Category: Cyber Security News

The discovery of three improperly issued TLS certificates for 1.1.1.1, the popular public DNS service from Cloudflare, and the Asia Pacific Network Information Centre (APNIC). The certificates, which were issued in May 2025, could allow attackers to intercept and decrypt…

Read more →

Cybersecurity researchers have uncovered a critical vulnerability in the artificial intelligence supply chain that enables attackers to achieve remote code execution across major cloud platforms including Microsoft Azure AI Foundry, Google Vertex AI, and thousands of open-source projects. The newly…

Read more →

Binance, the world’s largest cryptocurrency exchange by volume, continues to hit new milestones, with regards to the platform’s active user base. For example, Binance recently hit the 275 million registered users milestone. However, where Binance may be really knocking it…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent advisory warning about a critical vulnerability in SunPower PVS6 solar power devices that could allow attackers to gain complete control over the systems. The flaw, tracked as CVE-2025-9696, stems…

Read more →

Phishing has moved far beyond suspicious links. Today, attackers hide inside the files employees trust most; PDFs. On the surface, they look like invoices, contracts, or reports. But once opened, these documents can trigger hidden scripts, redirect to fake login…

Read more →

Disney Worldwide Services, Inc. and Disney Entertainment Operations LLC have agreed to pay $10 million in a landmark settlement to resolve allegations that they systematically collected personal data from children under 13 in violation of the Children’s Online Privacy Protection…

Read more →

A sophisticated new Python-based information stealer has emerged in the cybersecurity landscape, demonstrating advanced capabilities for data exfiltration through Discord channels. The malware, identified as “Inf0s3c Stealer,” represents a significant evolution in the realm of data theft tools, combining traditional…

Read more →

PagerDuty, a leader in digital operations management, has confirmed a security incident that resulted in unauthorized access to some of its data stored in Salesforce. The company stated that no PagerDuty platform credentials were compromised and that the breach resulted…

Read more →

Cybersecurity researchers began detecting an alarming surge in early April 2025 in UDP flood traffic emanating from compromised network video recorders (NVRs) and other edge devices. Within milliseconds of infection, these devices were weaponized to direct overwhelming volumes of packets…

Read more →

OpenAI announced today its definitive agreement to acquire Statsig, a product experimentation and analytics platform, for $1.1 billion. The acquisition is a key move by the leader in artificial intelligence. It aims to add strong data tools to its system.…

Read more →

Google has officially promoted Chrome 140 to the stable channel, initiating a multi-platform rollout for Windows, Mac, Linux, Android, and iOS. The update brings the usual stability and performance improvements, but the headline feature is a critical security patch addressing…

Read more →

A stealthy new malware loader dubbed TinyLoader has begun proliferating across Windows environments, exploiting network shares and deceptive shortcut files to compromise systems worldwide. First detected in late August 2025, TinyLoader installs multiple secondary payloads—most notably RedLine Stealer and DCRat—transforming…

Read more →

A proof-of-concept exploit for CVE-2025-53772, a critical remote code execution vulnerability in Microsoft’s IIS Web Deploy (msdeploy) tool, was published this week, raising urgent alarms across the .NET and DevOps communities.  The flaw resides in the unsafe deserialization of HTTP header contents in…

Read more →

CISA has issued an urgent advisory concerning a newly disclosed zero-day vulnerability in Meta Platforms’ WhatsApp messaging service (CVE-2025-55177).  This flaw, categorized under CWE-863: Incorrect Authorization, allows an unauthorized actor to manipulate linked device synchronization messages and force a target…

Read more →

In response to the discovery of actively exploited 0-day vulnerabilities, Google has released its September 2025 Android Security Bulletin, rolling out patch level 2025-09-05 to safeguard millions of devices. The bulletin details critical issues in both System and Kernel components,…

Read more →

AI-powered cybersecurity tools can be turned against themselves through prompt injection attacks, allowing adversaries to hijack automated agents and gain unauthorized system access. Security researchers Víctor Mayoral-Vilches & Per Mannermaa Rynning, revealed how modern AI-driven penetration testing frameworks become vulnerable…

Read more →

Threat actors are rapidly weaponizing Hexstrike-AI, a recently released AI-powered offensive security framework, to scan for and exploit zero-day CVEs in under ten minutes.  Originally marketed as an offensive security framework for red teams, Hexstrike-AI’s architecture has already been repurposed…

Read more →

Cloudflare has confirmed a data breach where a sophisticated threat actor accessed and stole customer data from the company’s Salesforce instance. The breach was part of a wider supply chain attack that exploited a vulnerability in the Salesloft Drift chatbot…

Read more →

A sophisticated spear-phishing campaign has emerged targeting senior executives and C-suite personnel across multiple industries, leveraging Microsoft OneDrive as the primary attack vector. The campaign utilizes carefully crafted emails masquerading as internal HR communications about salary amendments to trick high-profile…

Read more →

Google has officially debunked widespread reports claiming the company issued a major security warning to Gmail users, clarifying that such claims are entirely false. The technology giant addressed the misinformation directly on September 1, 2025, emphasizing that no broad security…

Read more →