The annual hacking contest Pwn2Own Ireland 2025 has come to an end, and ethical hackers took home a total of $1,024,750 in rewards. They discovered 73 new zero-day vulnerabilities during the three-day event. These zero-days are previously unknown flaws that could have been exploited by cybercriminals if left unfixed. The competition was organized to help … Continued
A new cyber-fraud campaign called Jingle Thief is targeting retailers and companies that issue gift cards. Hackers break into cloud accounts and use legitimate company tools to issue unauthorized gift cards. This method makes the fraud hard to spot and allows theft at large scale. The reported losses run into the millions. The attack starts … Continued
A North Korea–linked hacking group, Lazarus, has launched a new cyber-espionage campaign targeting European drone and defense manufacturers. Security researchers found that the attackers focused on stealing sensitive data, design documents, and technology related to unmanned aerial vehicles (UAVs). The motive appears to be supporting North Korea’s growing interest in military drone development. Cybersecurity firm … Continued
The Cybersecurity and Infrastructure Security Agency (CISA) has confirmed that hackers are actively exploiting a serious vulnerability in Oracle’s E-Business Suite. The flaw, identified as CVE-2025-61884, is a Server-Side Request Forgery (SSRF) bug found in the Oracle Configurator component. It allows attackers to send unauthorized requests to internal systems. CISA has now added this flaw … Continued
TP-Link has released important security updates for its Omada Gateway series after discovering four major vulnerabilities that could put network devices at risk. Out of these four flaws, two are especially dangerous because they allow attackers to run their own code on the device and potentially take complete control of it. The company has urged … Continued
Microsoft has rolled out an emergency update for Windows 11, identified as KB5070773, on October 20, 2025. This urgent release came just a few days after the October Patch Tuesday updates, which accidentally caused a serious issue in the Windows Recovery Environment (WinRE). The bug made it difficult for many users to use their recovery … Continued
A Russia-linked hacking group named ColdRiver has unleashed a new wave of cyberattacks using freshly developed malware designed to steal sensitive data from high-value targets. The campaign was recently exposed by Google’s Threat Intelligence Group (GTIG), which has been tracking the group’s evolving tactics over the years. ColdRiver, also known as “Callisto” or “Star Blizzard,” … Continued
Cybercriminals have found a new way to exploit weak email authentication in Zendesk, using it to launch large-scale “email-bomb” attacks. These attacks flood victims’ inboxes with hundreds or even thousands of messages, many of which appear to come from trusted companies. By abusing Zendesk’s customer support system, attackers make the emails look legitimate and difficult … Continued
Microsoft has taken a major action to disrupt a ransomware operation. On October 17, 2025, the company announced that it had revoked over 200 fake code-signing certificates. These certificates were being used by a cybercriminal group known as Vanilla Tempest, also linked to Vice Society, to make their malware appear legitimate and trusted. The revoked … Continued
China’s Flax Typhoon group has carried out a stealthy cyberattack by turning a trusted geo-mapping server into a secret backdoor. Security researchers discovered that the attackers exploited ArcGIS Server software to stay hidden inside networks for over a year. What makes this attack alarming is that it didn’t use typical malware but instead relied on … Continued
