Most of us have some internet of things (IoT) devices at home, whether it's a phone, a tablet, or a collection of security cameras and sensors. When you learn that 120,000 home security cameras were hacked in South Korea for sexploitation footage, it makes you think twice about adding such devices to your home, which is your most sacred space for privacy.
Cybersecurity company Arctic Wolf said it observed active intrusions involving malicious single sign-on (SSO) logins on FortiGate appliances on December 12, 2025. The attacks exploit two critical authentication bypasses (CVE-2025-59718 and CVE-2025-59719, CVSS scores: 9.8). Patches for the flaws were released by Fortinet last week for FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager. "These vulnerabilities allow unauthenticated bypass of SSO login authentication via crafted SAML messages, if the FortiCloud SSO feature is enabled on affected devices," Arctic Wolf Labs said in a new bulletin.
"SoundCloud recently detected unauthorized activity in an ancillary service dashboard," opens a Monday post from the company. "Upon making this discovery, we immediately activated our incident response protocols and promptly contained the activity. We also engaged leading third-party cybersecurity experts to assist in a thorough investigation and response." Not long after SoundCloud and its hired help contained the incident, the site became the subject of multiple denial of service attacks.
The Old Internet is built on Internet Protocol version 4. This was first used on ARPANET in 1983. It's the IP version that launched the modern Internet. It's what we - or at least the general public - think of as an IP address. Under the covers it's a 32 bit long identifier, but it's always displayed as four decimal numbers separated by periods, e.g. "208.87.129.176".
The online casino industry has always been driven by innovation, but no technological shift has been as transformative as the rise of blockchain and cryptocurrency. What started as an experimental payment method has now evolved into a powerful engine reshaping how players interact with gambling platforms. Even established brands like Win Olympia are adopting blockchain-driven features to stay ahead of the curve. From faster payments to unparalleled transparency, blockchain is not just enhancing the online casino experience-it is redefining it entirely.
CVE-2025-61675 (CVSS score: 8.6) - Numerous authenticated SQL injection vulnerabilities impacting four unique endpoints (basestation, model, firmware, and custom extension) and 11 affected parameters that enable read and write access to the underlying SQL database CVE-2025-61678 (CVSS score: 8.6) - An authenticated arbitrary file upload vulnerability that allows an attacker to exploit the firmware upload endpoint to upload a PHP web shell after obtaining a valid PHPSESSID and run arbitrary commands to leak the contents of sensitive files (e.g., "/etc/passwd")
Hundreds of millions of computers worldwide are still running Windows 10, months after the one-time king of PC operating systems officially passed its end-of-support deadline. If you're responsible for one of those machines and you aren't ready to upgrade to Windows 11, you can sign up today for an Extended Security Updates (ESU) subscription -- consumers can get those updates free through October 2026, as I explain here: How to get free Windows 10 security patches on your PC - from now to October 2026.
A threat group dubbed ShadyPanda spent seven years playing the long game, publishing or acquiring harmless extensions, letting them run clean for years to build trust and gain millions of installs, then suddenly flipping them into malware via silent updates. In total, about 4.3 million users installed these once-legitimate add-ons, which suddenly went rogue with spyware and backdoor capabilities. This tactic was essentially a browser extension supply-chain attack. The ShadyPanda operators even earned featured and verified badges in the official Chrome Web Store and Microsoft Edge Add-ons site for some extensions, reinforcing user confidence. Because extension updates happen automatically in the background, the attackers were able to push out malicious code without users noticing a thing.
Jaguar Land Rover (JLR) has reportedly told staff the cyber-raid that crippled its operations in August didn't just bring production to a screeching halt - it also walked off with the personal payroll data of thousands of employees. The breach, which was pegged as one of the most costly in UK history, includes bank account details, tax codes, and other sensitive data related to staff salaries, benefits, and former employees. In an email to both current employees and former employees, seen by The Telegraph, JLR wrote: "While investigating, we have unfortunately identified that there has been unauthorised access to some personal data we process in the context of employment and some information needed to administer payroll, benefits and staff schemes to employees and dependents. This includes data of ex-JLR team members that has been stored."
Details of the six-year-old flaw were publicly shared by Cisco Talos in April 2019, describing it as an exploitable remote code execution vulnerability in the ACEManager "upload.cgi" function of Sierra Wireless AirLink ES450 firmware version 4.9.3. Talos reported the flaw to the Canadian company in December 2018. "This vulnerability exists in the file upload capability of templates within the AirLink 450," the company said. "When uploading template files, you can specify the name of the file that you are uploading."
