Security Links
The Woffice CRM theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 5.4.21. This is due to a misconfiguration of excluded roles during registration. This makes it possible for unauthenticated attackers to register with an Administrator role if a custom login form is being used. This can be combined with CVE-2025-2797 to bypass the user approval process if an Administrator can be tricked into taking an action such as clicking a link.
#JOURNAL
OCCRP Narcofiles The New Criminal Order

Sparked by a leak of emails from the Colombian prosecutor’s office, NarcoFiles is the largest investigative project on organized crime to originate in Latin America.

https://www.occrp.org/en/narcofiles-the-new-criminal-order/
404media

404 Media is a new independent media company founded by technology journalists Jason Koebler, Emanuel Maiberg, Samantha Cole, and Joseph Cox.

https://www.404media.co/
OCCRP The Pegasas Project

How new surveillance states keep democracy and the public in check.

https://www.occrp.org/en/the-pegasus-project/
ProPublica

ProPublica is an independent, non-profit newsroom that produces investigative journalism in the public interest.

https://www.propublica.org/
Distributed Denial of Secrets

Distributed Denial of Secrets (DDoSecrets) is a journalist 501(c)(3) non-profit publishing and archiving leaks, and devoted to the free transmission of data in the public interest.

https://ddosecrets.com/wiki/Distributed_Denial_of_Secrets
OCCRP Russian Asset Tracker

Introducing a project to track down and catalogue the vast wealth held outside Russia by oligarchs and key figures close to Russian President Vladimir Putin.

https://www.occrp.org/en/asset-tracker/
OCCRP Suisse Secrets

This is the largest ever leak of account data from a major Swiss bank. Here are the stories we found inside.

https://www.occrp.org/en/suisse-secrets/