Cyber News & Updates
Breaking news, security alerts, and trending stories from across the cybersecurity landscape.
-
Rotterdam: Explosions Up, Shootings Down in 2025
Rotterdam reports a rise in explosions and a drop in shootings for 2025. Mayor Schouten’s report highlights urban stability challenges and efforts to prevent youth violence.
-
AFM Warns of AI-Driven Market Risks
The Dutch financial authority (AFM) flags escalating economic risks from rapid tech changes and AI-driven markets, urging stronger resilience and adaptive regulation.
-
Critical Quest KACE SMA RCE (CVE-2025-32975) Under Attack
Threat actors are actively exploiting CVE-2025-32975, a critical path traversal vulnerability in Quest KACE Systems Management Appliance (SMA) with a CVSS score of 10.0, to achieve unauthenticated remote code execution. Patches were released on March 18, 2026.
-
Trivy Supply Chain Attack Spreads Infostealer, Worm, and Kubernetes Wiper via Docker Hub
A supply chain attack targeting Aqua Security’s Trivy vulnerability scanner led to the distribution of malicious artifacts via Docker Hub, deploying TeamPCP infostealer, a worm, and a Kubernetes wiper.
-
Hong Kong Police Can Demand Phone Passwords Under New Security Law
Hong Kong police can now legally demand phone and computer passwords from individuals suspected of breaching the National Security Law (NSL), with refusal leading to up to one year in jail and hefty fines.
-
North Korean Hackers Deploy StoatWaffle Malware via VS Code Projects
A North Korean threat actor, tracked as WaterPlum, is using malicious Visual Studio Code projects to distribute a new malware family called StoatWaffle. The campaign leverages a feature in VS Code to automatically execute code when a project is opened.
-
CISA Warns on Microsoft Intune After Stryker Cyberattack
CISA said on March 19 it is aware of malicious activity targeting endpoint management systems and urged organizations to harden Microsoft Intune configurations after the March 11 cyberattack on Michigan-based medical technology company Stryker.
-
CISA adds two actively exploited vulnerabilities to KEV catalog
CISA has added two vulnerabilities to its Known Exploited Vulnerabilities catalog in a March 13 alert, requiring federal agencies to remediate the flaws by a set deadline under Binding Operational Directive 22-01.
-
CISA adds five actively exploited vulnerabilities to KEV catalog
CISA has added five vulnerabilities affecting Advantive VeraCore, Ivanti EPM, Microsoft .NET Framework, and D-Link DIR-859 routers to its Known Exploited Vulnerabilities catalog, ordering federal agencies to remediate them by set deadlines.
-
Apple updates older iPhones and iPads for WebKit flaw exploited in Coruna spyware attacks
Apple has released security updates for older iPhone and iPad models to fix a WebKit vulnerability that was exploited in the wild and linked to Coruna spyware attacks.