SecurityWeek

Noteworthy stories that might have slipped under the radar: FBI issues an alert on BadBox 2 botnet, NSO disputing the $168 million WhatsApp fine, 1,000 people left CISA since Trump took office.

The number of cybersecurity-related merger and acquisition (M&A) announcements surged in May 2025.

Data security firm MIND has raised $30 million in Series A funding to expand its R&D and go-to-market teams.

A Russia-linked threat actor has used the destructive malware dubbed PathWiper against a critical infrastructure organization in Ukraine.

Cisco has released patches for a critical vulnerability impacting cloud deployments of Identity Services Engine (ISE).

An HPE StoreOnce vulnerability allows attackers to bypass authentication, potentially leading to remote code execution.

A reward is being offered for Maxim Alexandrovich Rudometov, who is accused of developing and managing the RedLine malware.

Censys researchers follow some clues and find hundreds of control-room dashboards for US water utilities on the public internet.

A threat actor has been creating backdoored open source malware repositories to target novice cybercriminals and game cheaters.

Cellebrite and Corellium, whose names have been mentioned in spyware stories, are joining forces to provide advanced investigative solutions.

Sagar Steven Singh and Nicholas Ceraolo, members of the Vile group, get prison sentences for identity theft and hacking.

Researchers have discovered and analyzed a ClickFix attack that uses a fake Cloudflare ‘humanness’ check.

Play ransomware attacks have hit roughly 900 organizations and recently involved the exploitation of SimpleHelp vulnerabilities.

Authorities seized 145 domains associated with BidenCash, a marketplace for stolen credit cards and personal information.

Lee Enterprises has completed its investigation into the recent ransomware attack and confirmed that a data breach occurred.

The Interlock ransomware group has leaked data allegedly stolen from Kettering Health in a recent cyberattack.

China issued warrants for 20 Taiwanese people it said carried out hacking missions in the Chinese mainland on behalf of the island’s ruling party.

Germany fined Vodafone $51 million for failing to protect user data from partners and unauthorized third-parties.

A financially motivated threat actor employing vishing to compromise Salesforce customers, and extort them.

AI is transforming the cybersecurity landscape—empowering attackers with powerful new tools while offering defenders a chance to fight back. But without stronger awareness and strategy, organizations risk falling behind.