Two people allegedly linked to China's infamous Salt Typhoon espionage hacking group seem to have previously received training through Cisco's prominent, long-running networking academy. Meanwhile, warnings are increasingly emerging from United States lawmakers in Congress that safeguards on expanded US wiretap powers have been failing, allowing US intelligence agencies to access more of Americans' data without adequate constraints. If you've been having trouble keeping track of all of the news and data coming out about infamous sex offender Jeffrey Epstein,
A security vulnerability in the Notepad++ update mechanism has been exploited to spread malicious code. What began as a report within the Notepad++ community at the end of October was later confirmed to be a structural weakness in the updater. Analysis by BleepingComputer shows that attackers were able to execute malware via this mechanism. Notepad++ has since released a fix in version 8.8.9.
A Microsoft zero-day vulnerability that allows an unprivileged user to crash the Windows Remote Access Connection Manager (RasMan) service now has a free, unofficial patch - with no word as to when Redmond plans to release an official one - along with a working exploit circulating online. Researchers from 0patch, the micropatching site, uncovered the denial-of-service (DoS) bug while investigating CVE-2025-59230, a Windows RasMan privilege escalation vulnerability that Redmond fixed in October, but not before attackers found and exploited the vulnerability.
Cybersecurity researchers are calling attention to a new campaign that's leveraging GitHub-hosted Python repositories to distribute a previously undocumented JavaScript-based Remote Access Trojan (RAT) dubbed PyStoreRAT. "These repositories, often themed as development utilities or OSINT tools, contain only a few lines of code responsible for silently downloading a remote HTA file and executing it via 'mshta.exe,'" Morphisec researcher Yonatan Edri said in a report shared with The Hacker News.
This year, MITRE made headlines primarily because its leading vulnerability database was in danger of being discontinued. For years, another issue has been plaguing the American non-profit. The voluntary ATT&CK evaluations in which security players participate are no longer popular. Below, we explain why and what MITRE plans to do to turn the tide. This year's list of participants is particularly disappointing, not in terms of caliber, but in the length of its participant list.
LastPass failed customers and fell short on expectations that the company would employ robust measures to protect personal data. Password managers are a safe and effective tool for businesses and the public to manage their numerous login details and we continue to encourage their use, he said. However, as is clear from this incident, businesses offering these services should ensure that system access and use is restricted to ensure risks of attack are significantly reduced,
When he tested the token, Zimmermann said that it granted access to hundreds of private Home Depot source code repositories hosted on GitHub and allowed the ability to modify their contents. The researcher said the keys allowed access to Home Depot's cloud infrastructure, including its order fulfillment and inventory management systems, and code development pipelines, among other systems. Home Depot has hosted much of its developer and engineering infrastructure on GitHub since 2015, according to a customer profile on GitHub's website.
No one knows exactly when quantum computing will arrive, but accelerating progress is prompting security and IT leaders to recognise the potential risks. With near-weekly breakthroughs in large-scale quantum computing, and with regulators and large cyber security players treating the issue as urgent, quantum-driven threats are now starting to appear on boardroom agendas. So how do organisations begin implementing post-quantum cryptography (PQC)? In this article, I'll outline a roadmap to post-quantum readiness and highlight the most common pitfalls senior decision makers encounter along the way.
It has been a turbulent and transformative period defined by sweeping shifts in both job seeker behavior and employer expectations. Across the U.S., a wave of public sector professionals entered the private job market following major government agency restructurings, layoffs, and early retirement programs. Many of these candidates with specialized skill sets found themselves needing to quickly translate their government experience into private-sector language, just as the hiring landscape itself was rapidly evolving.
Curzon cinema has admitted a major app failure that left dozens of customers' personal details exposed to complete strangers. The upmarket cinema chain which runs 10 venues across London plus its Curzon Home Cinema streaming service said the error meant other users could see people's names, emails, phone numbers, dates of birth, profile photos and membership tiers. In some cases, even the last four digits of saved bank cards were visible.
When Fortra disclosed CVE-2025-10035 in GoAnywhere MFT, security teams would have experienced a familiar sinking feeling. Another critical vulnerability. Another emergency patch cycle. Another race against ransomware operators. Yet, this latest maximum-severity flaw revealed something more troubling than a single vendor's coding error. It exposed the fundamental fragility of how organizations handle their most sensitive data transfers. Unfortunately, the numbers don't lie. According to our research, Managed File Transfer (MFT) platforms carry a sky-high risk score (4.72), outpacing nearly every other data transfer technology.
Nearly half of the exposed images contained five or more secrets each. Flare's November 2025 scan of Docker Hub found 10,456 container images with exposed keys across 205 distinct namespaces. After filtering for high and critical severity findings, researchers successfully identified 101 companies behind the leaks. The exposed credentials ranged from AI model access tokens to cloud infrastructure keys and database passwords.
