Cybersecurity News
Stay informed about the latest cybersecurity incidents, vulnerabilities, and threat landscape changes. We cover data breaches, ransomware campaigns, critical CVEs, and regulatory updates – with context on what it means for you and how to protect yourself.
CVE-2025-11705 in Anti‑Malware Security WordPress Plugin Enables Authenticated Arbitrary File Read
A high‑impact vulnerability, CVE-2025-11705, has been identified in the popular WordPress plugin Anti‑Malware Security and Brute‑Force Firewall, enabling authenticated users ...
Mozilla to Require Data Collection Disclosures for Firefox Extensions
Mozilla is introducing mandatory data collection disclosures for Firefox extensions, aiming to strengthen transparency and user control. The new requirements ...
Microsoft patches critical WSUS RCE (CVE-2025-59287) amid active exploitation
Microsoft has released out-of-band security updates to address a critical flaw in Windows Server Update Services (WSUS), tracked as CVE-2025-59287. ...
BlueNoroff’s GhostCall and GhostHire: macOS-focused campaigns hitting crypto and Web3 firms
Kaspersky researchers have identified two coordinated BlueNoroff operations—GhostCall and GhostHire—active since April 2025 and aimed primarily at cryptocurrency and Web3 ...
Memento Labs Confirms Dante Spyware Used in ‘Forum Troll’ Campaign Exploiting Chrome CVE‑2025‑2783
Memento Labs CEO Paolo Lezzi has confirmed that the spyware known as Dante—recently detected by Kaspersky during live operations—is a ...
Brash vulnerability in Blink enables document.title DoS against Chromium browsers
A newly disclosed vulnerability known as Brash abuses how the Blink rendering engine handles document.title updates, enabling a browser denial‑of‑service ...
Mustang Panda Abuses Unpatched Windows LNK Vulnerability (CVE-2025-9491) to Deploy PlugX in Europe
China-linked threat actor UNC6384 (Mustang Panda) has mounted a coordinated cyber-espionage campaign against European diplomatic and government organizations by exploiting ...
TEE.Fail: DDR5 Memory-Bus Attack Undermines Attestation in Intel SGX/TDX and AMD SEV‑SNP
Researchers from the Georgia Institute of Technology and Purdue University have disclosed TEE.Fail, a practical attack on trusted execution environments ...
Ribbon Communications reports suspected state-sponsored intrusion, highlighting telecom supply‑chain risk
Ribbon Communications has disclosed unauthorized access to its IT environment, attributing the activity to a likely state-aligned threat actor. The ...
X sets 10 November deadline to re-register passkeys and security keys due to x.com migration
X (formerly Twitter) has notified users that they must re-register their passkeys and hardware security keys used for two‑factor authentication ...
