Cybersecurity News
Stay informed about the latest cybersecurity incidents, vulnerabilities, and threat landscape changes. We cover data breaches, ransomware campaigns, critical CVEs, and regulatory updates – with context on what it means for you and how to protect yourself.
Plex confirms database access incident: what was exposed and how to secure your account
Streaming platform Plex has notified users about unauthorized access to one of its databases. According to the company, the intruder ...
Malicious Releases of chalk and strip-ansi Expose npm’s Transitive Dependency Risk in Web3‑Focused Supply Chain Attack
A coordinated phishing campaign against a high-profile npm maintainer enabled attackers to publish malicious versions of widely used JavaScript packages, ...
Google’s AI Mode in Search: What Changes, Who’s Affected, and the Security Risks to Plan For
Google is preparing a notable shift in its Search interface: users will soon be able to set an AI mode ...
TP-Link confirms TR‑069/CWMP zero‑day in consumer routers: what to know and how to mitigate
TP-Link has confirmed a previously unknown (0‑day) vulnerability in its implementation of the TR‑069/CWMP remote management protocol used by consumer ...
Largest npm Supply Chain Attack Reaches 10% of Cloud Environments—but Nets Only Dollars
A record-scale npm supply chain incident briefly inserted malicious code into widely used JavaScript libraries, touching an estimated 10% of ...
Hacker Accidentally Installs Huntress EDR, Triggering Months of Telemetry and a Privacy Debate
An unusual incident involving Huntress’s endpoint detection and response (EDR) agent has reignited debate over the scope of EDR telemetry, ...
Record-Scale UDP Flood Hits European DDoS Provider: 1.5 Billion PPS Underscores Packet-Rate Risks
An unnamed European DDoS filtering provider recently withstood one of the most intense packet-rate attacks recorded: a peak of 1.5 ...
iCloud Calendar invites abused to deliver callback phishing that evades email filters
Threat actors are exploiting iCloud Calendar invitations to deliver convincing “purchase receipts” that originate from Apple infrastructure and pass SPF, ...
Google patches critical Chrome ServiceWorker bug (CVE-2025-10200) and Mojo flaw (CVE-2025-10201)
Google has shipped a security update for Chrome that fixes a critical use-after-free vulnerability in the ServiceWorker component, tracked as ...
NX supply chain attack: s1ngularity breach exposes 7,200 repositories, 2,180 accounts, and active tokens
Researchers at Wiz have detailed a significant supply chain compromise involving NX, a widely used open-source build and monorepo platform ...
