Cyber News & Updates
Breaking news, security alerts, and trending stories from across the cybersecurity landscape.
-
Chat control risk for cyber resilience
The Dutch intelligence service, AIVD, warns that a new EU proposal for ‘chat control’ could severely harm the Netherlands’ cyber resilience. They express concerns that voluntary message scanning might weaken security systems, making critical infrastructure and personal data vulnerable to cyberattacks, despite the aim to combat child sexual abuse material.
-
Google Brings AirDrop Compatibility to Android’s Quick Share Using Rust-Hardened Security
Google has made a significant move: Android’s Quick Share now works with Apple’s AirDrop, enabling easier file and photo transfers between Android and iPhone devices. This cross-platform sharing feature, initially for Pixel 10 and expanding to more Android devices, was built with memory-safe Rust for robust security against common vulnerabilities, ensuring direct peer-to-peer transfers without…
-
Grafana Patches CVSS 10.0 SCIM Flaw Enabling Impersonation and Privilege Escalation
Grafana has issued urgent security updates for a critical vulnerability in its SCIM provisioning feature, carrying a maximum CVSS score of 10.0. This flaw (CVE-2025-41115) could allow attackers to escalate privileges or impersonate users, especially in Grafana versions 12.x where SCIM provisioning is active, leading to a newly provisioned user being treated as an existing…
-
CISA Warns of Actively Exploited Critical Oracle Identity Manager Zero-Day Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a stark warning regarding a critical, actively exploited zero-day vulnerability in Oracle Identity Manager (CVE-2025-52054). This flaw, with a CVSS score of 9.8, allows remote attackers to bypass authentication and gain unauthorized access, posing a significant risk of complete system compromise to affected versions.
-
Cabinet does not yet want to block takeover of cloud company Solvinity
The Dutch cabinet is reviewing a potential acquisition of cloud company Solvinity, which handles critical services like DigiD. Demissionary Minister Frank Rijkaart noted concerns but stated it’s too soon to block the deal, initiating a full investigation into the implications. Solvinity’s vital infrastructure supports key government systems, prompting questions from the House of Representatives. The…
-
Google: Data of two hundred Salesforce customers stolen via Gainsight apps
A major cyberattack has resulted in the theft of data from over 200 Salesforce customers, stemming from compromised Gainsight applications. The group claiming responsibility is known as “Scattered Lapsus$ Hunters,” also identified as UNC6040 by Google’s Mandiant team.
-
Bugcrowd Buys Mayhem Security for AI Hacking
Bugcrowd acquires Mayhem Security, an AI and cyber scaleup. This merger boosts ethical hacking with AI-powered testing. Mayhem’s AI platform offers continuous security testing. The collaboration aims to shrink attack surfaces and pre-empt risks.
-
Cloudflare Outage Disrupts X, ChatGPT
Cloudflare outage on November 18 disrupted major internet platforms globally. X (formerly Twitter) and ChatGPT were affected. Cloudflare investigated and resolved the widespread issue.
-
AI-Based Obfuscated Malware Evades AV Detection
Malicious Android applications use AI-powered obfuscation to bypass antivirus detection. These apps mimic delivery services, steal user data, and employ sophisticated evasion techniques. Security analysts identified advanced obfuscation, making reverse engineering difficult.
-
Grafana Patches Critical SCIM Flaw
Grafana has patched a critical security flaw, CVE-2025-41115, in its SCIM component. This vulnerability could lead to user impersonation or privilege escalation in affected Grafana Enterprise versions. Users are advised to update immediately.