Cyber News & Updates
Breaking news, security alerts, and trending stories from across the cybersecurity landscape.
-
GootLoader Returns with Novel WOFF2 Font Obfuscation and WordPress Exploits
GootLoader returns with novel WOFF2 font obfuscation and WordPress exploits, rapidly compromising networks. The malware uses custom WOFF2 fonts and exploits WordPress comment sections to deliver malicious payloads.
-
Romania Finds Possible Drone Fragments After Russian Strikes on Ukraine
Romanian authorities discovered possible drone fragments in their southeastern border region after Russian aerial assaults targeted Ukrainian ports along the Danube River, escalating cross-border implications and highlighting NATO’s challenges in securing its borders.
-
Russia’s Ulyanovsk Region Imposes Permanent Mobile Internet Blackout
Russia’s Ulyanovsk region imposed the country’s first permanent mobile internet blackout, citing security concerns related to the ongoing “special military operation” in Ukraine.
-
China Showcases GJ-11 Stealth Drone with J-20S Fighter
China released new footage showing its GJ-11 stealth uncrewed combat air vehicle (UCAV), known as Xuanlong, operating with the J-20S stealth fighter, signaling its entry into regular training and active use within the Chinese Air Force.
-
AI Escalates Supply Chain Attacks, Overwhelming Traditional Defenses
AI-enabled supply chain attacks are rapidly increasing in sophistication and scale, posing significant challenges to traditional cybersecurity defenses. This article explores the rise of polymorphic and context-aware AI-generated malware, its real-world impacts, and the urgent need for adaptive security frameworks and regulatory compliance to combat these evolving threats.
-
OWASP Updates Top 10 Risks, Highlights Supply Chain and Systemic Flaws
OWASP has updated its Top 10 list of web application security risks, highlighting supply chain and systemic design weaknesses, marking its first major revision since 2021.
-
Critical XSS Flaw Found in GitHub Enterprise Server: Immediate Update Recommended
A critical DOM-based Cross-Site Scripting (XSS) vulnerability, identified as CVE-2025-11892, has been uncovered in GitHub Enterprise Server, posing a significant risk of privilege escalation and unauthorized workflow triggers. Immediate update to affected systems is highly recommended to mitigate this high-severity flaw.
-
Authenticated SQL Injection Exposes TorrentPier User Data
An authenticated SQL injection vulnerability, tracked as CVE-2025-64519, has been discovered in TorrentPier, the popular open-source BitTorrent tracker engine. The flaw allows malicious actors with moderator privileges to execute arbitrary SQL queries, posing a significant risk to the integrity and confidentiality of database information.
-
Critical Flaw in Soft Serve Git Server Exposes Internal Networks
A critical Server-Side Request Forgery (SSRF) vulnerability, CVE-2025-64522, in Soft Serve Git server allows attackers to access internal networks. Organizations are urged to update to version 0.11.1 immediately to prevent data breaches and system compromise.
-
Military Experts Raise Alarms Over AI Chatbot Vulnerabilities: A New Front in Cyberwarfare
Military experts warn about critical security flaws in AI chatbots, specifically prompt injection attacks, which can be exploited by hostile foreign powers to compromise sensitive information and unleash chaos. The article highlights real-world vulnerabilities in popular LLMs like Google Gemini, OpenAI’s ChatGPT, and Microsoft Copilot, and the potential for adversaries to pilfer critical files, warp…