SecurityWeek

Karen Serobovich Vardanyan pleaded not guilty to charges related to his alleged role in the Ryuk ransomware operation.

Deployed on mobile devices confiscated by Chinese law enforcement, Massistant can collect user information, files, and location.

An $8 billion class action investors’ lawsuit against Meta stemming from the 2018 privacy scandal involving the Cambridge Analytica political consulting firm.

Four CVEs disclosed at the Pwn2Own Berlin 2025 hacking competition have been patched in VMware products.

Cisco has released patches for multiple vulnerabilities, including a critical flaw in Cisco ISE that leads to remote code execution (RCE).

Oracle’s July 2025 Critical Patch Update contains 309 security patches that address approximately 200 unique CVEs.

More than 1,000 suspects were arrested in raids in at least five provinces between Monday and Wednesday, according to Information Minister Neth Pheaktra and police.

Codenamed Eastwood, the operation targeted the so-called NoName057(16) group, which was identified as being behind a series of DDoS attacks on municipalities and organizations linked to a NATO summit.

Cyberattack disrupted UNFI’s operations in June; company estimates $50–$60 million net income hit but anticipates insurance will cover most losses.

A threat actor that may be financially motivated is targeting SonicWall devices with a backdoor and user-mode rootkit.

Compumedics has been targeted by the VanHelsing ransomware group, which stole files from the company’s systems.

iCOUNTER, which helps organizations defend against targeted attacks, has launched under the helm of former Mandiant president and COO John Watters.

Google refused to share any details on how its Big Sleep AI foiled efforts to exploit a SQLite vulnerability in the wild.

Chinese hacking group Salt Typhoon targeted a National Guard unit’s network and tapped into communications with other units.

Cameron John Wagenius pleaded guilty to charges related to hacking into US telecommunications companies.

Italian company Exein has raised €70 million (~$81 million) in a Series C funding round led by Balderton.

Google has released a Chrome 138 security update that patches a zero-day, the fifth resolved in the browser this year.

Obfuscated JavaScript code is embedded within SVG files for browser-native redirection to malicious pages.

Cloudflare has published its quarterly DDoS threat report for Q2 2025 and the company says it has blocked millions of attacks.

Pennsylvania-based Century Support Services is disclosing a data breach after its systems were hacked in November 2024.