Security
Stay informed with the latest developments in cybersecurity through our Security category. Discover in-depth news, analysis, and updates on emerging cyber threats, malware incidents, and major data breaches. Whether you’re a cybersecurity professional or just keen on protecting your digital footprint, find insights and trends that are shaping the future of online security here.
Gmail business users can now send encrypted emails to anyone
Google says that Gmail enterprise users can now send end-to-end encrypted emails to people who use any email service or platform. To send an end-to-end encrypted email, Gmail users have to turn on the “Additional encription” option when writing the message, which ensures that the email will be automatically decrypted when the recipient is a Google […]
Microsoft Outlook stops displaying inline SVG images used in attacks
Microsoft says Outlook for Web and the new Outlook for Windows will no longer display risky inline SVG images that are being used in attacks. This change began rolling out worldwide in early September 2025 and is expected to be completed for all customers by mid-October 2025. Redmond added that this change will affect less […]
DrayTek warns of remote code execution bug in Vigor routers
Networking hardware maker DrayTek released an advisory to warn about a security vulnerability in several Vigor router models that could allow remote, unauthenticated actors to execute perform arbitrary code. The flaw, tracked identified as CVE-2025-10547, was reported to the vendor on July 22 by ChapsVision security researcher Pierre-Yves Maes. “The vulnerability can be triggered when unauthenticated remote attackers send […]
HackerOne paid $81 million in bug bounties over the past year
Bug bounty platform HackerOne has paid $81 million in rewards to white-hat hackers worldwide over the past 12 months. HackerOne manages over 1,950 bug bounty programs and provides vulnerability disclosure, penetration testing, and code security services to many organizations. Its list of customers includes high-profile companies such as Anthropic, Crypto.com, General Motors, GitHub, Goldman Sachs, […]
Android spyware campaigns impersonate Signal and ToTok messengers
Two new spyware campaigns that researchers call ProSpy and ToSpy lured Android users with fake upgrades or plugins for the Signal and ToTok messaging apps to steal sensitive data. To give the malicious files a sense of legitimacy, the threat actor distributed them through websites that impersonated the two communication platforms. Signal is a popular […]
Red Hat confirms security incident after hackers claim GitHub breach
An extortion group calling itself the Crimson Collective claims to have breached Red Hat’s private GitHub repositories, stealing nearly 570GB of compressed data across 28,000 internal projects. This data allegedly includes approximately 800 Customer Engagement Reports (CERs), which can contain sensitive information about a customer’s network and platforms. A CER is a consulting document prepared for […]
Clop extortion emails claim theft of Oracle E-Business Suite data
Mandiant and Google are tracking a new extortion campaign where executives at multiple companies received emails claiming that sensitive data was stolen from their Oracle E-Business Suite systems According to Genevieve Stark, Head of Cybercrime and Information Operations Intelligence Analysis at GTIG, the campaign began in late September. “This activity began on or before September […]
Data breach at dealership software provider impacts 766k clients
A ransomware attack at Motility Software Solutions, a provider of dealer management software (DMS), has exposed the sensitive data of 766,000 customers. Motility (formerly known as Systems 2000/Sys2K) is a provider of DMS software used by 7,000 dealerships (automotive, powersports, marine, heavy-duty, and RV retail) across the United States. Its products cover customer relationship management (CRM), […]
Adobe Analytics bug leaked customer tracking data to other tenants
Adobe is warning its Analytics customers that an ingestion bug caused data from some organizations to appear in the analytics instances of others for approximately one day. Adobe disclosed the issue on its status page, stating that it began on September 17, 2025, at 12:20 UTC, when a performance optimization change introduced a bug in Analytics […]
F-Droid project threatened by Google’s new dev registration rules
F-Droid is warning that the project could reach an end due to Google’s new requirements for all Android developers to verify their identity. The third-party app store argues that Google falsely frames this new requirement as a security measure against malware and the purpose is to tighten the grip on “a formerly open ecosystem.” F-Droid […]