Ionut Arghire

The spam campaign is likely orchestrated by an Indonesian threat actor, based on code comments and the packages’ random names.

Tracked as CVE-2025-9242 (CVSS score of 9.3), the flaw leads to unauthenticated, remote code execution on vulnerable firewalls.

The ransomware attack on the pathology services provider disrupted operations at several London hospitals.

Amazon has seen a threat actor exploiting CVE-2025-20337 and CVE-2025-5777, two critical Cisco and Citrix vulnerabilities, as zero-days.

Google and Mozilla have released fresh Chrome and Firefox updates that address multiple high-severity security defects.

The cybersecurity startup will use the investment to accelerate global expansion and product innovation.

Ivanti and Zoom resolved security defects that could lead to arbitrary file writes, elevation of privilege, code execution, and information disclosure.

Researchers submitted 107 bug reports during the bugSWAT hacking event at the ESCAL8 conference in New Mexico.

A threat actor has exploited the issue to create a new administrator account and then used the account to execute remote access tools.

Mozilla has implemented fresh fingerprinting protections to prevent hidden trackers from identifying Firefox users.

Hardcoded credentials in SQL Anywhere Monitor could allow attackers to execute arbitrary code on vulnerable deployments.

Attackers intercepting network traffic can determine the conversation topic with a chatbot despite end-to-end encrypted communication.

OWASP has added two new categories to the revised version of its Top 10 list of the most critical risks to web applications.

Three more VS Code extensions were infected last week and the malware has emerged in GitHub repositories as well.

Multiple vulnerabilities across QNAP’s portfolio could lead to remote code execution, information disclosure, and denial-of-service (DoS) conditions.

Australia mirrored the US’s recent sanctions against bankers, financial institutions, and others allegedly involved in laundering funds for North Korea.

The vulnerability is tracked as CVE-2025-12058 and it can be exploited for arbitrary file loading and conducting SSRF attacks.

An out-of-bounds write flaw in WebGPU tracked as CVE-2025-12725 could be exploited for remote code execution.

Multiple state-sponsored Russian groups are targeting Ukrainian entities and European countries linked to Ukraine.

Between 2016 and 2021, the suspects defrauded 4.3 million cardholders in 193 countries of €300 million (~$346 million).