Apple has released urgent security updates across iOS, iPadOS, macOS, tvOS, watchOS, visionOS, and Safari to fix two WebKit zero-day vulnerabilities actively exploited in the wild. If you use any …

GenAI now lives in the browser—from web LLMs and copilots to AI-powered extensions and agentic browsers. Employees paste emails, code, and docs into prompts or upload files, creating a blind spot …

A critical React2Shell flaw is fueling large-scale, real-world attacks, pushing U.S. federal agencies and enterprises worldwide into rapid mitigation mode. Why it matters: CISA has added …

React has shipped fixes for new React Server Components vulnerabilities that can trigger denial-of-service or expose server function source code. The issues surfaced as researchers probed workarounds …

CISA has added a high-severity OSGeo GeoServer flaw to its Known Exploited Vulnerabilities (KEV) catalog after evidence of in-the-wild abuse, urging immediate patching by affected organizations. Key …

Modern buildings often hide outdated building management systems (BMS) that were never meant to face the open internet. At Black Hat Europe 2025, Gjoko Krstic of Zero Science Lab presented A City of …

Overview WIRTE, tracked by Unit 42 as Ashen Lepus, has run a persistent espionage campaign against government and diplomatic entities across the Middle East since at least 2018. Since 2020, the group …

A high-severity, unpatched zero-day in Gogs is being actively exploited, with more than 700 internet-facing instances showing signs of compromise, according to Wiz. Tracked as CVE-2025-8110 (CVSS …

This week’s Threatsday roundup distills 26 fast-moving cyber stories into what matters for defenders and decision-makers. Maritime IoT targeted: Broadside, a Mirai variant, exploits TBK DVR …

As Non-Human Identities (NHIs) multiply across enterprises, Robotic Process Automation (RPA) is speeding up work—and expanding the IAM attack surface. To capture the efficiency gains without inviting …