Cybersecurity News
Stay up-to-date with the latest cybersecurity news and developments in the cybersecurity landscape. Be the first to know about the latest threats, current innovations, and major trends in the cyber universe. Check our Cyber News section for the freshest information.
Three critical runC flaws expose Docker and Kubernetes to container escape
Three critical vulnerabilities in the OCI reference runtime runC—widely used by Docker, containerd, CRI‑O, and Kubernetes—could let attackers bypass container ...
CVE-2025-12480: Triofox localhost trust flaw under active exploitation enables unauthenticated SYSTEM RCE
Google Threat Intelligence warns that attackers are actively exploiting CVE-2025-12480, a critical vulnerability in Gladinet Triofox that allows unauthenticated remote ...
ASUS Patches Critical Authentication Bypass in DSL-AC51, DSL-N16, and DSL-AC750 (CVE-2025-59367)
ASUS has released an emergency firmware update to remediate CVE-2025-59367, a critical authentication bypass in several DSL router models. If ...
FBI Targets archive.today Operator With Broad Data Request to Tucows
The FBI has reportedly sought information on the operator of archive.today (also known as archive.is, archive.ph and others), one of ...
Pre‑disclosure exploitation of Citrix Bleed 2 and Cisco ISE RCE identified in broad campaign
Amazon Threat Intelligence has documented a large-scale campaign abusing two critical 0‑day vulnerabilities: CVE-2025-5777 (Citrix Bleed 2) affecting NetScaler ADC/Gateway ...
Malicious npm Package @acitons/artifact Was a GitHub Red Team Drill — What Happened and How to Protect CI/CD
Security researchers at Veracode reported a malicious npm package, @acitons/artifact, masquerading as the legitimate @actions/artifact and targeting GitHub Actions environments. ...
Logitech Confirms Data Breach as Clop Targets Oracle E‑Business Suite Zero‑Day
Logitech has notified the U.S. Securities and Exchange Commission (SEC) of an incident involving unauthorized access to company data, later ...
Operation Endgame: 1,025 C2 Servers Disrupted in Europol-Led Takedown of Rhadamanthys, VenomRAT, and Elysium
Law enforcement from nine countries—Australia, Canada, Denmark, France, Germany, Greece, Lithuania, the Netherlands, and the United States—executed a coordinated strike ...
Konni APT exploits Google’s Find My Device to track and factory‑reset Android phones via KakaoTalk phishing
Konni, a threat cluster linked to North Korea, has expanded its tactics by abusing Google Find Hub (commonly known as ...
Google Targets Lighthouse PhaaS Behind iMessage/RCS Smishing Impersonating USPS and E‑ZPass
Google has filed a federal lawsuit against Lighthouse, a phishing‑as‑a‑service (PhaaS) platform allegedly used by threat actors to run high‑volume ...
