Authorities in London—including the Royal Borough of Kensington and Chelsea (RBKC) and Westminster City Council (WCC)—are responding to a serious cybersecurity incident first identified on Monday morning.

A widespread cyberattack targeting Crisis24's legacy CodeRED platform has significantly disrupted emergency communication systems used by local governments, police, and fire agencies across the United States.

Cybercriminals have ramped up account takeover (ATO) frauds, causing over $262 million in losses since January. The frequency and sophistication of these attacks are rapidly intensifying with the onset of the holiday shopping season.

Emerging malicious LLMs such as WormGPT 4 and KawaiiGPT are being sold and distributed through underground platforms like Telegram and Darknet forums. These AI-based tools are capable of generating highly functional malware scripts.

A high-severity vulnerability was discovered in Mozilla Firefox's WebAssembly garbage-collection implementation. This flaw exposed over 180 million users worldwide to risk of memory corruption and potential RCE.

A ransomware group identified as Devman has claimed responsibility for a cyberattack targeting the Georgia Superior Court Clerks’ Cooperative Authority (GSCCCA), disrupting core administrative functions across Georgia’s judiciary.

This weekly vulnerability summary highlights several high-severity issues identified across major vendor platforms such as ABB, AMD, Broadcom, Grafana, and HPE. Many of these allow for authentication bypass, RCE, privilege escalation, and DoS.

Harvard University has disclosed a data breach targeting its Alumni Affairs and Development systems, caused by a vishing attack. It led to the unauthorized access of sensitive contact and biographical information of university affiliates.

A widespread and industrial-scale scam campaign targeting Black Friday shoppers is exploiting malvertising and fake brand giveaways to harvest personal information and payment card data.

A new malware campaign leveraging malicious Blender model files is delivering the latest variant of the StealC V2 infostealer. The attack targets users of CGTrader by embedding malicious Python scripts into `.blend` files.