Cybersecurity News
Stay informed about the latest cybersecurity incidents, vulnerabilities, and threat landscape changes. We cover data breaches, ransomware campaigns, critical CVEs, and regulatory updates – with context on what it means for you and how to protect yourself.
Windows blocks File Explorer preview for Internet files to curb NTLM hash leakage
Microsoft has changed how the File Explorer preview pane behaves in Windows, closing a low‑interaction path to NTLM credential exposure. ...
AWS Outage Leaves Eight Sleep Smart Beds Stranded, Spotlighting IoT Cloud-Dependency Risks
A widespread incident in AWS’s US-EAST-1 region triggered cascading service disruptions and exposed systemic weaknesses in cloud-dependent consumer IoT. Among ...
Microsoft fixes critical Kestrel flaw (CVE-2025-55315) enabling HTTP request smuggling
Microsoft has shipped fixes for a critical vulnerability in the Kestrel web server used by ASP.NET Core, tracked as CVE-2025-55315 ...
US Court Bans NSO Group From Targeting WhatsApp, Orders Data Deletion, Cuts Damages to $4M
A US federal court in the Northern District of California has issued a permanent injunction against Israeli spyware developer NSO ...
Europol Dismantles SIMCARTEL: Inside the Global SIM-Farm Network Powering OTP Abuse and Fake Accounts
European law enforcement has dismantled a large-scale SIM-farm ecosystem in an operation codenamed SIMCARTEL, disrupting a global pipeline for phishing, ...
GlassWorm Malware Exploits VS Code Extensions in Significant Supply Chain Attack
Koi Security has documented a significant software supply chain attack in the Visual Studio Code ecosystem. A self-propagating malware dubbed ...
Malicious npm package “https-proxy-utils” delivers AdaptixC2 and underscores open-source supply chain exposure
Security researchers at Kaspersky identified a malicious npm package, https-proxy-utils, masquerading as a proxy utility and abusing npm lifecycle scripts ...
TARmageddon (CVE-2025-62518): Critical Rust tar parsing flaw enables RCE in tokio‑tar and forks
Security researchers at Edera have disclosed a critical logic flaw in the abandoned Rust library async‑tar and multiple forks, including ...
PassiveNeuron zeros in on Windows Server: new APT wave leverages SQL abuse, Cobalt Strike, and custom implants
A newly observed campaign by the PassiveNeuron threat actor underscores a strategic pivot toward server-side targets. According to Kaspersky’s Global ...
Oracle VirtualBox on macOS ARM: Two CVEs Enable VM Escape, Patched in October 2025 CPU
Two vulnerabilities in Oracle VirtualBox, tracked as CVE-2025-62592 and CVE-2025-61760, can be chained to escape from a guest virtual machine ...
