GitHub has outlined a package of safeguards to blunt escalating software supply chain attacks hitting GitHub repositories and the npm registry. The company is shifting to a more proactive defense model while preserving compatibility with existing workflows and providing migration guides to reduce operational friction. Recent supply chain incidents across GitHub and npm According to … Read more

The UK’s National Crime Agency (NCA) has arrested a 40-year-old man in West Sussex as part of its investigation into a cyberattack on Collins Aerospace and parent company RTX Corporation. The incident triggered widespread disruptions at several European airports, affecting passenger check-in, baggage drop, and boarding pass printing. The suspect has been released on bail … Read more

The US Secret Service has seized more than 300 SIM boxes and 100,000 SIM cards across the New York region (New York, New Jersey, and Connecticut). Authorities say the equipment was concentrated within a 35‑mile (56 km) radius of the United Nations General Assembly venue and posed an “immediate threat to national security”, including the … Read more

Adversa has released what it calls the most comprehensive analysis to date of security risks in the Model Context Protocol (MCP), unveiling a Top‑25 vulnerabilities list that blends risk scoring with a practical hardening guide. The report targets teams designing and deploying agentic AI systems and aims to offer immediate prioritization guidance while industry standards … Read more

Researchers from Great Firewall Report have disclosed what appears to be the largest data leak to date involving China’s national internet filtering infrastructure, commonly known as the Great Firewall. Approximately 600 GB of internal materials—including source code, developer emails, build logs, package repositories, and operations manuals—were published, offering rare visibility into the technical and operational … Read more

Google has shipped an out-of-band security update for Chrome addressing four vulnerabilities, including an actively exploited zero‑day, CVE‑2025‑10585. The critical bug resides in the V8 JavaScript engine and is classified as a type confusion issue, which can enable arbitrary code execution during page rendering. What is CVE-2025-10585 and why it matters Type confusion vulnerabilities occur … Read more

Apple has issued another round of threat notifications warning users about attempts to compromise devices with mercenary-grade spyware. According to France’s national incident response team CERT-FR, at least four notification waves were observed in 2025—on 5 March, 29 April, 25 June, and 3 September. Alerts were sent to phone numbers and email addresses linked to … Read more

Jaguar Land Rover (JLR), owned by Tata Motors, is recovering from a ransomware incident detected in early September 2025 that has caused substantial disruption to retail and manufacturing. The automaker estimates daily losses of £5–10 million, positioning the breach among the most consequential cyber events in the UK automotive sector and a potential drag on … Read more

Researchers from Google and the COMSEC group at ETH Zurich have disclosed Phoenix, a new Rowhammer technique that circumvents modern DDR5 defenses, including Target Row Refresh (TRR) implementations in SK Hynix modules. Tracked as CVE-2025-6202, Phoenix enabled root privilege escalation on a representative system in under 109 seconds, underscoring that Rowhammer remains a practical hardware … Read more

According to data collected by Kaspersky for January–August 2025, the Mamont Android banking trojan now shows the broadest activity on Russian devices. The number of affected users has increased 36× year over year versus the same period in 2024 and is approaching one million. In parallel, the multifunctional Triada backdoor has spiked, with the population … Read more