Cybersecurity News
Stay informed about the latest cybersecurity incidents, vulnerabilities, and threat landscape changes. We cover data breaches, ransomware campaigns, critical CVEs, and regulatory updates – with context on what it means for you and how to protect yourself.
Redis Patches CVE-2025-49844: Critical Lua-Based RCE (“RediShell”) With CVSS 10.0
Redis has released security updates to address CVE-2025-49844, a CVSS 10.0 vulnerability that has lingered in the codebase for roughly ...
Oracle E‑Business Suite zero‑day CVE‑2025‑61882 under active exploitation: what to patch and how to defend
A critical zero-day vulnerability tracked as CVE-2025-61882 in Oracle E‑Business Suite (EBS) has moved into active exploitation. Industry researchers report ...
Attackers Weaponize Outdated Velociraptor Build (CVE-2025-6264) to Encrypt Windows and VMware ESXi
Threat actors are repurposing a legitimate incident response tool to accelerate ransomware operations. According to Cisco Talos, adversaries are deploying ...
Gemini Trifecta: Prompt-Injection Vulnerabilities in Google’s Gemini and What They Mean for LLM Security
Tenable has published technical details of three now-fixed vulnerabilities in Google’s Gemini AI platform, collectively labeled Gemini Trifecta. The flaws—affecting ...
Microsoft Edge will automatically detect and revoke malicious sideloaded extensions
Microsoft announced a new security capability for Edge that will detect and revoke malicious extensions installed outside the official Edge ...
OpenSSL Patches Three Vulnerabilities, Including ARM64 SM2 Timing Risk
The OpenSSL Project has released security updates across multiple branches, addressing three vulnerabilities with varying impact. Patches are available in ...
Asahi cyberattack disrupts orders, logistics, and production in Japan
Asahi Group Holdings, a leading global brewer and the top player in Japan, reported a cyberattack that disrupted core operations ...
Afghanistan Internet Blackout Eases as Networks Come Back Online: Data Signals Managed Controls and Highlights Cyber Risks
Internet connectivity in Afghanistan is gradually returning after a two-day nationwide blackout. Independent observers at NetBlocks and Cloudflare Radar recorded ...
Smishing at Scale: Attackers Abuse Milesight Cellular Routers as Decentralized SMS Gateways
Threat researchers at Sekoia have documented ongoing campaigns, active since 2023, in which adversaries compromise Milesight cellular IoT routers and ...
CVE-2025-10547: Critical RCE in DrayTek Vigor Routers — What Admins Must Do Now
DrayTek has disclosed a critical vulnerability, tracked as CVE-2025-10547, that enables unauthenticated remote code execution (RCE) on multiple Vigor router ...
