UK's National Cyber Security Centre (NCSC) has announced a new Vulnerability Research Initiative (VRI) that aims to strengthen relations with external cybersecurity experts.

The number of Citrix customers impacted by CVE-2025-5777 remains unknown, but researchers have already observed more than 11.5 million attack attempts, targeting thousands of sites.

The bipartisan legislation would codify the agency’s position as the one in charge of coordinating responses to incidents like the breach on U.S. telecoms.

BlackSuit, a rebranded Royal/Conti ransomware, unleashes destructive multi-stage attacks. It uses Cobalt Strike, rclone for data exfil, and deletes shadow copies for stealth and speed.

A flaw (CVE-2025-43856) in Immich allows account hijacking via a broken OAuth2 implementation (missing state parameter check). Update to v1.132.0 immediately!

Unit 42 uncovers HazyBeacon, a novel backdoor using AWS Lambda URLs for stealthy C2. It's deployed via DLL sideloading, targeting Southeast Asian govts for trade documents.

North Korean APTs are using XORIndex malware in a new npm supply chain attack, infiltrating developers via 67 malicious packages to steal crypto wallets and credentials.

A flaw (CVE-2025-53101) in ImageMagick allows stack buffer overflows via filename templates, risking memory corruption and remote code execution. Patch now!

CISA adds critical Wing FTP Server RCE flaw (CVE-2025-47812, CVSS 10.0) to KEV. Actively exploited via null byte and Lua code injection; patch to 7.4.4 immediately!

Google officially confirmed plans to unify Android and ChromeOS into a single platform, aiming for seamless cross-device experiences and streamlined development for its AI-driven future.

A critical SSTI flaw (CVE-2025-53833, CVSS 10.0) in LaRecipe allows unauthenticated RCE on affected servers via template injection. Update to v2.8.1 immediately!

A Russian crypto developer lost $500K after installing a fraudulent "Solidity Language" extension for Cursor AI IDE from Open VSX, which deployed malware for remote access and data theft.

A Maryland-based IT firm, Hill ASC Inc., has agreed to fork over at least $14.75 million in a settlement that brings the federal contractors under the

FBI seizes multiple piracy sites for Nintendo Switch and PlayStation 4 games, dismantling their infrastructure.

Unit 42 researchers from Palo Alto Networks have been monitoring a sophisticated threat cluster designated CL-STA-1020.

Researchers have unveiled a sprawling cybercrime syndicate orchestrating an elaborate phishing and investment fraud campaign.

AWS replaced its 1-year free tier with a credit-based model (up to $200 credits, 6 months max) for new users, effective July 15, 2025. Accounts close if not upgraded.

Jack Dorsey launches "Sun Day," a new iOS app for tracking personal sun exposure, UV radiation, and estimating Vitamin D synthesis based on user data.

Meta's multi-billion dollar investment in gigawatt-scale AI data centers is raising alarms over massive water consumption and escalating community tensions.

Microsoft extends Windows 10 security updates via ESU until Oct 2028 and Microsoft 365 support, giving users more time to migrate to Windows 11.

The U.S. DoD is investing up to $200M in AI firms like OpenAI, Google, Anthropic, and xAI to develop advanced AI for military applications and "superintelligence."