The browser extension Urban VPN Proxy has been reportedly collecting users’ AI chat conversations

A flaw in JumpCloud Remote Assist for Windows has exposed managed endpoints to local privilege escalation and denial-of-service attacks

Amazon researchers believe this campaign is part of a bigger operation spearheaded by Russia’s military intelligence service, the GRU

US financial services firm Credit700 has revealed a major data breach impacting 5.8 million people

Check Point has detected thousands of phishing emails in the past fortnight, offering fake promotions and special deals

A Minnesota man has pleaded guilty to a credential stuffing scheme that compromised over 60,000 accounts

A new phishing campaign has been identified, delivering the Phantom information-stealing malware via an ISO attachment

Asahi Group’s CEO said he is considering creating a dedicated cyber unit following the ransomware attack that crippled the company

MITRE has released its Top 25 CWE list for 2025, compiled from software and hardware flaws behind almost 40,000 CVEs

The UK’s National Cyber Security Centre has called on businesses to apply Cyber Essentials to suppliers

The National Cyber Security Centre has released new learnings from a cyber deception pilot

The UK’s data protection regulator has fined password manager provider LastPass £1.2m after 2022 data breach

The Coupang South Korean unit's response will be spearheaded by an executive based in the US

OpenAI has reported a surge in performance as GPT-5.1-Codex-Max reaching 76% in capability assessments, and warned of upcoming cyber-risks

A new campaign involving 19 malicious Visual Studio Code extensions used a legitimate npm package to embed malware in dependency folders

Experts say a new Firm Checker tool from the FCA won’t move the dial on fraud but is a step in the right direction

Google has released a Chrome security update to fix three zero-day vulnerabilities, including a high-severity flaw with an active exploit

New ITRC research finds 81% of US small businesses suffered a data or security breach in the past year

A new malware campaign has been identified using a Python-based delivery system to deploy CastleLoader malware

Pro-Russia hacktivist groups have been observed exploiting exposed virtual network computing connections to breach OT systems

The flaw, dubbed ‘GeminiJack,’ exploits the trust boundary between user-controlled content in data sources and the AI model’s instruction processing

Sonatype has claimed that 13% of Log4j versions downloaded this year were vulnerable to the legacy critical Log4Shell bug

December’s Patch Tuesday sees the release of patches for over 50 CVEs including three zero-days

Sysdig has found sophisticated malicious campaigns exploiting React2Shell that delivered EtherRAT and suggested North Korean hackers’ involvement

Two malicious Visual Studio Code extensions, Bitcoin Black and Codo AI, have been observed harvesting sensitive user data

Cisco Talos has detected new tactics from a financially motivated actor using DeadLock ransomware

The UK’s National Cyber Security Centre has warned of the dangers of comparing prompt injection to SQL injection

Gartner has called for organizations to block today’s AI browsers on security concerns

A new version of ClayRat Android spyware features enhanced surveillance and device-control features

A data breach at Marquis Software Solutions due to a firewall flaw has affected over 780,000 people across the US

React2Shell (CVE-2025-55182) is under active exploitation by Earth Lamia and Jackpot Panda, risking over two million instances worldwide

Security researchers will now be protected from prosecution in Portugal as long as they meet certain conditions

A Home Office report has revealed racial bias in facial recognition technology used by police

Barts Health NHS Trust has revealed itself to be the latest victim of Cl0p’s Oracle EBS campaign

A critical RCE flaw in React.js, dubbed React2Shell (CVE-2025-55182), has been disclosed with a maximum CVSS score of 10.0, posing severe risks for server-side implementations

CrowdStrike warned that Warp Panda, a China-linked cyber-espionage group, is targeting US organizations to steal sensitive data and support Beijing’s strategic interests

The French museum is planning to revamp its safety and security systems following a high-profile burglary in October

Data leaks have shed a new light on Intellexa’s flagship spyware infrastructure and attack vectors

Cybersecurity agencies have issued guidance for securely integrating AI into OT systems

UK’s NCSC and Canada’s CCCS release a joint report on content provenance, urging organizations to strengthen digital trust and combat AI-driven misinformation

The GhostFrame phishing framework, using stealthy iframes, was linked to over 1 million attacks

ISC2 report reveals 59% of global organizations have critical or significant skills shortages

The Information Commissioner’s Office has chosen only to reprimand the Post Office after a 2024 breach

A fresh wave of spear-phishing linked to the Russia-based Star Blizzard group has been detected by Sekoia

A new cyber defense service has prevented almost one billion early-stage cyber-attacks in the past year, British Security Minister claims

A critical vulnerability in Yearn Finance's yETH pool allowed an attacker to steal around $9m

The UK government’s proposed ransomware payment ban for public sector and critical infrastructure will come with national security exemptions

A new WEF report reveals that AI-powered threats like disinformation are among executives’ biggest concerns

The Pall Mall Process begins outreach to define guidelines for private commercial intrusion industry

3 critical zero-day flaws in PickleScan, affecting Python and PyTorch, allowed undetected attacks