Cybersecurity News
Stay informed about the latest cybersecurity incidents, vulnerabilities, and threat landscape changes. We cover data breaches, ransomware campaigns, critical CVEs, and regulatory updates – with context on what it means for you and how to protect yourself.
Asus Patches Critical AiCloud Vulnerability CVE-2025-59366 in Home Routers
Asus has released new firmware updates for its consumer routers that address nine security vulnerabilities, including a critical AiCloud authentication ...
Shai-Hulud Malware Spreads from npm to Maven Central in New Supply Chain Attack
The Shai-Hulud malware, initially associated with the npm ecosystem, has now been detected in another core open source repository: Maven ...
Fluent Bit Vulnerabilities Put Kubernetes and Cloud Logging at Risk
Five newly disclosed vulnerabilities in Fluent Bit — one of the most widely deployed logging and metrics agents — can ...
Tsundere Web3 Botnet Abuses Ethereum Smart Contracts to Control Windows Infections
A newly identified Windows botnet dubbed Tsundere is demonstrating how quickly cybercriminals are adopting Web3 technologies. The malware masquerades as ...
HashJack Attack: How URL Fragments Turn AI Browser Assistants into a New Attack Surface
The rapid integration of AI assistants into web browsers — from Copilot in Microsoft Edge and Gemini in Google Chrome ...
Samourai Wallet Founders Sentenced: Impact on Bitcoin Mixers, Crypto Privacy and AML Compliance
The founders of Samourai Wallet and its integrated bitcoin mixing service Whirlpool have received prison sentences in the United States, ...
Tomiris APT Targets Russian and CIS Diplomatic Missions With New Cyber‑Espionage Wave in 2025
Since the beginning of 2025, researchers from Kaspersky have observed a new wave of targeted cyber‑espionage operations by the Tomiris ...
Critical MCP Vulnerability in Perplexity’s Comet AI Browser Sparks Security Debate
Security researchers at SquareX have disclosed a critical vulnerability in the Comet AI browser by Perplexity, linked to a poorly ...
GrapheneOS Pulls Infrastructure Out of France Over Encryption Regulation Concerns
The team behind GrapheneOS, one of the most prominent privacy‑ and security‑focused Android forks, is fully withdrawing its infrastructure from ...
PlushDaemon: How Router Hijacking Turns Software Updates into a Cyber‑Espionage Weapon
A newly documented cyber‑espionage campaign known as PlushDaemon demonstrates how attackers can abuse trusted software update mechanisms by first compromising ...
