The threat actor known as Jewelbug has been increasingly focusing on government targets in Europe since July 2025, even as it continues to attack entities located in Southeast Asia and South America. Check Point Research is tracking the cluster under the name Ink Dragon. It's also referenced by the broader cybersecurity community under the names CL-STA-0049, Earth Alux, and REF7707. The China-aligned hacking group is assessed to be active since at least March 2023.
As you were browsing something about your browser made us think you were a bot. There are a few reasons this might happen: You've disabled JavaScript in your web browser. You're a power user moving through this website with super-human speed. You've disabled cookies in your web browser. A third-party browser plugin, such as Ghostery or NoScript, is preventing JavaScript from running.
Illusory Systems, which trades as Nomad, allegedly misled users about the security of its cryptocurrency bridge, which was compromised in 2022 in an attack that led to $186 million worth of funds being stolen. The FTC alleged that Nomad pushed an update in June 2022 containing "inadequately tested code" that, in turn, introduced a "significant vulnerability" that was exploited around a month later.
Most of us have some internet of things (IoT) devices at home, whether it's a phone, a tablet, or a collection of security cameras and sensors. When you learn that 120,000 home security cameras were hacked in South Korea for sexploitation footage, it makes you think twice about adding such devices to your home, which is your most sacred space for privacy.
But for the better part of 2025, cofounder and CEO Matthew Prince has been trying to change that. The company's core business is to improve the performance and enhance the security of websites and online applications, protecting against malicious actors and routing web traffic through its data centers to optimize performance. "Six billion people pass through our network every single month," Prince says. If Cloudflare is doing its job well, no one notices.
Cybersecurity company Arctic Wolf said it observed active intrusions involving malicious single sign-on (SSO) logins on FortiGate appliances on December 12, 2025. The attacks exploit two critical authentication bypasses (CVE-2025-59718 and CVE-2025-59719, CVSS scores: 9.8). Patches for the flaws were released by Fortinet last week for FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager. "These vulnerabilities allow unauthenticated bypass of SSO login authentication via crafted SAML messages, if the FortiCloud SSO feature is enabled on affected devices," Arctic Wolf Labs said in a new bulletin.
"SoundCloud recently detected unauthorized activity in an ancillary service dashboard," opens a Monday post from the company. "Upon making this discovery, we immediately activated our incident response protocols and promptly contained the activity. We also engaged leading third-party cybersecurity experts to assist in a thorough investigation and response." Not long after SoundCloud and its hired help contained the incident, the site became the subject of multiple denial of service attacks.
The Old Internet is built on Internet Protocol version 4. This was first used on ARPANET in 1983. It's the IP version that launched the modern Internet. It's what we - or at least the general public - think of as an IP address. Under the covers it's a 32 bit long identifier, but it's always displayed as four decimal numbers separated by periods, e.g. "208.87.129.176".
The online casino industry has always been driven by innovation, but no technological shift has been as transformative as the rise of blockchain and cryptocurrency. What started as an experimental payment method has now evolved into a powerful engine reshaping how players interact with gambling platforms. Even established brands like Win Olympia are adopting blockchain-driven features to stay ahead of the curve. From faster payments to unparalleled transparency, blockchain is not just enhancing the online casino experience-it is redefining it entirely.
CVE-2025-61675 (CVSS score: 8.6) - Numerous authenticated SQL injection vulnerabilities impacting four unique endpoints (basestation, model, firmware, and custom extension) and 11 affected parameters that enable read and write access to the underlying SQL database CVE-2025-61678 (CVSS score: 8.6) - An authenticated arbitrary file upload vulnerability that allows an attacker to exploit the firmware upload endpoint to upload a PHP web shell after obtaining a valid PHPSESSID and run arbitrary commands to leak the contents of sensitive files (e.g., "/etc/passwd")
Hundreds of millions of computers worldwide are still running Windows 10, months after the one-time king of PC operating systems officially passed its end-of-support deadline. If you're responsible for one of those machines and you aren't ready to upgrade to Windows 11, you can sign up today for an Extended Security Updates (ESU) subscription -- consumers can get those updates free through October 2026, as I explain here: How to get free Windows 10 security patches on your PC - from now to October 2026.
A threat group dubbed ShadyPanda spent seven years playing the long game, publishing or acquiring harmless extensions, letting them run clean for years to build trust and gain millions of installs, then suddenly flipping them into malware via silent updates. In total, about 4.3 million users installed these once-legitimate add-ons, which suddenly went rogue with spyware and backdoor capabilities. This tactic was essentially a browser extension supply-chain attack. The ShadyPanda operators even earned featured and verified badges in the official Chrome Web Store and Microsoft Edge Add-ons site for some extensions, reinforcing user confidence. Because extension updates happen automatically in the background, the attackers were able to push out malicious code without users noticing a thing.
