Cyber News & Updates
Breaking news, security alerts, and trending stories from across the cybersecurity landscape.
-
Australian Clinical Labs Fined A$5.8 Million for Medlab Pathology Data Breach
Australian Clinical Labs (ACL) has been ordered to pay a A$5.8 million civil penalty for a data breach at its subsidiary, Medlab Pathology, marking a first under Australia’s Privacy Act.
-
CISA Confirms Linux Kernel Flaw Exploited in Ransomware Attacks
CISA confirms active exploitation of CVE-2024-1086, a Linux kernel privilege escalation flaw, in ransomware attacks, urging federal agencies to patch immediately.
-
Google Explores Deeper Personal Data Integration for AI Search Mode
Google is reportedly developing capabilities for its AI Mode in Search to access personal user data from services such as Gmail and Google Drive, offering an opt-in for enhanced personalization.
-
Chinese State-Linked Group Exploits Windows Zero-Day Against European Diplomats
A China-linked threat actor, identified as UNC6384 (also known as Mustang Panda), is actively exploiting a Windows zero-day vulnerability, CVE-2025-9491, in targeted attacks against European diplomatic entities. The campaign aims to conduct cyber espionage, monitoring communications and exfiltrating sensitive data from compromised systems. This activity highlights the ongoing risk posed by unpatched vulnerabilities in critical…
-
Ukrainian National Extradited to U.S. on Conti Ransomware Charges
Ukrainian national Oleksii Oleksiyovych Lytvynenko has been extradited to the U.S. to face charges related to his alleged involvement with the Conti ransomware operation. This action highlights ongoing international efforts against cybercriminals, with Lytvynenko facing potential penalties for wire fraud and computer fraud conspiracy. The Conti group, active from 2020 to 2022, is linked to…
-
CISA Directs Federal Agencies to Patch Actively Exploited VMware Vulnerability by Chinese Threat Actor UNC5174
CISA directs federal agencies to patch a high-severity VMware vulnerability, CVE-2025-41244, actively exploited by the Chinese state-sponsored threat actor UNC5174 since October 2024. All organizations are urged to prioritize patching due to its frequent use as an attack vector.
-
Critical Authentication Bypass Vulnerability Patched in Claroty SRA Products
A critical authentication bypass vulnerability (CVE-2025-54603) in Claroty Secure Remote Access (SRA) products has been patched, preventing unauthorized access and control in OT environments.
-
Android’s AI-Powered Defenses Block Billions of Monthly Mobile Scams
Google’s AI-powered defenses are successfully blocking billions of malicious calls and messages monthly, combating prevalent scams like employment fraud and financial deception, and adapting to new tactics like group chat scams.
-
Ribbon Communications Discloses Year-Long Nation-State Infiltration
American telecommunications firm Ribbon Communications has disclosed a year-long infiltration by nation-state hackers, highlighting persistent threats to critical infrastructure providers.
-
Nation-State Actor Implicated in Year-Long Ribbon Communications Breach
An American telecommunications company, Ribbon Communications, experienced a year-long security breach attributed to a nation-state actor, highlighting significant supply chain risks within the telecom sector.