Cybersecurity News
Stay informed about the latest cybersecurity incidents, vulnerabilities, and threat landscape changes. We cover data breaches, ransomware campaigns, critical CVEs, and regulatory updates – with context on what it means for you and how to protect yourself.
US Court Bans NSO Group From Targeting WhatsApp, Orders Data Deletion, Cuts Damages to $4M
A US federal court in the Northern District of California has issued a permanent injunction against Israeli spyware developer NSO ...
Europol Dismantles SIMCARTEL: Inside the Global SIM-Farm Network Powering OTP Abuse and Fake Accounts
European law enforcement has dismantled a large-scale SIM-farm ecosystem in an operation codenamed SIMCARTEL, disrupting a global pipeline for phishing, ...
GlassWorm Malware Exploits VS Code Extensions in Significant Supply Chain Attack
Koi Security has documented a significant software supply chain attack in the Visual Studio Code ecosystem. A self-propagating malware dubbed ...
Malicious npm package “https-proxy-utils” delivers AdaptixC2 and underscores open-source supply chain exposure
Security researchers at Kaspersky identified a malicious npm package, https-proxy-utils, masquerading as a proxy utility and abusing npm lifecycle scripts ...
TARmageddon (CVE-2025-62518): Critical Rust tar parsing flaw enables RCE in tokio‑tar and forks
Security researchers at Edera have disclosed a critical logic flaw in the abandoned Rust library async‑tar and multiple forks, including ...
PassiveNeuron zeros in on Windows Server: new APT wave leverages SQL abuse, Cobalt Strike, and custom implants
A newly observed campaign by the PassiveNeuron threat actor underscores a strategic pivot toward server-side targets. According to Kaspersky’s Global ...
Oracle VirtualBox on macOS ARM: Two CVEs Enable VM Escape, Patched in October 2025 CPU
Two vulnerabilities in Oracle VirtualBox, tracked as CVE-2025-62592 and CVE-2025-61760, can be chained to escape from a guest virtual machine ...
ColdRiver pivots to ClickFix: NoRobot and MaybeRobot replace LostKeys in stealthier social engineering campaigns
Google’s Threat Intelligence Group (GTIG) reports a rapid shift in the tradecraft of the Russian‑language threat actor ColdRiver—also tracked as ...
Google Adds “Recovery Contacts” to Gmail: A Human-Assisted, Phishing-Resistant Path to Account Recovery
Google is expanding Gmail account recovery with a new option called Recovery Contacts, a human-assisted mechanism that lets users designate ...
DNS0.eu Shuts Down: Impact on EU DNS Security and Migration Paths to DNS4EU and NextDNS
DNS0.eu has ceased operations, replacing its website with a brief notice: “The service is no longer running… maintaining it became ...
