Daily Security Review

Palo Alto Networks Uncovers 194,000-Domain Smishing Campaign Linked to “Smishing Triad”

29 Oct 2025

Contributed by Lukas

A global smishing campaign of unprecedented scale has been uncovered by Palo Alto Networks, revealing the vast operations of a Chinese-speaking threat...

Operation ForumTroll: Chrome Zero-Day Tied to Italian Spyware Developer Memento Labs

29 Oct 2025

Contributed by Lukas

A newly uncovered cyber-espionage operation known as Operation ForumTroll has revealed the resurgence of commercial spyware in state-sponsored surveil...

Coveware Reports Historic Drop in Ransomware Payments: Only 23% of Victims Paid in Q3 2025

28 Oct 2025

Contributed by Lukas

The global ransomware economy is collapsing under growing resistance from its targets. According to new data from cybersecurity firm Coveware, the thi...

Firefox Add-Ons Must Declare Data Collection—or Be Rejected

28 Oct 2025

Contributed by Lukas

Mozilla is taking a decisive step toward transparency and user control by requiring all Firefox extensions to disclose how they collect and handle per...

Chainguard’s $3.5 Billion Valuation Signals Massive Investor Confidence in Secure-by-Default Software

28 Oct 2025

Contributed by Lukas

Chainguard, the Kirkland, Washington-based cybersecurity company, has announced a landmark $280 million growth funding round led by General Catalyst’...

$1 Million WhatsApp Exploit Withdrawn—Researcher Silent, Meta Calls It “Low-Risk”

28 Oct 2025

Contributed by Lukas

The Pwn2Own Ireland 2025 hacking competition was set to feature one of its most anticipated moments — a $1 million zero-click remote code execution ...

OpenAI Atlas Omnibox Jailbreak Exposes New AI Security Flaw

27 Oct 2025

Contributed by Lukas

A serious vulnerability has been discovered in the OpenAI Atlas omnibox, a hybrid interface designed to handle both URLs and user prompts. Researchers...

Microsoft Rushes Emergency Fix for WSUS Remote Code Execution Flaw (CVE-2025-59287)

27 Oct 2025

Contributed by Lukas

A critical remote code execution (RCE) flaw, tracked as CVE-2025-59287, has put thousands of enterprise networks at risk by exposing the Windows Serve...

Perplexity Comet AI Browser Launch Exploited in Coordinated Impersonation Scam

27 Oct 2025

Contributed by Lukas

The launch of Perplexity’s Comet AI browser — a major step forward in AI-assisted browsing — was almost immediately hijacked by cybercriminals. ...

Lazarus Group Targets European UAV Firms in North Korea’s Drone Espionage Push

27 Oct 2025

Contributed by Lukas

A new wave of cyber-espionage attacks reveals North Korea’s deepening effort to steal critical defense technologies from Europe. In a sophisticated ...

Toys “R” Us Canada Confirms Customer Data Breach After Dark Web Leak

25 Oct 2025

Contributed by Lukas

Toys “R” Us Canada has confirmed a customer data breach after records from its database appeared on the dark web on July 30, 2025, prompting a ful...

Kyocera’s Motex Lanscope Hit by Active Attacks: Critical 9.8 Exploit Enables Remote Code Execution

24 Oct 2025

Contributed by Lukas

A dangerous zero-day vulnerability in Kyocera Communications subsidiary Motex’s Lanscope Endpoint Manager has triggered a global cybersecurity alert...

BIND 9 Emergency Patches: ISC Fixes High-Severity Cache Poisoning and DoS Flaws

24 Oct 2025

Contributed by Lukas

The Internet Systems Consortium (ISC) has released a series of critical BIND 9 updates to fix multiple high-severity vulnerabilities affecting DNS res...

Adobe Confirms Active Exploitation of SessionReaper Vulnerability in Commerce Platforms

24 Oct 2025

Contributed by Lukas

A critical new vulnerability is wreaking havoc across the global e-commerce ecosystem. Tracked as CVE-2025-54236 and dubbed SessionReaper, this flaw a...

