Cybersecurity News
Stay informed about the latest cybersecurity incidents, vulnerabilities, and threat landscape changes. We cover data breaches, ransomware campaigns, critical CVEs, and regulatory updates – with context on what it means for you and how to protect yourself.
Shai-Hulud npm Worm: Self-Spreading Attack Abuses GitHub Actions to Trojanize Dependencies and Steal Secrets
Security researchers have reported a large-scale compromise of more than 180 npm packages by a self-replicating malware strain that automatically ...
Samsung patches Android zero-day CVE-2025-21043 in Quramsoft image codec
Samsung has released a security update for CVE-2025-21043, a zero-day vulnerability rated CVSS 8.8 and confirmed as exploited in targeted ...
WhiteCobra abuses VS Code and Open VSX with malicious VSIX extensions targeting developers
Threat analysts at Koi Security have identified a coordinated WhiteCobra campaign abusing the VS Code Marketplace and Open VSX Registry. ...
Commercial Spyware Funding Surges, Exposing Policy–Finance Gap and Supply-Chain Risks
The commercial spyware market is expanding rapidly, with fresh capital accelerating despite mounting policy constraints. A new Atlantic Council report ...
EU Fines Google €2.95 Billion for Adtech Self-Preferencing: What It Means for RTB, Competition, and Cybersecurity
The European Commission has imposed a €2.95 billion fine on Google for abusing its dominant position in digital advertising technology ...
Apple Makes Memory Integrity Enforcement Default in iOS 26 to Thwart Advanced Exploit Chains
Apple has unveiled the iPhone 17 and iPhone Air alongside a new platform defense called Memory Integrity Enforcement (MIE), a ...
HybridPetya ransomware uses UEFI bootkit to bypass Secure Boot via CVE-2024-7344
ESET has analyzed a new ransomware strain dubbed HybridPetya that fuses Petya/NotPetya-style tactics with UEFI bootkit capabilities. The sample, discovered ...
Microsoft Patch Tuesday: 81 fixes, two zero‑days, and critical Azure, HPC Pack, and NTLM vulnerabilities
Microsoft’s September Patch Tuesday delivers security fixes for 81 vulnerabilities across its product stack. The release includes nine critical issues, ...
AI Darwin Awards Open Nominations: Lessons for LLM Security After the Replit Incident
AI Darwin Awards, a new initiative that documents high-impact failures in artificial intelligence deployments, has opened nominations with a clear ...
CVE-2025-54236 “SessionReaper” in Adobe Commerce/Magento: Critical REST API Flaw Enables Account Takeover
A critical vulnerability tracked as CVE-2025-54236 and informally dubbed SessionReaper impacts Adobe Commerce and Magento, earning a CVSS 9.1 severity. ...
