Cyber News & Updates
Breaking news, security alerts, and trending stories from across the cybersecurity landscape.
-
Chinese State-Linked Group Exploits Windows Zero-Day Against European Diplomats
A China-linked threat actor, identified as UNC6384 (also known as Mustang Panda), is actively exploiting a Windows zero-day vulnerability, CVE-2025-9491, in targeted attacks against European diplomatic entities. The campaign aims to conduct cyber espionage, monitoring communications and exfiltrating sensitive data from compromised systems. This activity highlights the ongoing risk posed by unpatched vulnerabilities in critical…
-
Ukrainian National Extradited to U.S. on Conti Ransomware Charges
Ukrainian national Oleksii Oleksiyovych Lytvynenko has been extradited to the U.S. to face charges related to his alleged involvement with the Conti ransomware operation. This action highlights ongoing international efforts against cybercriminals, with Lytvynenko facing potential penalties for wire fraud and computer fraud conspiracy. The Conti group, active from 2020 to 2022, is linked to…
-
CISA Directs Federal Agencies to Patch Actively Exploited VMware Vulnerability by Chinese Threat Actor UNC5174
CISA directs federal agencies to patch a high-severity VMware vulnerability, CVE-2025-41244, actively exploited by the Chinese state-sponsored threat actor UNC5174 since October 2024. All organizations are urged to prioritize patching due to its frequent use as an attack vector.
-
Critical Authentication Bypass Vulnerability Patched in Claroty SRA Products
A critical authentication bypass vulnerability (CVE-2025-54603) in Claroty Secure Remote Access (SRA) products has been patched, preventing unauthorized access and control in OT environments.
-
Android’s AI-Powered Defenses Block Billions of Monthly Mobile Scams
Google’s AI-powered defenses are successfully blocking billions of malicious calls and messages monthly, combating prevalent scams like employment fraud and financial deception, and adapting to new tactics like group chat scams.
-
Ribbon Communications Discloses Year-Long Nation-State Infiltration
American telecommunications firm Ribbon Communications has disclosed a year-long infiltration by nation-state hackers, highlighting persistent threats to critical infrastructure providers.
-
Nation-State Actor Implicated in Year-Long Ribbon Communications Breach
An American telecommunications company, Ribbon Communications, experienced a year-long security breach attributed to a nation-state actor, highlighting significant supply chain risks within the telecom sector.
-
Microsoft Services Experience Global Outage Due to Faulty Cloud Configuration
Microsoft experienced a widespread global infrastructure disruption on October 29, 2025, impacting Azure, Microsoft 365, Xbox, and Minecraft due to a faulty cloud network configuration.
-
NFC Relay Malware Exploits Android Tap-to-Pay for Fraudulent Transactions
Zimperium zLabs has discovered hundreds of malicious Android apps using NFC relay and Host Card Emulation to steal payment data from tap-to-pay transactions, turning infected phones into tools for payment fraud.
-
AI-Targeted Cloaking Attacks Emerge, Threatening Information Integrity
Researchers have identified a novel ‘AI-targeted cloaking attack’ that manipulates AI crawlers into citing fabricated information as legitimate facts, impacting search results and potentially spreading misinformation.