AI Sidebar Spoofing: How Malicious Extensions Hijack ChatGPT and Perplexity Interfaces

24 Oct 2025

Contributed by Lukas

Cybersecurity firm SquareX has unveiled a new and alarming threat to users of AI-enabled browsers — a technique called AI Sidebar Spoofing. This sop...

Jewett-Cameron Reports Ransomware Breach Involving Encryption and Data Theft

24 Oct 2025

Contributed by Lukas

Oregon-based Jewett-Cameron Company, a manufacturer of fencing, kennels, and specialty wood products, has confirmed that it was the victim of a double...

Star Blizzard’s Malware Makeover: From LostKeys to MaybeRobot

23 Oct 2025

Contributed by Lukas

The Russian state-sponsored hacking group Star Blizzard — also tracked as ColdRiver, Seaborgium, and UNC4057 — has undergone a major transformatio...

Keycard Emerges from Stealth with $38M to Secure the Identity of AI Agents

23 Oct 2025

Contributed by Lukas

San Francisco-based Keycard has officially emerged from stealth mode, announcing $38 million in funding across seed and Series A rounds to build what ...

Critical TP-Link Omada Vulnerabilities Expose Networks to Remote Takeover

23 Oct 2025

Contributed by Lukas

Security researchers are urging immediate action after TP-Link disclosed multiple critical vulnerabilities in its Omada gateway line, affecting a wide...

TARmageddon: The Rust Library Flaw Exposing Supply Chains to Remote Code Execution

23 Oct 2025

Contributed by Lukas

A critical new vulnerability known as TARmageddon (CVE-2025-62518) has sent shockwaves through the Rust developer community and the broader cybersecur...

Vidar 2.0: The C-Rewritten Stealer Poised to Dominate the Cybercrime Market

23 Oct 2025

Contributed by Lukas

A new evolution in information-stealing malware has arrived — and it’s already drawing serious attention from researchers and defenders alike. The...

Dataminr Acquires ThreatConnect for $290M to Create the Next Generation of Tailored Threat Intelligence

22 Oct 2025

Contributed by Lukas

Dataminr, the AI powerhouse known for its real-time risk and event detection platform, has announced plans to acquire ThreatConnect, a cybersecurity f...

Veeam Acquires Securiti AI for $1.725 Billion to Unite Data Resilience, Security, and AI

22 Oct 2025

Contributed by Lukas

In one of the largest cybersecurity acquisitions of 2025, Veeam Software has announced plans to acquire Securiti AI for $1.725 billion in cash and sto...

Defakto Raises $30.75 Million to Redefine Machine Identity Security

22 Oct 2025

Contributed by Lukas

California-based cybersecurity firm Defakto has raised $30.75 million in Series B funding, led by XYZ Venture Capital, bringing its total investment t...

Dr. Allan Friedman Joins NetRise: The Father of SBOMs Goes Private to Fuse AI and Supply Chain Security

22 Oct 2025

Contributed by Lukas

In a landmark move for the cybersecurity industry, Dr. Allan Friedman — often called the Father of SBOMs — has joined supply chain security firm N...

Pwn2Own Automotive 2026: $3 Million Bounty Targets Tesla and EV Infrastructure Flaws

21 Oct 2025

Contributed by Lukas

The upcoming Pwn2Own Automotive 2026 hacking contest, hosted by Trend Micro’s Zero Day Initiative (ZDI), is set to redefine the economics of automot...

China Claims NSA Breached National Time Network, Threatening Finance and Defense Stability

20 Oct 2025

Contributed by Lukas

China’s Ministry of State Security (MSS) has publicly accused the U.S. National Security Agency (NSA) of conducting a multi-year cyber espionage cam...

Cl0p Ransomware Targets Oracle E-Business Suite in Global Data Extortion Spree

20 Oct 2025

Contributed by Lukas

A new wave of Cl0p ransomware attacks has struck organizations worldwide by exploiting vulnerabilities in Oracle’s E-Business Suite (EBS) — a miss...

