Security
Stay informed with the latest developments in cybersecurity through our Security category. Discover in-depth news, analysis, and updates on emerging cyber threats, malware incidents, and major data breaches. Whether you’re a cybersecurity professional or just keen on protecting your digital footprint, find insights and trends that are shaping the future of online security here.
CISA warns of Chinese “BrickStorm” malware attacks on VMware servers
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned network defenders of Chinese hackers backdooring VMware vSphere servers with Brickstorm malware. In a joint malware analysis report with the National Security Agency (NSA) and Canada’s Cyber Security Centre, CISA says it analyzed eight Brickstorm malware samples. These samples were discovered on networks belonging to victim organizations, where […]
Contractors with hacking records accused of wiping 96 govt databases
U.S. prosecutors have charged two Virginia brothers arrested on Wednesday with allegedly conspiring to steal sensitive information and destroy government databases after being fired from their jobs as federal contractors. Twin brothers Muneeb and Sohaib Akhter, both 34, were also sentenced to several years in prison in June 2015, after pleading guilty to accessing U.S. State Department systems without […]
Critical React, Next.js flaw lets hackers execute code on servers
A maximum severity vulnerability, dubbed ‘React2Shell’, in the React Server Components (RSC) ‘Flight’ protocol allows remote code execution without authentication in React and Next.js applications. The security issue stems from insecure deserialization. It received a severity score of 10/10 and has been assigned the identifiers CVE-2025-55182 for React and CVE-2025-66478 (CVE rejected in the National Vulnerability Database) for Next.js. Security researcher Lachlan Davidson discovered […]
Marquis data breach impacts over 74 US banks, credit unions
Financial software provider Marquis Software Solutions is warning that it suffered a data breach that impacted dozens of banks and credit unions across the US. Marquis Software Solutions provides data analytics, CRM tools, compliance reporting, and digital marketing services to over 700 banks, credit unions, and mortgage lenders. In data breach notifications filed with US […]
Critical flaw in WordPress add-on for Elementor exploited in attacks
Attackers are exploiting a critical-severity privilege escalation vulnerability (CVE-2025–8489) in the King Addons for Elementor plugin for WordPress, which lets them obtain administrative permissions during the registration process. The threat activity started on October 31, just a day after the issue was publicly disclosed. So far, the Wordfence security scanner from Defiant, a company that provides […]
French DIY retail giant Leroy Merlin discloses a data breach
French home improvement and gardening retailer Leroy Merlin is notifying customers that their personal info has been compromised in a data breach. Leroy Merlin operates in multiple European countries as well as in South Africa and Brazil, employs 165,000 people, and has an annual revenue of $9.9 billion. The incident affects only customers in France, according to […]
Freedom Mobile discloses data breach exposing customer data
Freedom Mobile, the fourth-largest wireless carrier in Canada, has disclosed a data breach after attackers hacked into its customer account management platform and stole the personal information of an undisclosed number of customers. Founded in 2008 as Wind Mobile by telecommunications provider Globalive, Freedom has over 2,2 million subscribers and now says it provides coverage to […]
Russia blocks Roblox over distribution of LGBT “propaganda”
Roskomnadzor, Russia’s telecommunications watchdog, has blocked access to the Roblox online gaming platform for failing to stop the distribution of what it described as LGBT propaganda and extremist materials. “Roskomnadzor has restricted access to the American Internet service Roblox in connection with the revealed facts of mass and repeated dissemination of materials with propaganda and […]
Google expands Android scam protection feature to Chase, Cash App in U.S.
Google is expanding support for its Android’s in-call scam protection to multiple banks and financial applications in the United States. The announcement specifically mentions the addition of fintech app Cash App, which has 57 million users, and the JPMorganChase mobile banking app, which has more than 50 million downloads on Google Play. In-call scam protection is a new feature […]
Microsoft “mitigates” Windows LNK flaw exploited as zero-day
Microsoft has silently “mitigated” a high-severity Windows LNK vulnerability exploited by multiple state-backed and cybercrime hacking groups in zero-day attacks. Tracked as CVE-2025-9491, this security flaw allows attackers to hide malicious commands within Windows LNK files, which can be used to deploy malware and gain persistence on compromised devices. However, the attacks require user interaction to […]