Jaguar Land Rover (JLR) has reportedly told staff the cyber-raid that crippled its operations in August didn't just bring production to a screeching halt - it also walked off with the personal payroll data of thousands of employees. The breach, which was pegged as one of the most costly in UK history, includes bank account details, tax codes, and other sensitive data related to staff salaries, benefits, and former employees. In an email to both current employees and former employees, seen by The Telegraph, JLR wrote: "While investigating, we have unfortunately identified that there has been unauthorised access to some personal data we process in the context of employment and some information needed to administer payroll, benefits and staff schemes to employees and dependents. This includes data of ex-JLR team members that has been stored."
Details of the six-year-old flaw were publicly shared by Cisco Talos in April 2019, describing it as an exploitable remote code execution vulnerability in the ACEManager "upload.cgi" function of Sierra Wireless AirLink ES450 firmware version 4.9.3. Talos reported the flaw to the Canadian company in December 2018. "This vulnerability exists in the file upload capability of templates within the AirLink 450," the company said. "When uploading template files, you can specify the name of the file that you are uploading."
Two people allegedly linked to China's infamous Salt Typhoon espionage hacking group seem to have previously received training through Cisco's prominent, long-running networking academy. Meanwhile, warnings are increasingly emerging from United States lawmakers in Congress that safeguards on expanded US wiretap powers have been failing, allowing US intelligence agencies to access more of Americans' data without adequate constraints. If you've been having trouble keeping track of all of the news and data coming out about infamous sex offender Jeffrey Epstein,
A security vulnerability in the Notepad++ update mechanism has been exploited to spread malicious code. What began as a report within the Notepad++ community at the end of October was later confirmed to be a structural weakness in the updater. Analysis by BleepingComputer shows that attackers were able to execute malware via this mechanism. Notepad++ has since released a fix in version 8.8.9.
A Microsoft zero-day vulnerability that allows an unprivileged user to crash the Windows Remote Access Connection Manager (RasMan) service now has a free, unofficial patch - with no word as to when Redmond plans to release an official one - along with a working exploit circulating online. Researchers from 0patch, the micropatching site, uncovered the denial-of-service (DoS) bug while investigating CVE-2025-59230, a Windows RasMan privilege escalation vulnerability that Redmond fixed in October, but not before attackers found and exploited the vulnerability.
Cybersecurity researchers are calling attention to a new campaign that's leveraging GitHub-hosted Python repositories to distribute a previously undocumented JavaScript-based Remote Access Trojan (RAT) dubbed PyStoreRAT. "These repositories, often themed as development utilities or OSINT tools, contain only a few lines of code responsible for silently downloading a remote HTA file and executing it via 'mshta.exe,'" Morphisec researcher Yonatan Edri said in a report shared with The Hacker News.
This year, MITRE made headlines primarily because its leading vulnerability database was in danger of being discontinued. For years, another issue has been plaguing the American non-profit. The voluntary ATT&CK evaluations in which security players participate are no longer popular. Below, we explain why and what MITRE plans to do to turn the tide. This year's list of participants is particularly disappointing, not in terms of caliber, but in the length of its participant list.
LastPass failed customers and fell short on expectations that the company would employ robust measures to protect personal data. Password managers are a safe and effective tool for businesses and the public to manage their numerous login details and we continue to encourage their use, he said. However, as is clear from this incident, businesses offering these services should ensure that system access and use is restricted to ensure risks of attack are significantly reduced,
When he tested the token, Zimmermann said that it granted access to hundreds of private Home Depot source code repositories hosted on GitHub and allowed the ability to modify their contents. The researcher said the keys allowed access to Home Depot's cloud infrastructure, including its order fulfillment and inventory management systems, and code development pipelines, among other systems. Home Depot has hosted much of its developer and engineering infrastructure on GitHub since 2015, according to a customer profile on GitHub's website.
No one knows exactly when quantum computing will arrive, but accelerating progress is prompting security and IT leaders to recognise the potential risks. With near-weekly breakthroughs in large-scale quantum computing, and with regulators and large cyber security players treating the issue as urgent, quantum-driven threats are now starting to appear on boardroom agendas. So how do organisations begin implementing post-quantum cryptography (PQC)? In this article, I'll outline a roadmap to post-quantum readiness and highlight the most common pitfalls senior decision makers encounter along the way.
It has been a turbulent and transformative period defined by sweeping shifts in both job seeker behavior and employer expectations. Across the U.S., a wave of public sector professionals entered the private job market following major government agency restructurings, layoffs, and early retirement programs. Many of these candidates with specialized skill sets found themselves needing to quickly translate their government experience into private-sector language, just as the hiring landscape itself was rapidly evolving.