WhatsApp Wins Landmark Case Against NSO Group Over Spyware Attacks

20 Oct 2025

Contributed by Lukas

After six years of intense litigation, WhatsApp has secured a decisive legal victory against the NSO Group, the controversial spyware maker accused of...

Google Project Zero Exposes Dolby Decoder Flaw Enabling Zero-Click Android Exploits

20 Oct 2025

Contributed by Lukas

A newly discovered vulnerability in Dolby’s Unified Decoder has sent shockwaves through the cybersecurity world. Tracked as CVE-2025-54957, the flaw...

AISLE Launches AI Cyber Reasoning System to Shrink Patch Times from Weeks to Minute

17 Oct 2025

Contributed by Lukas

AISLE has entered the cybersecurity arena with an AI-native Cyber Reasoning System (CRS) built to do what most tools don’t: fix vulnerabilities—fa...

Microsoft Blunts “Vanilla Tempest”: 200 Malicious Certificates Revoked

17 Oct 2025

Contributed by Lukas

In early October 2025, Microsoft executed a targeted disruption against Vanilla Tempest—the threat actor also tracked as Vice Society—after uncove...

The “Shotgun” Botnet: How RondoDox Hijacks Routers, Cameras, and Servers Worldwide

14 Oct 2025

Contributed by Lukas

A new and fast-growing botnet dubbed RondoDox is shaking up the global cybersecurity landscape with its “shotgun” exploitation strategy, targeting...

“Inflation Refund” Scam: How Fraudsters Are Stealing Identities Through Texts

13 Oct 2025

Contributed by Lukas

A widespread smishing campaign is sweeping across New York, luring residents with fraudulent text messages about an “Inflation Refund” from the De...

Juniper Networks Patches 220 Vulnerabilities in Massive October Security Update

13 Oct 2025

Contributed by Lukas

In one of the year’s most extensive patch cycles, Juniper Networks has released its October 2025 security advisories, addressing a staggering 220 vu...

Linked Exploitation Campaigns Target Cisco, Fortinet, and Palo Alto Networks Devices

13 Oct 2025

Contributed by Lukas

Cyber intelligence firm GreyNoise has uncovered what appears to be a coordinated exploitation effort targeting network edge appliances from three majo...

Salesforce Refuses Ransom as Scattered LAPSUS$ Hunters Leak Millions of Records

13 Oct 2025

Contributed by Lukas

A new wave of cyber extortion has rocked the enterprise world as the Scattered LAPSUS$ Hunters—a coalition formed from the notorious Lapsus$, Scatte...

Oneleet Secures $33M Series A to Revolutionize Integrated Cybersecurity

07 Oct 2025

Contributed by Lukas

Amsterdam-based cybersecurity startup Oneleet has raised $33 million in Series A funding, bringing its total capital to $35 million and positioning it...

ParkMobile Data Breach Ends in $32.8M Settlement — and a $1 Payout

06 Oct 2025

Contributed by Lukas

The final chapter in the ParkMobile data breach saga has arrived—nearly four years after the 2021 cyberattack that compromised the personal informat...

Discord Confirms Data Breach Linked to Third-Party Support Vendor

06 Oct 2025

Contributed by Lukas

Discord has confirmed a significant data breach affecting users who interacted with its customer support teams, after hackers compromised a third-part...

Weather Station Gateway Exploited: CISA Adds Meteobridge Bug to KEV List

06 Oct 2025

Contributed by Lukas

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a stark warning following confirmation that a command injection vulnerability i...

DrayTek Issues Critical Patch for Router RCE Flaw (CVE-2025-10547)

06 Oct 2025

Contributed by Lukas

A serious unauthenticated remote code execution (RCE) flaw, identified as CVE-2025-10547, has been uncovered in DrayTek’s DrayOS routers. This vulne...

