Cybersecurity News
Stay informed about the latest cybersecurity incidents, vulnerabilities, and threat landscape changes. We cover data breaches, ransomware campaigns, critical CVEs, and regulatory updates – with context on what it means for you and how to protect yourself.
Discord probes third-party support breach as payment and identity data exposed
On 20 September 2025, Discord disclosed a security incident stemming from a compromise of a third‑party customer support provider. The ...
MatrixPDF Builder Turns Benign PDFs into Click‑Through Phishing Lures That Bypass Gmail Filters
Varonis researchers have identified MatrixPDF, a commercial builder that converts legitimate PDF files into interactive phishing decoys. The tool leverages ...
Unity CVE-2025-59489: Critical Runtime Flaw Enables Code Execution on Android and Potential Privilege Escalation on Windows
A high-severity vulnerability in the Unity Runtime, tracked as CVE-2025-59489 with a CVSS score of 8.4, exposes Unity-built apps to ...
Red Hat probes consulting GitLab breach as Crimson Collective claims 570 GB data theft and 800 CERs exposed
Ransomware group Crimson Collective claims it stole 570 GB of data from about 28,000 internal GitLab repositories associated with Red ...
Classic Outlook for Windows Crashes at Launch: Microsoft Probes Exchange Online Authentication Concurrency Limit
Microsoft is investigating an incident that causes the classic Outlook for Windows client to crash at startup for some Microsoft ...
Google’s Developer Verification Rule Will Gate Sideloaded Apps on Certified Android Devices
Google will require that, starting in 2026, certified Android devices (phones and tablets with Google Mobile Services and Play Protect) ...
CometJacking: Prompt Injection in Perplexity Comet Lets Attackers Pull Data from Connected Accounts
Security researchers at LayerX have documented a technique they call CometJacking, where attackers embed malicious instructions in URL parameters to ...
Medusa Ransomware Tries to Recruit BBC Insider, Leverages MFA Bombing
Operators linked to the Medusa ransomware operation allegedly attempted to recruit a BBC employee for insider access, offering a substantial ...
Akira Ransomware Is Breaching SonicWall SSL VPN Even With MFA: What We Know and How to Respond
Arctic Wolf is tracking an evolution in the Akira ransomware campaign against SonicWall SSL VPN in which attackers successfully authenticate ...
Afghanistan’s Nationwide Internet Blackout on 29 September 2025: What Happened and What Comes Next
Afghanistan experienced a nationwide internet blackout on 29 September 2025, confirmed by monitoring platforms NetBlocks and Cloudflare Radar. The disruption ...
