A widespread and industrial-scale scam campaign targeting Black Friday shoppers is exploiting malvertising and fake brand giveaways to harvest personal information and payment card data.

A new malware campaign leveraging malicious Blender model files is delivering the latest variant of the StealC V2 infostealer. The attack targets users of CGTrader by embedding malicious Python scripts into `.blend` files.

Multiple threat actors are deploying commercial spyware to compromise users of popular mobile messaging applications including Signal and WhatsApp. Actors exploit malicious vectors, such as phishing and zero-click exploits, for initial access.

A newly evolved variant of the ClickFix social engineering attack is leveraging fake fullscreen Windows Update interfaces to trick users into executing embedded malicious code.

A threat actor known as Dark Storm, a pro-Russian hacktivist collective, has escalated its cyber disruption campaigns across Europe and Russia, increasingly targeting government institutions and critical infrastructure.

A highly sophisticated email espionage campaign led by the persistent threat actor ToddyCat has been detected making use of enhanced and stealthy malware methodologies to exfiltrate corporate email data.

A critical vulnerability has been identified in multiple models of Festo's MSE6-C2M, D2M, and E2M devices. Exploitation of this remotely accessible flaw may allow a low-privileged authenticated attacker to trigger undocumented test modes.

A data breach has affected Italy’s national railway operator, Ferrovie dello Stato Italiane, following a successful cyberattack on its digital services provider, Almaviva. Threat actors claim to have exfiltrated 2.3 TB of highly sensitive info.

A newly discovered and actively exploited vulnerability in Oracle Fusion Middleware—tracked as CVE-2025-61757—has been added to the Known Exploited Vulnerabilities (KEV) Catalog maintained to promote early detection and remediation.

A sophisticated Android malware has been identified utilizing advanced evasion and detection resistance strategies. The malware employs strong packing and obfuscation to hinder traditional antivirus (AV) systems.