FTC vs. Sendit: Lawsuit Alleges Data Theft, Fake Messages, and Subscription Traps

02 Oct 2025

Contributed by Lukas

The Federal Trade Commission (FTC) has filed a high-profile lawsuit against Sendit, a social media companion app popular among teenagers, and its CEO....

Broadcom Patches VMware Zero-Day: CVE-2025-41244 Exploited by China-Linked UNC5174

01 Oct 2025

Contributed by Lukas

Broadcom has released a critical security update addressing six vulnerabilities across VMware products, including four rated high-severity. At the cen...

Seven Years, £5.5 Billion, 128,000 Victims – The Case of Yadi Zhang

01 Oct 2025

Contributed by Lukas

In a historic case that has captured global attention, UK authorities have secured a conviction against Zhimin Qian (also known as Yadi Zhang), the Ch...

Cisco ASA/FTD Flaws Under Siege: 50,000 Devices at Risk from Active Exploits

01 Oct 2025

Contributed by Lukas

Two newly disclosed critical vulnerabilities—CVE-2025-20333 and CVE-2025-20362—are wreaking havoc across the global cybersecurity landscape, with ...

MatrixPDF: The New Phishing Toolkit That Turns Safe PDFs into Cyber Weapons

01 Oct 2025

Contributed by Lukas

A new cybercrime toolkit called MatrixPDF is changing the phishing landscape by weaponizing one of the most trusted file formats: PDFs. Marketed on cy...

Asahi Brewery Cyberattack Halts Domestic Operations Across Japan

01 Oct 2025

Contributed by Lukas

Asahi Group Holdings, Ltd.—the brewer behind some of the world’s most iconic beers, including Peroni and Grolsch—has been hit by a crippling cyb...

Akira Ransomware Exploits SonicWall Flaw with Record-Breaking Speed

30 Sep 2025

Contributed by Lukas

The Akira ransomware group has once again raised the stakes in cybercrime by exploiting a critical SonicWall vulnerability—CVE-2024-40766—to infil...

Ex-Hacktivist “Sabu” Backs SafeHill’s $2.6M Bet on Continuous Threat Management

30 Sep 2025

Contributed by Lukas

A new cybersecurity startup with an infamous name attached is making headlines. SafeHill—formerly known as Tacticly—has secured $2.6 million in pr...

Jaguar Land Rover Cyberattack Fallout: £1.5B UK Bailout Sparks Fears of More Attacks

30 Sep 2025

Contributed by Lukas

Jaguar Land Rover (JLR), one of the UK’s largest exporters and a key anchor of the nation’s automotive supply chain, has been brought to the brink...

CISA’s Sunset Clause: What Happens if America’s Cyber Threat Shield Expires?

30 Sep 2025

Contributed by Lukas

The Cybersecurity Information Sharing Act (CISA), first enacted in 2015, is facing a critical expiration deadline in September 2025. Without reauthori...

Crypto Theft on macOS: XCSSET Malware Swaps Wallet Addresses in Real Time

30 Sep 2025

Contributed by Lukas

A new and more dangerous variant of the XCSSET macOS malware has been uncovered by Microsoft, revealing an expanded arsenal of capabilities aimed at f...

Nine High-Severity Vulnerabilities Expose Cognex Legacy Cameras to Cyber Threats

29 Sep 2025

Contributed by Lukas

Cybersecurity researchers at Nozomi Networks have uncovered nine high-severity vulnerabilities in several older models of Cognex industrial cameras, i...

Microsoft Cuts Services to Israeli Military Unit After Surveillance Revelations

29 Sep 2025

Contributed by Lukas

Microsoft has taken the unprecedented step of cutting off services to an Israeli military unit after internal and external investigations revealed its...

Ghana, Senegal, Ivory Coast at the Center of Interpol’s Multi-Nation Cybercrime Takedown

29 Sep 2025

Contributed by Lukas

Interpol has announced the results of a sweeping cybercrime operation across 14 African nations, leading to the arrest of 260 individuals behind roman...

