Application security provider OX has called on the US Cybersecurity and Infrastructure Security Agency to improve its Known Exploited Vulnerabilities catalog by adding more contextual data to better assess the risks associated with listed vulnerabilities, particularly in cloud environments.
View full story…

Australia will require organizations with annual turnovers exceeding AUS $3 million to report ransomware payments within 72 hours starting May 30, 2025, aiming to enhance cybersecurity transparency and accountability.
View full story…

The US banking sector is lobbying for the repeal of a cybersecurity rule requiring public companies to disclose significant incidents within four days, arguing it complicates compliance and may jeopardize security efforts.
View full story…

In May 2025, Coinbase Global experienced a significant cybersecurity breach that compromised the data of over 69,000 customers, leading to an estimated loss of up to $400 million and prompting investigations and legal actions against involved parties.
View full story…

Victoria’s Secret is grappling with a significant cybersecurity incident that has rendered its e-commerce website inoperable, impacting online orders and internal systems, while investigations into a potential ransomware threat are underway.
View full story…

A critical security flaw in Apple’s Safari web browser has led to the emergence of a sophisticated phishing technique known as the Fullscreen Browser-in-the-Middle (BitM) attack, which exploits the browser’s Fullscreen API to deceive users and steal credentials.
View full story…

The rise of Ransomware-as-a-Service (RaaS) and the use of cryptocurrencies have transformed ransomware into a sophisticated criminal enterprise, significantly impacting Security Operations Centers (SOCs) and leading to high-profile attacks that cause substantial financial and reputational damage.
View full story…

Over 90% of the world’s top email domains are susceptible to spoofing, enabling cybercriminals to execute sophisticated phishing attacks, with only 7.7% adopting strict DMARC policies to combat these threats.
View full story…

A recent cyber-attack on ConnectWise, attributed to nation-state actors from China and Russia, exploited the CVE-2024-1709 vulnerability, leading to unauthorized access to its ScreenConnect cloud infrastructure.
View full story…

Fortinet’s investigation reveals a sophisticated Remote Access Trojan that operated undetected for weeks, utilizing advanced evasion techniques and secure connections to a command-and-control server.
View full story…

Two prominent UK healthcare organizations were attacked due to a vulnerability in Ivanti Endpoint Manager Mobile, raising concerns about the potential exposure of sensitive information.
View full story…

A spoofed website mimicking Bitdefender’s legitimate page is distributing malware, including VenomRAT, StormKitty, and SilentTrinity, posing significant threats to users’ sensitive information.
View full story…

The Czech Republic has formally accused China of orchestrating a cyber-espionage campaign targeting its Ministry of Foreign Affairs, attributed to the APT31 group, raising significant concerns over state-sponsored cyber activities and international relations.
View full story…