Two vulnerabilities in Oracle VirtualBox, tracked as CVE-2025-62592 and CVE-2025-61760, can be chained to escape from a guest virtual machine to the host on macOS ARM. Reported by BI.ZONE, this is the first publicly known VM-escape chain targeting VirtualBox on macOS ARM since VirtualBox 7.1.0 (2024) introduced Apple Silicon support. Technical breakdown: information leak to … Read more

Google’s Threat Intelligence Group (GTIG) reports a rapid shift in the tradecraft of the Russian‑language threat actor ColdRiver—also tracked as UNC4057, Callisto, and Star Blizzard. Following public analysis of its LostKeys toolset in May 2025, the group abandoned that implant and adopted a new chain built around NoRobot, YesRobot, and MaybeRobot, delivered primarily through ClickFix … Read more

Google is expanding Gmail account recovery with a new option called Recovery Contacts, a human-assisted mechanism that lets users designate trusted people to verify their identity when standard recovery factors—such as SMS codes, backup email, or hardware keys—are unavailable. The approach aims to close a long‑standing gap in account recovery without weakening phishing resistance. What … Read more

DNS0.eu has ceased operations, replacing its website with a brief notice: “The service is no longer running… maintaining it became impossible in terms of time and resources.” Users are advised to migrate to DNS4EU or NextDNS—privacy-focused, security-aware recursive resolvers. The decision arrives amid escalating DNS-layer attacks and widespread adoption of encrypted DNS protocols, making the … Read more

TP-Link has disclosed four security issues affecting Omada series gateways, with two vulnerabilities enabling arbitrary command execution with root privileges. The most serious, CVE-2025-6542, carries a CVSS score of 9.3 and is exploitable remotely without authentication. A second flaw, CVE-2025-6541 (CVSS 8.6), requires an authenticated session to the web management interface. TP-Link has released firmware … Read more

China’s Ministry of State Security (MSS) alleges the U.S. National Security Agency conducted targeted cyber operations against the National Time Service Center (NTSC). According to the MSS, attackers exploited vulnerabilities in messaging services on smartphones from a “foreign brand” in 2022 to harvest employee data, then repeatedly accessed NTSC’s internal networks during 2023–2024 using stolen … Read more

Security researchers have published a technical analysis of the PolarEdge botnet, a campaign actively observed since February 2025 and aimed at networking and NAS gear from Cisco, ASUS, QNAP, and Synology. Infrastructure signals reviewed by Censys in August 2025 suggest the activity may date back to June 2023 and exhibits traits of an Operational Relay … Read more

Security analytics firm Socket has identified 131 Chrome extensions designed to automate actions in WhatsApp Web and orchestrate bulk messaging. The cluster is primarily aimed at Brazil and collectively accounts for approximately 20,905 active users, pointing to a sustained, commercially motivated operation that has been active for at least nine months and received updates as … Read more

Microsoft has acknowledged a regression in the October security update KB5066835 that causes wired USB keyboards and mice to stop working in Windows Recovery Environment (WinRE)

Microsoft has revised how Internet Explorer (IE) Mode is invoked in Edge following a wave of attacks observed in August 2025. According to the Microsoft Browser Vulnerability Research team, threat actors abused the legacy compatibility pathway, pairing basic social engineering with a zero‑day in the Chakra JavaScript engine to gain unauthorized access to user devices. … Read more