacks can have on critical infrastructure.

VMware ESXi Zero-Day Fixes After Pwn2Own Berlin

Following revelations at the Pwn2Own Berlin 2025 hacking contest, VMware promptly fixed four zero-day vulnerabilities affecting ESXi, Workstation, Fusion, and Tools. Such rapid remediation underscores the importance of staying updated with vendor security patches.

CVE-2025-7433: Sophos Intercept X Local Privilege Escalation

A vulnerability in Sophos Intercept X for Windows allows for local privilege escalation, potentially enabling the execution of arbitrary code. This issue emphasises the need to update security software proactively, a message echoed by many industry experts.

CVE-2025-53964: GoldenDict Uncontrolled File Modification

GoldenDict versions 1.5.0 and 1.5.1 contain an exposed method that attackers can exploit to modify files. The severity of this vulnerability is high due to potential unauthorised changes, which might compromise system integrity.

CVE-2025-23266 and CVE-2025-23267: NVIDIA Container Toolkit Vulnerabilities

Two vulnerabilities in the NVIDIA Container Toolkit affect all platforms. The first (CVE-2025-23266) allows privilege escalation, while the second (CVE-2025-23267) could enable link following resulting in data tampering and denial of service. Both issues are critical and highlight risks in container environments.

Chinese State-Sponsored Attacks on the Semiconductor Industry

Amid rising geopolitical tensions, China-backed threat actors have been targeting Taiwan’s semiconductor industry. Using tools like Cobalt Strike and phishing campaigns, these hackers aim to pilfer technology, underscoring the transnational nature of cyber espionage.

CVE-2024-13972: Intercept X for Windows Registry Vulnerability

Prior to version 2024.3.2, a vulnerability in the Intercept X for Windows updater could allow a local user to gain SYSTEM-level privileges by exploiting registry misconfigurations. The issue is rated high, and updating promptly is essential.

CVE-2025-7747: Tenda POST Request Handler Buffer Overflow

A critical flaw identified in the Tenda FH451 leads to a buffer overflow via manipulation of a POST parameter. With disclosed exploit details now public, this vulnerability must be patched without delay.

Emerging Threats: Backdoor Exploits and Malicious Repositories

In a couple of notable developments, hackers are reportedly exploiting backdoors in SonicWall Secure Mobile Access to steal credentials, and malicious GitHub repositories have been identified hosting Amadey malware alongside data stealer payloads. Such tactics serve as a reminder that the threat landscape is multifaceted and continually evolving.

CVE-2025-25257 and Cisco ISE Bugs

Lastly, a critical SQL injection vulnerability in Fortinet FortiWeb (CVE-2025-25257) and a pre-authentication command execution bug in Cisco’s Identity Services Engine (CVE-2025-20337) have both emerged. These flaws could allow unauthorised code execution, making timely updates a priority for affected systems.

Looking Ahead

The cyber threat arena continues to advance in complexity and scope. From the frontline warnings issued by MI5 to the intricate vulnerabilities across popular platforms and network systems, businesses must remain vigilant. Whether safeguarding a WordPress site or protecting critical national infrastructure, action today can prevent major incidents tomorrow.

At Synergos Consultancy, we understand that compliance and robust security go hand in hand. As organisations look to enhance their cybersecurity posture, comprehensive guidance on ISO certifications, Health & Safety management, and more can provide the essential backbone for digital resilience. Stay informed, stay secure – and perhaps keep that jumper handy, just in case!