A high-severity vulnerability was discovered in Mozilla Firefox's WebAssembly garbage-collection implementation. This flaw exposed over 180 million users worldwide to risk of memory corruption and potential RCE.

A ransomware group identified as Devman has claimed responsibility for a cyberattack targeting the Georgia Superior Court Clerks’ Cooperative Authority (GSCCCA), disrupting core administrative functions across Georgia’s judiciary.

This weekly vulnerability summary highlights several high-severity issues identified across major vendor platforms such as ABB, AMD, Broadcom, Grafana, and HPE. Many of these allow for authentication bypass, RCE, privilege escalation, and DoS.

Harvard University has disclosed a data breach targeting its Alumni Affairs and Development systems, caused by a vishing attack. It led to the unauthorized access of sensitive contact and biographical information of university affiliates.

A widespread and industrial-scale scam campaign targeting Black Friday shoppers is exploiting malvertising and fake brand giveaways to harvest personal information and payment card data.

A new malware campaign leveraging malicious Blender model files is delivering the latest variant of the StealC V2 infostealer. The attack targets users of CGTrader by embedding malicious Python scripts into `.blend` files.

Multiple threat actors are deploying commercial spyware to compromise users of popular mobile messaging applications including Signal and WhatsApp. Actors exploit malicious vectors, such as phishing and zero-click exploits, for initial access.

A newly evolved variant of the ClickFix social engineering attack is leveraging fake fullscreen Windows Update interfaces to trick users into executing embedded malicious code.

A threat actor known as Dark Storm, a pro-Russian hacktivist collective, has escalated its cyber disruption campaigns across Europe and Russia, increasingly targeting government institutions and critical infrastructure.

A highly sophisticated email espionage campaign led by the persistent threat actor ToddyCat has been detected making use of enhanced and stealthy malware methodologies to exfiltrate corporate email data.