Cyber News & Updates
Breaking news, security alerts, and trending stories from across the cybersecurity landscape.
-
Canada Fines Cryptomus Over $176 Million for AML Violations Tied to Cybercrime
Canadian financial regulators have imposed an administrative monetary penalty of over $176 million on Xeltox Enterprises Ltd., operating as Cryptomus. The penalty from FINTRAC addresses the cryptocurrency payments platform’s significant non-compliance with anti-money laundering and anti-terrorist financing regulations, citing failures to report suspicious transactions linked to child exploitation, fraud, ransomware, and sanctions evasion. Investigations revealed…
-
Balancer DeFi Protocol Suffers $128 Million Exploit
A recent exploit on the Balancer DeFi protocol’s v2 pools led to a staggering loss of over $128 million, underscoring persistent security challenges in the cryptocurrency landscape.
-
Microsoft Discovers SesameOp: A New Backdoor Using OpenAI’s Assistants API for Covert C2
Microsoft discovered SesameOp, a new backdoor that uses OpenAI’s Assistants API for covert command and control (C2) operations. This technique allows attackers to fetch commands and exfiltrate data through a trusted cloud service, making detection harder. Discovered in July 2025, SesameOp aims for long-term persistence, often a hallmark of espionage campaigns.
-
Cybersecurity Overhaul: Thales and Imperva Unite for Integrated Security
Thales and Imperva are combining forces to offer businesses a truly unified defense, from data protection to application security, integrating AI and machine learning for advanced threat detection and a stronger security posture.
-
Critical WSUS RCE Vulnerability CVE-2025-59287 Actively Exploited, CISA Urges Immediate Patching
A critical, unauthenticated Remote Code Execution (RCE) vulnerability, CVE-2025-59287, in Microsoft’s Windows Server Update Services (WSUS) is being actively exploited right now, allowing attackers to run malicious code with SYSTEM privileges.
-
SleepyDuck Malware Redefines C2 Resilience with Ethereum Blockchain
A dangerous new remote access trojan (RAT), dubbed SleepyDuck, is leveraging an Ethereum blockchain contract to maintain an incredibly resilient command and control (C2) infrastructure. This isn’t just another piece of malware; it’s a sophisticated threat that can update its C2 server address on the fly, making it notoriously difficult to shut down. This innovative,…
-
New Vulnerabilities Found in Windows Graphics Core, Raising Security Concerns
Security researchers have uncovered critical vulnerabilities in Microsoft’s Windows Graphics Device Interface (GDI), potentially allowing remote code execution and information disclosure. Patches have been released, but continuous vigilance is crucial for Windows users.
-
OpenAI’s Aardvark Aims to Redefine Software Security with Autonomous AI
OpenAI introduces Aardvark, an autonomous AI agent powered by GPT-5, designed to automatically detect, validate, and fix software vulnerabilities, aiming to redefine software security.
-
New TEE.fail Side-Channel Attack Compromises Intel and AMD Trusted Execution Environments
A new low-cost physical side-channel attack, TEE.fail, bypasses Intel and AMD Trusted Execution Environments, allowing cryptographic key extraction and subversion of secure attestation, according to researchers. This attack highlights critical vulnerabilities in confidential computing architectures.
-
Swedish Authority Investigates Major Data Leak Impacting 1.5 Million Citizens
The Swedish Privacy Protection Authority (IMY) is investigating a major data leak affecting 1.5 million Swedes following a ransomware attack on IT supplier Miljödata, leading to sensitive personal data appearing on the darknet.