Harrods Data Breach Exposes Customer Details in Third-Party Hack

29 Sep 2025

Contributed by Lukas

Britain is facing a troubling wave of cyberattacks that has shaken some of its most high-profile organizations. Harrods, the world-renowned luxury ret...

Steam Game BlockBlasters Turns Malicious, Drains $150K in Crypto

24 Sep 2025

Contributed by Lukas

What happens when a trusted gaming platform becomes a weapon for cybercriminals? That’s exactly what unfolded with BlockBlasters, a free-to-play pla...

Beyond the Inbox: The Rising Threat of Non-Email Phishing Attacks

23 Sep 2025

Contributed by Lukas

Phishing is no longer just an email problem. A new wave of non-email phishing attacks is targeting employees through social media, instant messaging a...

Stellantis Data Breach Exposes Contact Info in Third-Party Provider Attack

23 Sep 2025

Contributed by Lukas

Automotive giant Stellantis, the world’s fifth-largest automaker, has confirmed a data breach affecting its North American customers after attackers...

HoundBytes Launches WorkHorse to Eliminate SOC Tier 1 Bottlenecks

23 Sep 2025

Contributed by Lukas

Cybersecurity firm HoundBytes has officially launched WorkHorse, an automated security analyst designed to solve one of the biggest pain points in mod...

Toronto’s Mycroft Raises $3.5M to Bring AI Security Officers to Startups

23 Sep 2025

Contributed by Lukas

Toronto-based cybersecurity startup Mycroft has stepped out of stealth with a bold promise: to give startups and small-to-midsize businesses (SMBs) th...

FBI Issues Guidance as Fraudsters Pose as IC3 to Extort Victims

23 Sep 2025

Contributed by Lukas

The FBI has issued a warning to the public about a cyber campaign impersonating the Internet Crime Complaint Center (IC3), using spoofed websites to t...

Fraudulent GitHub Repos Spread Atomic Stealer Malware Targeting macOS Users

22 Sep 2025

Contributed by Lukas

A new cyber campaign is actively targeting macOS users with the Atomic Stealer (AMOS) malware, leveraging fake GitHub repositories disguised as legiti...

Netskope’s IPO Raises $908M: SASE Leader Surges 18% on First Trading Day

22 Sep 2025

Contributed by Lukas

Netskope, a California-based cybersecurity firm specializing in secure access service edge (SASE) solutions, has officially gone public in one of the ...

SPLX Exposes AI Exploit: Prompt Injection Tricks ChatGPT Into Solving CAPTCHAs

22 Sep 2025

Contributed by Lukas

A startling new report from AI security platform SPLX reveals how attackers can bypass the built-in guardrails of AI agents like ChatGPT through a sop...

Brussels, Berlin, London Hit Hard as Cyber Disruption Sparks Flight Chaos

22 Sep 2025

Contributed by Lukas

A cyberattack on Collins Aerospace, a U.S.-based provider of passenger check-in and baggage handling software, plunged major European airports into ch...

Novakon Ignored Security Reports on ICS Weaknesses, Leaving 40,000+ Devices Exposed

20 Sep 2025

Contributed by Lukas

A new security report has revealed serious, unpatched vulnerabilities in industrial control system (ICS) products manufactured by Novakon, a Taiwan-ba...

RevengeHotels Cybercrime Group Adopts AI and VenomRAT in Hotel Credit Card Theft Campaign

19 Sep 2025

Contributed by Lukas

The cybercrime group known as RevengeHotels, also tracked as TA558, has launched a new wave of attacks against the hospitality sector, evolving its ta...

ShadowLeak: Server-Side Data Theft Attack Discovered Against ChatGPT Deep Research

19 Sep 2025

Contributed by Lukas

A groundbreaking new cyberattack dubbed ShadowLeak has been uncovered targeting ChatGPT’s Deep Research capability, marking a dangerous escalation i...

WatchGuard Firebox Vulnerability Could Let Hackers Take Over Networks

19 Sep 2025

Contributed by Lukas

A new critical vulnerability, CVE-2025-9242, has been discovered in WatchGuard Firebox firewalls, putting thousands of networks worldwide at risk. The...

