A vulnerability in Google Gemini AI allows attackers to exploit calendar invites to extract private data. This attack uses Indirect Prompt Injection, embedding commands in meeting invites that instruct Gemini to leak information.

Ingram Micro experienced a significant ransomware attack in July 2025, compromising the personal data of over 42,000 employees. The attack, claimed by the ransomware group SafePay, resulted in substantial operational disruptions and data exposure.

The Evelyn Stealer campaign targets software developers by exploiting the Visual Studio Code (VSC) extension ecosystem. This sophisticated attack chain involves a multistage delivery method designed to exfiltrate sensitive information.

Anti-regime activists hijacked Iran’s Badr satellite and briefly took control of state TV channels to broadcast messages from Crown Prince Reza Pahlavi, calling for protests against the Islamic Republic.

An XSS vulnerability in the StealC malware's control panel has been exploited by researchers to gather intelligence on the malware operators. This flaw allowed researchers to hijack sessions and collect data on the attackers' hardware and location.

The intersection of cybersecurity and geopolitics is becoming increasingly pronounced, with state-sponsored cyber operations being used as tools of political influence and conflict.

The European Telecommunications Standards Institute (ETSI) has introduced a new standard, ETSI EN 304 223, to address cybersecurity requirements for AI models and systems. This standard is crucial for security teams working with AI.

The Milan Cortina 2026 Winter Olympic Games present a significant cybersecurity challenge. This includes temporary networks, pop-up systems, and numerous partnerships, all of which create a target-rich environment for cyber threat actors.

The Canadian Investment Regulatory Organization (CIRO) has confirmed a data breach affecting approximately 750,000 investors due to a sophisticated phishing attack. CIRO confirmed that login credentials were not at risk during the breach.

A China-linked advanced persistent threat (APT) group, identified as UAT-8837, has been exploiting a critical zero-day vulnerability in Sitecore (CVE-2025-53690, CVSS score: 9.0) to target critical infrastructure sectors in North America.