Cybersecurity News
Stay informed about the latest cybersecurity incidents, vulnerabilities, and threat landscape changes. We cover data breaches, ransomware campaigns, critical CVEs, and regulatory updates – with context on what it means for you and how to protect yourself.
CVE-2025-53967: Command Injection in Figma MCP Allowed RCE via Fallback Curl
A critical security flaw in the popular Model Context Protocol (MCP) server for Figma, figma-developer-mcp, has been patched after researchers ...
Anthropic and UK AI Safety Institute: 250 Documents Can Trigger DoS Backdoors in LLMs
Anthropic, the UK AI Safety Institute, The Alan Turing Institute, and academic collaborators report that around 250 carefully crafted documents ...
Renault and Dacia UK disclose third‑party data breach: what customers and businesses should know
Renault and its subsidiary Dacia have notified UK customers about a data breach stemming from a cyberattack on a third‑party ...
Red Hat GitLab Breach Spurs Extortion Threats and Raises CER Report Risks
The cyber extortion landscape continues to consolidate as criminal crews specialize and collaborate. Scattered Lapsus$ Hunters has claimed responsibility for ...
RondoDox Botnet Targets Internet-Exposed IoT with Pwn2Own Techniques and n-day Exploits
Researchers at Trend Micro have identified RondoDox, a rapidly growing IoT botnet that systematically compromises internet-exposed devices using a broad ...
Redis Patches CVE-2025-49844: Critical Lua-Based RCE (“RediShell”) With CVSS 10.0
Redis has released security updates to address CVE-2025-49844, a CVSS 10.0 vulnerability that has lingered in the codebase for roughly ...
Oracle E‑Business Suite zero‑day CVE‑2025‑61882 under active exploitation: what to patch and how to defend
A critical zero-day vulnerability tracked as CVE-2025-61882 in Oracle E‑Business Suite (EBS) has moved into active exploitation. Industry researchers report ...
Attackers Weaponize Outdated Velociraptor Build (CVE-2025-6264) to Encrypt Windows and VMware ESXi
Threat actors are repurposing a legitimate incident response tool to accelerate ransomware operations. According to Cisco Talos, adversaries are deploying ...
Gemini Trifecta: Prompt-Injection Vulnerabilities in Google’s Gemini and What They Mean for LLM Security
Tenable has published technical details of three now-fixed vulnerabilities in Google’s Gemini AI platform, collectively labeled Gemini Trifecta. The flaws—affecting ...
Microsoft Edge will automatically detect and revoke malicious sideloaded extensions
Microsoft announced a new security capability for Edge that will detect and revoke malicious extensions installed outside the official Edge ...
