Cyber News & Updates
Breaking news, security alerts, and trending stories from across the cybersecurity landscape.
-
DarkSpectre Browser Extension Campaigns Expose 8.8 Million Users to Corporate Espionage
DarkSpectre is a Chinese threat actor operating three browser extension campaigns infecting 8.8 million users across Chrome, Edge, and Firefox. ShadyPanda (5.6M users) executes mass surveillance and affiliate fraud. GhostPoster (1.05M) delivers steganographic payloads. The Zoom Stealer (2.2M) monitors 28+ video conferencing platforms, exfiltrating meeting URLs, participant lists, speaker identities, and company data in real-time.…
-
Tokyo FM Data Breach Claims 3 Million Records Exposed
On January 1, 2026, an attacker announced access to Tokyo FM Broadcasting Co., Ltd.’s internal systems, claiming to have exfiltrated 3 million listener and employee records. The dataset reportedly includes personal identifiers (names, emails, IP addresses), behavioral data (user agents), authentication tokens, and employment information. Tokyo FM has not yet issued public confirmation or customer…
-
Roundcube CVE-2025-68461: SVG XSS Vulnerability Enables Silent Email Account Takeover Through Malicious Animate Tags
Roundcube Webmail contains a Cross-Site Scripting vulnerability (CVE-2025-68461, CVSS 7.2) that enables attackers to hijack email accounts by sending malicious SVG files. The flaw exploits improper sanitization of SVG animate tags to execute JavaScript in victim browsers, granting full account access without credentials. Security patches are available for versions 1.5.12 and 1.6.12, but deployment lags…
-
Undersea Cable Sabotage Suspected: Finland Detains Crew as NATO Infrastructure Faces Hybrid Warfare Threat
On New Year’s Eve, a cargo ship dragged an anchor across a critical undersea cable linking Finland and Estonia, severing connectivity. Finnish authorities arrested two crew members for alleged sabotage, discovering the vessel also carried sanctioned Russian steel. The incident marks a turning point in hybrid warfare tactics targeting NATO critical infrastructure, raising urgent questions…
-
RemoveWindowsAI: Complete AI Feature Removal for Windows Privacy, Control, and Defensive Hardening
RemoveWindowsAI is a PowerShell-based tool for completely removing Microsoft’s built-in AI features from Windows 11 25H2 builds—Copilot, Recall, Input Insights, and AI-powered tools in Paint and Notepad. For defenders prioritizing privacy, system control, and operational security, this tool provides comprehensive disablement across registry keys, appx packages, Component-Based Servicing stores, and scheduled tasks. It includes backup…
-
Japan’s Record Defense Budget: Strategic Pivot from Pacifism to Offensive Deterrence Against Rising Chinese Military Threat
Japan’s Cabinet approved a record 9 trillion yen ($58 billion) defense budget for fiscal 2026, marking a 9.4% increase and the fourth consecutive year of a five-year military spending expansion. This budget funds Type-12 long-range missiles, AI-integrated drone systems, and next-generation fighter development, signaling Japan’s strategic pivot from pacifism to offensive deterrence against China’s rapid…
-
Operation Absolute Resolve: U.S. Military Capture of Maduro and the Strategic Doctrine of Regime Change
Operation Absolute Resolve marks a watershed moment: the U.S. military capture of a sitting Western Hemisphere leader using Delta Force operatives, RQ-170 stealth drones, and precision strikes on air defense systems. Trump pledges direct U.S. governance of Venezuela’s economy and oil infrastructure. The operation raises critical questions about international law, regime change doctrine, and American…
-
GenWar Lab: Johns Hopkins APL’s Generative AI for Military Wargaming—Strategic Risks and the AI Validation Challenge
Johns Hopkins Applied Physics Laboratory is launching the GenWar Lab in 2026 to accelerate military wargaming using generative AI. The facility will embed LLMs into tabletop exercises to generate AI agents, translate human commands to mathematical models, and conduct AI-only scenarios. While promising faster strategic planning, GenWar raises critical questions: Can LLMs be reliably benchmarked…
-
SmarterTools SmarterMail CVE-2025-52691: Unauthenticated Arbitrary File Upload Enables Remote Code Execution on Email Gateways
SmarterTools SmarterMail CVE-2025-52691 (CVSS 10.0) allows unauthenticated attackers to upload arbitrary files to mail servers without authentication, enabling immediate remote code execution. Affects Build 9406 and earlier; patched in Build 9413 (Oct 9, 2025). Used by web hosting providers ASPnix, Hostek, simplehosting.ch managing thousands of customer domains.
-
IBM API Connect CVE-2025-13915: Critical Authentication Bypass Affecting Enterprise API Gateways at Major Financial and Telecom Organizations
IBM API Connect (CVSS 9.8) authentication bypass allows remote attackers to completely bypass login mechanisms and gain unauthorized access to centralized API gateways serving banks, airlines, and telecommunications companies. Affects versions 10.0.8.0-10.0.8.5, 10.0.11.0, 10.0.15.0 with no evidence of active exploitation yet.