Security
Stay informed with the latest developments in cybersecurity through our Security category. Discover in-depth news, analysis, and updates on emerging cyber threats, malware incidents, and major data breaches. Whether you’re a cybersecurity professional or just keen on protecting your digital footprint, find insights and trends that are shaping the future of online security here.
Barts Health NHS discloses data breach after Oracle zero-day hack
Barts Health NHS Trust, a major healthcare provider in England, announced that Clop ransomware actors have stolen files from one of its databases after exploiting a vulnerability in its Oracle E-business Suite software. The stolen data are invoices spanning several years that expose the full names and addresses of individuals who paid for treatment or other services […]
FBI warns of virtual kidnapping scams using altered social media photos
The FBI warns of criminals altering images shared on social media and using them as fake proof of life photos in virtual kidnapping ransom scams. This is part of a public service announcement published today about criminals contacting victims via text message, claiming to have kidnapped a family member and demanding ransom payments. However, as […]
EU fines X $140 million over deceptive blue checkmarks
The European Commission has fined X €120 million ($140 million) for violating transparency obligations under the Digital Services Act (DSA). This is the first non-compliance ruling under the DSA, a set of rules adopted in 2022 that requires platforms to remove harmful content and protect users across the European Union. The fine was issued following a two-year […]
Cloudflare blames today’s outage on React2Shell mitigations
Earlier today, Cloudflare experienced a widespread outage that caused websites and online platforms worldwide to go down, returning a “500 Internal Server Error” message. The internet infrastructure company has now blamed the incident on the rollout of emergency mitigations designed to address a critical remote code execution vulnerability in React Server Components, which is now actively exploited […]
Pharma firm Inotiv discloses data breach after ransomware attack
American pharmaceutical firm Inotiv is notifying thousands of people that they’re personal information was stolen in an August 2025 ransomware attack. Inotiv is an Indiana-based contract research organization specializing in drug development, discovery, and safety assessment, as well as live-animal research modeling. The company has about 2,000 employees and an annual revenue exceeding $500 million. When […]
Critical React2Shell flaw actively exploited in China-linked attacks
Multiple China-linked threat actors began exploiting the React2Shell vulnerability (CVE-2025-55182) affecting React and Next.js just hours after the max-severity issue was disclosed. React2Shell is an insecure deserialization vulnerability in the React Server Components (RSC) ‘Flight’ protocol. Exploiting it does not require authentication and allows remote execution of JavaScript code in the server’s context. For the Next.js framework, […]
Cloudflare down, websites offline with 500 Internal Server Error
Cloudflare is down, as websites are crashing with a 500 Internal Server Error. Cloudflare has confirmed that it’s investigating the reports. Cloudflare, a service that many websites use to stay fast and secure, is currently facing problems. Because of this, people visiting some websites are seeing a “500 Internal Server Error” message instead of the […]
Hackers are exploiting ArrayOS AG VPN flaw to plant webshells
Threat actors have been exploiting a command injection vulnerability in Array AG Series VPN devices to plant webshells and create rogue users. Array Networks fixed the vulnerability in a May security update, but has not assigned an identifier, complicating efforts to track the flaw and patch management. An advisory from Japan’s Computer Emergency and Response Team (CERT) warns […]
Predator spyware uses new infection vector for zero-click attacks
The Predator spyware from surveillance company Intellexa has been using a zero-click infection mechanism dubbed “Aladdin,” which compromised specific targets by simply viewing a malicious advertisement. This powerful and previously unknown infection vector is meticulously hidden behind shell companies spread across multiple countries, now uncovered in a new joint investigation by Inside Story, Haaretz, and WAV Research Collective. […]
Russia blocks FaceTime and Snapchat for alleged use by terrorists
Russian telecommunications watchdog Roskomnadzor has blocked access to Apple’s FaceTime video conferencing platform and the Snapchat instant messaging service, claiming they’re being used to coordinate terrorist attacks. Roskomnadzor said that the two platforms are also being used to recruit criminals and to commit fraud and various other crimes targeting Russian citizens. “According to law enforcement […]