How SystemBC’s 1,500 Infected VPS Servers Fuel Ransomware and Fraud

19 Sep 2025

Contributed by Lukas

The SystemBC proxy botnet has quietly become one of the most persistent pillars of the cybercrime ecosystem. First detected in 2019, SystemBC is less ...

Tiffany & Co. Data Breach Exposes Gift Card Details of 2,500+ Customers

18 Sep 2025

Contributed by Lukas

Tiffany and Company, the iconic luxury jeweler under the LVMH umbrella, has confirmed a serious data breach impacting over 2,500 customers across the ...

Lakera’s Gandalf Network Joins Check Point in $300M AI Security Deal

18 Sep 2025

Contributed by Lukas

In a major strategic move, Check Point Software Technologies has announced the acquisition of Lakera, a Zurich and San Francisco–based AI security f...

Shai-Hulud Exposes Fragility of the Open-Source Software Supply Chain

17 Sep 2025

Contributed by Lukas

A major supply chain attack is underway in the npm ecosystem. Dubbed Shai-Hulud, this worm-style campaign began with the compromise of the popular @ct...

ChatGPT Calendar Vulnerability Exposes User Emails in New AI Attack

17 Sep 2025

Contributed by Lukas

A critical vulnerability has been uncovered in ChatGPT’s new calendar integration, exposing how attackers could exfiltrate sensitive user data—par...

CrowdStrike Acquires Pangea to Launch AI Detection and Response (AIDR)

17 Sep 2025

Contributed by Lukas

At Fal.Con 2025, CrowdStrike announced one of its boldest moves yet: the acquisition of AI security startup Pangea. The deal signals CrowdStrike’s i...

RaccoonO365: $100K Phishing-as-a-Service Scheme Taken Down

17 Sep 2025

Contributed by Lukas

Microsoft and Cloudflare have successfully dismantled RaccoonO365, a global phishing-as-a-service (PhaaS) operation that had been running for over a y...

AI-Generated Phishing and Deepfakes Supercharge Social Engineering Attacks

17 Sep 2025

Contributed by Lukas

Social engineering has reclaimed center stage as today’s most reliable intrusion vector—and it’s not just email anymore. Recent warnings from la...

Phoenix Attack Breaks DDR5 Rowhammer Defenses: Root in 109 Seconds

16 Sep 2025

Contributed by Lukas

The infamous Rowhammer vulnerability, long thought to be contained by new DRAM protections, has resurfaced with devastating force. Academic researcher...

Silent Push Raises $10M Series B to Expand Threat Intelligence Platform

16 Sep 2025

Contributed by Lukas

Cybercriminals aren’t just breaking in—they’re borrowing your brand to do it. This episode dives into the critical intersection of brand protect...

Google Accused of Shadow Lobbying Against California Privacy Opt-Out Law

16 Sep 2025

Contributed by Lukas

California’s Assembly Bill 566 (AB 566) has become one of the most hotly contested pieces of privacy legislation in the country. The bill would requ...

FinWise Bank Data Breach Exposes 700K Customers Amid Predatory Lending Allegations

16 Sep 2025

Contributed by Lukas

FinWise Bank is facing a double crisis—one of data security and another of public trust. Nearly 700,000 customers of American First Finance (AFF), a...

The “s1ngularity” Attack: How Hackers Hijacked Nx and Leaked Thousands of Repositories

09 Sep 2025

Contributed by Lukas

In late August 2025, the open-source software ecosystem was rocked by a sophisticated two-phase supply chain attack, now known as “s1ngularity.” T...

Canadian Investment Giant Wealthsimple Hit by Vendor Compromise

08 Sep 2025

Contributed by Lukas

Wealthsimple, one of Canada’s largest online investment platforms, has confirmed a data breach that exposed the sensitive information of fewer than ...

