Compromised PyPI Package Imitating Solana Tool Leads to Source Code Exfiltration in 761 Instances
Cybersecurity researchers have identified a malicious package within the Python Package Index (PyPI) repository, masquerading as an application related to the Solana blockchain. This package, termed solana-token, has been…

SAP Addresses Second Zero-Day Vulnerability Targeted in Recent Attack Campaigns
SAP has released critical security patches to address a second vulnerability that has been exploited in recent attacks targeting SAP NetWeaver servers. The new vulnerability, identified as CVE-2025-42999, was…

DPRK-Backed TA406 Conducts Malicious Campaigns Against Ukraine
A new cyber espionage campaign has emerged, targeting Ukrainian government entities, according to recent findings from cybersecurity researchers. This operation has been linked to the North Korean state-aligned threat…

CISA Includes TeleMessage Vulnerability in KEV List After Security Breach
CISA has officially added a vulnerability found in TeleMessage to its Known Exploited Vulnerabilities (KEV) list. This decision comes in light of a recent breach that compromised multiple organizations,…

Investigation Initiated into N.W.T. Medical Record System Following Two Reported Incidents of Unauthorized Access
Medical records represent some of the most sensitive information managed by government agencies. Recent incidents involving employees of the Northwest Territories Health and Social Services Authority underscore the vulnerability…

North Korean Konni APT Leverages Malware to Monitor Developments in the Russian Invasion of Ukraine
The North Korean threat actor known as Konni APT has recently been implicated in a phishing campaign targeting government entities in Ukraine, expanding its focus beyond previous targets in…

North Korea Intensifies Cyber Espionage Activities in Ukraine to Evaluate Conflict Risks
The state-sponsored North Korean hacking group known as Konni (also referred to as Opal Sleet or TA406) has intensified its cyber espionage operations directed at Ukrainian governmental organizations. This…

European Vulnerability Database Introduced in Response to US CVE Disruptions
Europe’s cybersecurity agency has officially launched a comprehensive vulnerability database initiative, aimed to aid network defenders amidst ongoing challenges in the U.S. vulnerability management sector.

The new European Vulnerability…

Data Breach: Exposure of Information from 3 Million Students and Coaches in PrepHero-Linked Database
A recent security breach at PrepHero, a college recruiting platform, has resulted in the exposure of millions of unencrypted records, encompassing sensitive personal information of users. This incident raises…

Microsoft Addresses 78 Vulnerabilities, Including 5 Exploited Zero-Day Threats; Critical CVSS 10 Vulnerability Affects Azure DevOps Server
Microsoft has released updates to address 78 security vulnerabilities across its software ecosystem, including five critical zero-day vulnerabilities currently under active exploitation.

Among the resolved vulnerabilities, 11 have been…

Twilio Refutes Claims of Data Breach in Response to Alleged Leakage of Steam Two-Factor Authentication Codes
Twilio has issued a statement denying any breach of its systems after a threat actor claimed to possess over 89 million Steam user records, including one-time access codes. The…

Emerging ‘Chihuahua Stealer’ Malware Compromises Browser Data and Cryptocurrency Wallets
A new infostealer, identified as “Chihuahua Stealer,” combines traditional malware tactics with advanced functionalities, raising concerns within the cybersecurity community. The malware was initially reported by a Reddit user…

Apple Agrees to Settlement of $95 Million in Siri Surveillance Litigation – Application Details Enclosed
Apple has agreed to pay $95 million to settle allegations regarding unauthorized recordings made by Siri, its voice-activated assistant. This settlement comes in response to claims that the company…

CTM360 Discovers Increased Incidence of Phishing Attacks Aimed at Meta Business Users
A new global phishing threat identified as “Meta Mirage” has emerged, specifically targeting organizations that utilize Meta’s Business Suite. This campaign primarily focuses on hijacking high-value accounts associated with…

Microsoft Addresses Booting Challenges on Dual-Boot Windows and Linux Environments
Microsoft has addressed a significant issue that was preventing Linux from booting on dual-boot systems where Secure Boot was enabled, following the installation of the August 2024 Windows security…

Android Enterprise Introduces Device Trust for Enhanced Security
A new security solution, Device Trust, has been introduced by Android Enterprise to enhance the security of Android devices. This initiative is particularly timely as organizations navigate the complexities…

Xinbi Telegram Marketplace Linked to $8.4 Billion in Cryptocurrency-Related Criminal Activities, Including Romance Scams and North Korean Money Laundering
A Telegram-based marketplace facilitating illicit transactions, named Xinbi Guarantee, has processed transactions totaling approximately $8.4 billion since its inception in 2022. This establishment has emerged as the second notable…

Incident Involving Disclosure of Documents by the Australian Human Rights Commission to Search Engine Platforms
The Australian Human Rights Commission (AHRC) has confirmed a serious data breach involving the unauthorized exposure of sensitive documents that were subsequently indexed by major search engines.

The breach…

Samsung Implements Security Patch for CVE-2025-4632 Exploited in Mirai Botnet Deployment via MagicINFO 9 Vulnerability
Samsung has implemented software updates to rectify a critical security vulnerability identified in the MagicINFO 9 Server, which has been the target of active exploitation.

This vulnerability, designated as…

Google Chrome Implements Restrictions on Admin-Level Browser Launches to Enhance Security Measures
Google is implementing a significant update to Chromium that modifies Google Chrome’s operational privileges to enhance security within Windows environments. This initiative aims to prevent the browser from running…