The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a newly discovered flaw in the Windows SMB component to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability, tracked as CVE-2025-33073, stems from an...
The Paragon investigation continues to gain momentum, as prosecutors in Rome and Naples intensify their questioning of officials from Italy’s intelligence services in an effort to reconstruct the chain of events that led to...
The American electronics distributor Avnet has confirmed a data breach, but stated that the stolen information cannot be read without the company’s proprietary internal tools. In a statement to BleepingComputer, an Avnet representative reported...
Recent posts on the Telegram channel “SLSH 6.0” have enabled researchers from Unit 42 to trace the continued operations of the Scattered LAPSUS$ Hunters group — participants in an expanding digital extortion scheme linked...
Security researchers at Socket have uncovered a large-scale spam campaign orchestrated through WhatsApp Web, revealing 131 Chrome extensions that are, in essence, variants of a single mass-messaging automation tool. Disguised as legitimate utilities for...
A critical vulnerability in the WatchGuard Fireware operating system allows attackers to execute arbitrary code on affected devices without prior authentication. The flaw impacts VPN services using the IKEv2 protocol, both for mobile user...
Hackers have unleashed a new self-propagating malware dubbed GlassWorm, which first infiltrated the Visual Studio Code extension ecosystem via the OpenVSX marketplace. Researchers at Koi Security found that the worm conceals malicious code using...
For the first time, the U.S. Department of Homeland Security has formally demanded that OpenAI disclose the identity of a ChatGPT user whose prompts appeared in a child pornography investigation. The warrant—issued to agents...
Across the Asia-Pacific region and Japan, a new breed of cybercrime is taking shape—one where attackers operate as structured business entities, guided by clear strategies and profit-driven motives. According to the CrowdStrike 2025 APJ...
The Japanese company Ryohin Keikaku, owner of the Muji brand, has suspended operations of its online store following a cyberattack on its logistics partner, Askul Corp. According to Ryohin Keikaku, the decision was made...
Developers using the Cursor and Windsurf IDEs are currently exposed to exploitation through at least 94 known vulnerabilities in Chromium and its JavaScript engine, V8. Both environments are built on outdated versions of Electron...
In early 2025, a developer named Jay Gibson (name changed for security reasons) received a chilling notification on his personal iPhone: Apple had warned him that his device had been the target of a...
