Cybersecurity News
Stay informed about the latest cybersecurity incidents, vulnerabilities, and threat landscape changes. We cover data breaches, ransomware campaigns, critical CVEs, and regulatory updates – with context on what it means for you and how to protect yourself.
Google patches critical Chrome ServiceWorker bug (CVE-2025-10200) and Mojo flaw (CVE-2025-10201)
Google has shipped a security update for Chrome that fixes a critical use-after-free vulnerability in the ServiceWorker component, tracked as ...
NX supply chain attack: s1ngularity breach exposes 7,200 repositories, 2,180 accounts, and active tokens
Researchers at Wiz have detailed a significant supply chain compromise involving NX, a widely used open-source build and monorepo platform ...
Google adds C2PA Content Credentials to Pixel 10 and Google Photos to authenticate images and AI edits
Google is integrating Content Credentials based on the C2PA standard into the Pixel 10 camera app and Google Photos. The ...
Ex-WhatsApp Whistleblower Sues Meta Over Alleged Engineer Access: What It Means for Insider Risk and Compliance
A former WhatsApp employee has filed a whistleblower lawsuit against Meta, alleging that his February 2025 termination followed repeated efforts ...
Fina CA’s Unauthorized Certificates for Cloudflare’s 1.1.1.1 Expose PKI Blind Spots on Windows
Cloudflare has confirmed that the certification authority Fina issued 12 unauthorized TLS certificates for the IP address 1.1.1.1—Cloudflare’s public DNS ...
Google Refutes Gmail Breach Claims and Mass Password Reset Rumors
Google has clarified that it did not issue a broad-based alert or force a mass password reset for Gmail users. ...
Android September 2025 Security Update Fixes 120 Flaws; Two Zero‑Days Already Exploited
Google has released the September 2025 Android Security Bulletin, addressing 120 vulnerabilities across the OS and ecosystem components. The company ...
Microsoft Tightens UAC for MSI Repair to Mitigate CVE-2025-50173, Impacting Silent Installs and Per‑User Setups
Microsoft’s August 2025 cumulative security update for Windows (KB5063878) and subsequent releases introduced stricter User Account Control (UAC) enforcement for ...
PromptLock: AI-Powered Ransomware Prototype Validates LLM-Orchestrated Attack Model
ESET has verified that samples of PromptLock uploaded to VirusTotal in late August 2025 were not part of an in-the-wild ...
Salesloft Shuts Down Drift After OAuth Token Theft Exposes SaaS-to-SaaS Risk
Salesloft has temporarily disabled the Drift platform effective September 5 following a large-scale supply chain intrusion in which attackers stole ...
