18 Jul, 2026

Gmail business users can now send encrypted emails to anyone

Google says that Gmail enterprise users can now send end-to-end encrypted emails to people who use any email service or platform. To send an end-to-end encrypted email, Gmail users have to turn on the “Additional encription” option when writing the message, which ensures that the email will be automatically decrypted when the recipient is a Google […]

2 mins read

Microsoft Outlook stops displaying inline SVG images used in attacks

Microsoft says Outlook for Web and the new Outlook for Windows will no longer display risky inline SVG images that are being used in attacks. This change began rolling out worldwide in early September 2025 and is expected to be completed for all customers by mid-October 2025. Redmond added that this change will affect less […]

2 mins read

DrayTek warns of remote code execution bug in Vigor routers

Networking hardware maker DrayTek released an advisory to warn about a security vulnerability in several Vigor router models that could allow remote, unauthenticated actors to execute perform arbitrary code. The flaw, tracked identified as CVE-2025-10547, was reported to the vendor on July 22 by ChapsVision security researcher Pierre-Yves Maes. “The vulnerability can be triggered when unauthenticated remote attackers send […]

2 mins read

HackerOne paid $81 million in bug bounties over the past year

Bug bounty platform HackerOne has paid $81 million in rewards to white-hat hackers worldwide over the past 12 months. HackerOne manages over 1,950 bug bounty programs and provides vulnerability disclosure, penetration testing, and code security services to many organizations. Its list of customers includes high-profile companies such as Anthropic, Crypto.com, General Motors, GitHub, Goldman Sachs, […]

2 mins read

Android spyware campaigns impersonate Signal and ToTok messengers

Two new spyware campaigns that researchers call ProSpy and ToSpy lured Android users with fake upgrades or plugins for the Signal and ToTok messaging apps to steal sensitive data. To give the malicious files a sense of legitimacy, the threat actor distributed them through websites that impersonated the two communication platforms. Signal is a popular […]

4 mins read

Red Hat confirms security incident after hackers claim GitHub breach

An extortion group calling itself the Crimson Collective claims to have breached Red Hat’s private GitHub repositories, stealing nearly 570GB of compressed data across 28,000 internal projects. This data allegedly includes approximately 800 Customer Engagement Reports (CERs), which can contain sensitive information about a customer’s network and platforms. A CER is a consulting document prepared for […]

2 mins read

Clop extortion emails claim theft of Oracle E-Business Suite data

Mandiant and Google are tracking a new extortion campaign where executives at multiple companies received emails claiming that sensitive data was stolen from their Oracle E-Business Suite systems According to Genevieve Stark, Head of Cybercrime and Information Operations Intelligence Analysis at GTIG, the campaign began in late September. “This activity began on or before September […]

3 mins read

Data breach at dealership software provider impacts 766k clients

A ransomware attack at Motility Software Solutions, a provider of dealer management software (DMS), has exposed the sensitive data of 766,000 customers. Motility (formerly known as Systems 2000/Sys2K) is a provider of DMS software used by 7,000 dealerships (automotive, powersports, marine, heavy-duty, and RV retail) across the United States. Its products cover customer relationship management (CRM), […]

2 mins read

Adobe Analytics bug leaked customer tracking data to other tenants

Adobe is warning its Analytics customers that an ingestion bug caused data from some organizations to appear in the analytics instances of others for approximately one day. Adobe disclosed the issue on its status page, stating that it began on September 17, 2025, at 12:20 UTC, when a performance optimization change introduced a bug in Analytics […]

3 mins read

F-Droid project threatened by Google’s new dev registration rules

F-Droid is warning that the project could reach an end due to Google’s new requirements for all Android developers to verify their identity. The third-party app store argues that Google falsely frames this new requirement as a security measure against malware and the purpose is to tighten the grip on “a formerly open ecosystem.” F-Droid […]

3 mins read