The second half of 2025 underscored how quickly adversaries adapt, with AI-driven malware moving from concept to reality and ransomware activity breaking records. AI goes operational ESET uncovered …

An ongoing AWS-wide cryptomining campaign is abusing stolen IAM credentials to spin up miners within minutes, Amazon reports. First spotted by GuardDuty and automated monitoring on November 2, 2025, …

Amazon’s threat intelligence unit has uncovered a years-long Russian GRU (APT44) campaign targeting Western critical infrastructure, with a sustained focus on energy providers and cloud-hosted …

This week’s security roundup is a patch-now moment. Actively exploited flaws are hitting software most of us use daily—phones, browsers, archives, and popular frameworks. Threat of the week Apple and …

A new ransomware-as-a-service called VolkLocker, run by the pro-Russian hacktivist group CyberVolk (aka GLORIAMIST), contains a critical design flaw that can allow file recovery without paying. …

A new phishing wave in Russia is pushing Phantom Stealer via malicious ISO images, with finance and accounting teams most at risk. Seqrite Labs tracks the operation as "Operation MoneyMount-ISO," …

FreePBX fixed multiple high-severity flaws that can chain into remote code execution (RCE) under certain configurations. Discovered by Horizon3.ai and reported on September 15, 2025, the bugs span …

Koi Security reports that Urban VPN Proxy—a Chrome Web Store "Featured" extension with 6 million users (and 1.3 million installs on Microsoft Edge)—silently intercepted and uploaded AI chatbot …

Threat actors are seeding GitHub with fake OSINT, GPT wrappers, DeFi bots, and security utilities to deliver PyStoreRAT, a previously undocumented modular JavaScript RAT. The loaders are tiny Python …

CISA has added CVE-2018-4063 to its Known Exploited Vulnerabilities (KEV) catalog after confirming active exploitation targeting Sierra Wireless AirLink ALEOS routers. The high-severity flaw (CVSS …