General cybersecurity industry news, market trends, and analysis
All the flaws could have also been found by an elite human researcher, according to Mozilla.
Lotus Wiper hit Venezuela’s energy sector in late 2025, exploiting pre-Windows 10 1803 systems, wiping drives and crippling operations.
The campaigns focus on financial organizations, including cryptocurrency, venture capital, and blockchain entities.
Toxic combinations form when AI agents, integrations, or OAuth grants bridge SaaS apps into trust relationships no single admin authorized.
Researchers discovered a remote code execution vulnerability and cybercriminals are using its reputation to deliver malware.
CVE-2026-40372 scores 9.1 due to cryptographic flaw in ASP.NET Core 10.0.0–10.0.6, risking SYSTEM access.
The company released 481 new security patches across 28 product families, including over 300 fixes for remotely exploitable, unauthenticated flaws.
Updated LOTUSLITE targets India banking sector via CHM and DLL side-loading, expanding espionage campaign to South Korea and U.S. policy circles.
CVE-2026-5752 CVSS 9.3 flaw in Terrarium enables root code execution via Pyodide prototype traversal, risking container escape.
A cautionary tale illustrates why the person negotiating should never be involved with any part of the ransom payment process, experts noted.
Three proof-of-concept exploits are being used in active attacks against Microsoft's built-in security platform; two are unpatched.
SystemBC C2 exposed 1,570+ victims tied to The Gentlemen since July 2025, revealing expanding ransomware scale.
