Cybersecurity News
Stay up-to-date with the latest cybersecurity news and developments in the cybersecurity landscape. Be the first to know about the latest threats, current innovations, and major trends in the cyber universe. Check our Cyber News section for the freshest information.
TP-Link confirms TR‑069/CWMP zero‑day in consumer routers: what to know and how to mitigate
TP-Link has confirmed a previously unknown (0‑day) vulnerability in its implementation of the TR‑069/CWMP remote management protocol used by consumer ...
Largest npm Supply Chain Attack Reaches 10% of Cloud Environments—but Nets Only Dollars
A record-scale npm supply chain incident briefly inserted malicious code into widely used JavaScript libraries, touching an estimated 10% of ...
Hacker Accidentally Installs Huntress EDR, Triggering Months of Telemetry and a Privacy Debate
An unusual incident involving Huntress’s endpoint detection and response (EDR) agent has reignited debate over the scope of EDR telemetry, ...
Record-Scale UDP Flood Hits European DDoS Provider: 1.5 Billion PPS Underscores Packet-Rate Risks
An unnamed European DDoS filtering provider recently withstood one of the most intense packet-rate attacks recorded: a peak of 1.5 ...
iCloud Calendar invites abused to deliver callback phishing that evades email filters
Threat actors are exploiting iCloud Calendar invitations to deliver convincing “purchase receipts” that originate from Apple infrastructure and pass SPF, ...
Google patches critical Chrome ServiceWorker bug (CVE-2025-10200) and Mojo flaw (CVE-2025-10201)
Google has shipped a security update for Chrome that fixes a critical use-after-free vulnerability in the ServiceWorker component, tracked as ...
NX supply chain attack: s1ngularity breach exposes 7,200 repositories, 2,180 accounts, and active tokens
Researchers at Wiz have detailed a significant supply chain compromise involving NX, a widely used open-source build and monorepo platform ...
Google adds C2PA Content Credentials to Pixel 10 and Google Photos to authenticate images and AI edits
Google is integrating Content Credentials based on the C2PA standard into the Pixel 10 camera app and Google Photos. The ...
Ex-WhatsApp Whistleblower Sues Meta Over Alleged Engineer Access: What It Means for Insider Risk and Compliance
A former WhatsApp employee has filed a whistleblower lawsuit against Meta, alleging that his February 2025 termination followed repeated efforts ...
Fina CA’s Unauthorized Certificates for Cloudflare’s 1.1.1.1 Expose PKI Blind Spots on Windows
Cloudflare has confirmed that the certification authority Fina issued 12 unauthorized TLS certificates for the IP address 1.1.1.1—Cloudflare’s public DNS ...