FireCompass Raises $20M to Scale AI-Powered Offensive Security

08 Sep 2025

Contributed by Lukas

In a year when cybercrime is projected to cost the world over $10.5 trillion, FireCompass has emerged as one of the most closely watched AI-driven cyb...

CVE-2025-42957: Active Exploits Target SAP S/4HANA Systems

08 Sep 2025

Contributed by Lukas

A newly uncovered critical vulnerability, tracked as CVE-2025-42957, is sending shockwaves through the enterprise technology world. Affecting all SAP ...

Fake Job Interviews, Real Hacks: How North Korean Spies Steal Billions in Crypto

08 Sep 2025

Contributed by Lukas

North Korean cybercriminals have escalated their social engineering operations, deploying a wave of sophisticated campaigns designed to infiltrate cry...

Cato Networks Acquires Aim Security to Bolster AI Defense in SASE

05 Sep 2025

Contributed by Lukas

Cato Networks, a leader in Secure Access Service Edge (SASE), has made its first acquisition, purchasing Aim Security, an AI security startup founded ...

Tidal Cyber Secures $10M to Advance Threat-Informed Defense

04 Sep 2025

Contributed by Lukas

Cybersecurity startup Tidal Cyber, founded in 2022 by three former MITRE experts, has raised $10 million in Series A funding, bringing its total capit...

Disney Fined $10M for COPPA Violations Over Mislabeling Kids’ Content on YouTube

04 Sep 2025

Contributed by Lukas

Disney has reached a $10 million settlement with the U.S. Federal Trade Commission (FTC) after being found in violation of the Children’s Online Pri...

Google Patches 111 Android Flaws in September 2025, Including Two Zero-Days Under Attack

04 Sep 2025

Contributed by Lukas

Google has released its September 2025 Android security patches, addressing a staggering 111 unique vulnerabilities, including two actively exploited ...

Google Warns of Sitecore Zero-Day: ViewState Deserialization Under Fire

04 Sep 2025

Contributed by Lukas

A critical zero-day vulnerability, CVE-2025-53690, is being actively exploited in the wild, targeting Sitecore Experience Manager (XM) and Experience ...

Brokewell Malware Targets Android Users via Fake TradingView Ads on Meta

03 Sep 2025

Contributed by Lukas

A new and highly sophisticated Android malware campaign, dubbed Brokewell, has emerged as one of the most dangerous mobile threats of 2024–2025. Fir...

Von der Leyen and Shapps Flights Hit by Suspected Russian Electronic Warfare

02 Sep 2025

Contributed by Lukas

Aviation safety and geopolitics collided when multiple flights carrying high-ranking European and UK officials were hit by suspected Russian GPS jammi...

Salesforce and Google Workspace Compromised in Largest SaaS Breach

02 Sep 2025

Contributed by Lukas

In August 2025, the largest SaaS breach of the year shook the enterprise world when a newly identified threat actor, UNC6395, orchestrated a supply-ch...

Chained Zero-Days: WhatsApp and Apple Exploits Used in Sophisticated Spyware Attacks

02 Sep 2025

Contributed by Lukas

A pair of newly discovered zero-day vulnerabilities—CVE-2025-43300 in Apple’s ImageIO framework and CVE-2025-55177 in WhatsApp—have been confirm...

Miljödata Cyberattack: 80% of Swedish Municipalities Hit in Extortion Strike

29 Aug 2025

Contributed by Lukas

Sweden is reeling from one of the largest public sector cyber incidents in its history. A ransomware attack on Miljödata, an IT services provider sup...

PromptLock Ransomware: How AI is Lowering the Bar for Cybercrime

29 Aug 2025

Contributed by Lukas

The cybersecurity world has entered a new era: AI-powered ransomware. Researchers recently uncovered PromptLock, a proof-of-concept malware that uses ...

Hybrid AD at Risk: Storm-0501 Exploits Entra ID for Cloud-Native Ransomware

28 Aug 2025

Contributed by Lukas

The 2025 Purple Knight Report paints a stark picture of enterprise identity security: the average security assessment score for hybrid Active Director...