17 Jul, 2026

Fortinet warns of new FortiWeb zero-day exploited in attacks

Today, Fortinet released security updates to patch a new FortiWeb zero-day vulnerability that threat actors are actively exploiting in attacks. Tracked as CVE-2025-58034, this web application firewall security flaw was reported by Jason McFadyen of Trend Micro’s Trend Research team. Authenticated threat actors can gain code execution by successfully exploiting this OS command injection vulnerability in […]

2 mins read

Microsoft to integrate Sysmon directly into Windows 11, Server 2025

Microsoft announced today that it will integrate Sysmon natively into Windows 11 and Windows Server 2025 next year, making it unnecessary to deploy the standalone Sysinternals tools. “Next year, Windows updates for Windows 11 and Windows Server 2025 will bring Sysmon functionality natively to Windows,” reads an announcement by Sysinternals creator Mark Russinovich. “Sysmon functionality allows you […]

3 mins read

Microsoft Teams to let users report messages wrongly flagged as threats

Microsoft says that Teams users will be able to report false-positive threat alerts triggered by messages incorrectly flagged as malicious. This new feature was first announced in September, when it entered a targeted rollout phase, and will roll out to users worldwide by the end of November 2025. “Microsoft Teams now enables users to report messages they […]

2 mins read

French agency Pajemploi reports data breach affecting 1.2M people

Pajemploi, the French social security service for parents and home-based childcare providers, has suffered a data breach that may have exposed personal information of 1.2 million individuals. The incident impacts registered professional caregivers working for private employers, typically parents using the Pajemploi service part of URSSAF – the French organization that collects social security contributions from […]

2 mins read

Google fixes new Chrome zero-day flaw exploited in attacks

Google has released an emergency security update to fix the seventh Chrome zero-day vulnerability exploited in attacks this year. “Google is aware that an exploit for CVE-2025-13223 exists in the wild,” the search giant warned in a security advisory published on Monday. This high-severity vulnerability is caused by a type confusion weakness in Chrome’s V8 JavaScript engine, reported last […]

2 mins read

Malicious NPM packages abuse Adspect redirects to evade security

Seven packages published on the Node Package Manager (npm) registry use the Adspect cloud-based service to separate researchers from potential victims and lead them to malicious locations. The purpose of the attack is to lead victims to cryptocurrency scam sites, according to an analysis from researchers at application security company Socket. All malicious packages were published under the developer […]

4 mins read

RondoDox botnet malware now hacks servers using XWiki flaw

The RondoDox botnet malware is now exploiting a critical remote code execution (RCE) flaw in XWiki Platform tracked as CVE-2025-24893. On October 30, the U.S. Cybersecurity and Information Security Agency (CISA) marked the flaw as actively exploited. Now, a report from vulnerability intelligence company VulnCheck notes that CVE-2025-24893 is being leveraged in attacks by multiple threat actors, including botnet operators […]

2 mins read

Eurofiber France warns of breach after hacker tries to sell customer data

Eurofiber France disclosed a data breach it discovered late last week when hackers gained access to its ticket management system by exploiting a vulnerability and exfiltrated information. Eurofiber France SAS is the French unit of the Eurofiber Group N.V., a Dutch telecommunications service provider that operates a fiber network of 76,000 km across the Netherlands, Belgium, […]

2 mins read

Princeton University discloses data breach affecting donors, alumni

A Princeton University database was compromised in a cyberattack on November 10, exposing the personal information of alumni, donors, faculty members, and students. According to a FAQ page issued on Saturday, the threat actors breached Princeton’s systems by targeting a University employee in a phishing attack. This allowed them to gain access to “biographical information […]

3 mins read

Dutch police seizes 250 servers used by “bulletproof hosting” service

The police in the Netherlands have seized around 250 physical servers powering a bulletproof hosting service in the country used exclusively by cybercriminals for providing complete anonymity. Politie, the police force in the Netherlands, did not name the service but said that it has been used for illicit activities since 2022, and has emerged in more than […]

3 mins read