ACTIVE THREATS: Chrome zero-day CVE-2025-0971 under active exploitation — update immediately • CISA ED-25-02: Ivanti Connect Secure emergency directive issued • VoltZite ransomware targeting North American power grid operators ACTIVE THREATS: Chrome zero-day CVE-2025-0971 under active exploitation — update immediately • CISA ED-25-02: Ivanti Connect Secure emergency directive issued • VoltZite ransomware targeting North American power grid operators
A new technique dubbed "Zombie ZIP" helps conceal payloads in compressed files specially created to avoid detection from security solutions such as antivirus and endpoint detection and response (EDR) products. [...]
A new Android malware named BeatBanker can hijack devices and tricks users into installing it by posing as a Starlink app on websites masquerading as the official Google Play Store. [...]
For more than a year, a Russian-speaking threat actor targeted human resource (HR) departments with malware that delivers a new EDR killer named BlackSanta. [...]
A ransomware-linked breach at MediSecure Health Network has exposed the personal health information of over 14 million patients across 38 US states. The attack, attributed to the BlackSuit ransomware group, compromised EHR databases containing Social Security numbers, diagnoses, and insurance data.
A sophisticated ransomware campaign dubbed VoltZite is actively targeting electric utility operators across the US and Canada, exploiting unpatched OT/SCADA vulnerabilities. Three utilities have confirmed operational disruptions, and CISA has issued an emergency advisory urging immediate action.
Google has released an emergency Chrome update addressing CVE-2025-0971, a type confusion vulnerability in the V8 JavaScript engine being actively exploited in the wild. The flaw allows remote code execution with no user interaction beyond visiting a malicious web page.
The Cybersecurity and Infrastructure Security Agency has issued Emergency Directive ED-25-02, ordering all federal civilian agencies to immediately disconnect or apply mitigations to Ivanti Connect Secure and Policy Secure appliances amid confirmed exploitation by multiple threat actors.
New research from Proofpoint and Hoxhunt reveals that AI-generated spear-phishing emails now outperform human-crafted attacks by 60% in click-through rates. The campaigns leverage real-time OSINT data to generate hyper-personalized lures at industrial scale.
Security researcher Jeremiah Fowler has discovered and responsibly disclosed a series of misconfigured AWS S3 buckets exposing over 2.1 billion records across hundreds of companies. The data includes customer PII, API keys, internal source code, and HR records.
ProjectDiscovery has released Nuclei v3.4, a major update to the open-source vulnerability scanner featuring 2,400 new community-contributed templates, a cloud asset discovery engine, and the first purpose-built templates targeting AI/LLM application security misconfigurations.
Mandiant has published a detailed report on a new APT41 campaign deploying a previously undocumented modular malware framework called DUSTPAN across defense industrial base targets. The campaign focuses on intellectual property theft related to advanced propulsion and hypersonic technology.
Dubai-based Bybit confirmed that attackers drained $47 million in ETH, BTC, and stablecoins from its hot wallet infrastructure. The attack, one of the most technically sophisticated exchange hacks of 2025, exploited a multi-signature wallet vulnerability via a supply chain compromise.
Researchers at Forescout have discovered seven critical memory corruption vulnerabilities in ThreadX, the most widely-deployed real-time operating system for embedded and IoT devices. The flaws affect an estimated 6.2 billion devices including medical equipment, industrial controllers, and consumer electronics.
The European Union's Cyber Resilience Act (CRA) has entered its first enforcement phase, requiring all connected device manufacturers selling in the EU to demonstrate baseline cybersecurity properties. Non-compliant products face market withdrawal orders and fines up to 15 million euros or 2.5% of global turnover.
Socket Security has identified 287 malicious packages on the npm registry that impersonate popular libraries to steal developer credentials, environment variables, and AWS/cloud tokens. The packages have accumulated over 4 million combined downloads before detection.
A comprehensive independent audit commissioned by the Open Source Security Foundation found that 6 of 8 major password managers—including two market leaders—retain decrypted password vault contents in process memory for longer than necessary, exposing credentials to memory scraping attacks.
A new variant of the Banshee macOS information stealer is circulating in the wild, signed with legitimate (subsequently revoked) Apple developer certificates. The malware targets browser credentials, cryptocurrency wallets, and macOS Keychain contents, and was distributed via trojanized productivity apps on GitHub.
ISC2's 2025 Cybersecurity Workforce Study finds the global shortage of cybersecurity professionals has grown to 4.8 million, up 15% from 2024. The report identifies AI skill gaps and a severe decline in entry-level hiring as primary drivers, with workforce diversity declining for the first time in five years.