Cybersecurity News
Stay up-to-date with the latest cybersecurity news and developments in the cybersecurity landscape. Be the first to know about the latest threats, current innovations, and major trends in the cyber universe. Check our Cyber News section for the freshest information.
Microsoft November Patch Tuesday: 63 Windows Flaws Fixed, Active Zero‑Day in Kernel and Critical RCEs
Microsoft’s latest Patch Tuesday resolves 63 vulnerabilities across Windows and related components. The release includes an actively exploited zero‑day in ...
Most Common Passwords in 2025 Leaks: What Comparitech Found and How to Secure Your Accounts
Comparitech analyzed more than two billion passwords leaked in 2025 and circulating across hacker forums, Telegram channels, and other marketplaces. ...
Midnight Ransomware Hit by RSA Flaw: Norton Releases Free Decryptor for Windows
Cybersecurity researchers have identified a critical cryptographic weakness in the new Midnight ransomware, a strain derived from the leaked Babuk ...
IndonesianFoods worm overwhelms npm with 100k+ spam packages
A new self-replicating campaign is saturating the npm ecosystem with spam packages. The worm, tracked as IndonesianFoods, is publishing new ...
UK Sentences Zhimin Qian for Crypto Laundering; Police Seize 61,000 BTC Linked to China’s Largest Ponzi Scheme
A London court has sentenced 47‑year‑old Zhimin Qian, also known as Yadi Zhang, to 11 years and 8 months in ...
Uhale digital photo frames silently load malware via v4.2.0 update, with ties to the Vo1d botnet
Security researchers at Quokka report that multiple digital photo frames built on the Uhale platform (part of the ZEASN ecosystem, ...
Russian IAB Pleads Guilty to Supplying Access for Yanluowang Ransomware
Russian national Alexey Olegovich Volkov—known online as chubaka.kor and nets—has pleaded guilty to selling initial access used by the Yanluowang ...
Three critical runC flaws expose Docker and Kubernetes to container escape
Three critical vulnerabilities in the OCI reference runtime runC—widely used by Docker, containerd, CRI‑O, and Kubernetes—could let attackers bypass container ...
CVE-2025-12480: Triofox localhost trust flaw under active exploitation enables unauthenticated SYSTEM RCE
Google Threat Intelligence warns that attackers are actively exploiting CVE-2025-12480, a critical vulnerability in Gladinet Triofox that allows unauthenticated remote ...
ASUS Patches Critical Authentication Bypass in DSL-AC51, DSL-N16, and DSL-AC750 (CVE-2025-59367)
ASUS has released an emergency firmware update to remediate CVE-2025-59367, a critical authentication bypass in several DSL router models. If ...
