A critical flaw in O2 UK's implementation of VoLTE and WiFi Calling services exposed sensitive user metadata, including location, IMSI, and IMEI, through overly verbose SIP headers.

A new tool named Defendnot demonstrates a critical method to disable Microsoft Defender on Windows systems by exploiting an undocumented Windows Security Center (WSC) API.

The FBI has issued a public service announcement warning of a surge in AI-generated voice deepfake attacks targeting U.S. government officials since April 2025. These leverage advanced voice cloning technologies to impersonate senior officials.

Microsoft's May 2025 Patch Tuesday addresses 72 vulnerabilities across its product suite, including five actively exploited zero-day vulnerabilities and two publicly disclosed flaws.

A threat actor has claimed to possess over 89 million Steam user records containing one-time passcodes (OTPs), allegedly sourced via a compromise involving Twilio. Twilio denies any breach.

A critical vulnerability, CVE-2024-45332, dubbed "Branch Privilege Injection," has been discovered in all modern Intel CPUs from the 9th generation onward. This flaw allows attackers to leak sensitive data from privileged memory regions.

Fortinet has patched a critical zero-day vulnerability (CVE-2025-32756) exploited in the wild to target FortiVoice enterprise phone systems. The flaw, a stack-based buffer overflow, also affects FortiMail, FortiNDR, FortiRecorder, and FortiCamera.

A new ClickFix campaign by APT36 (Transparent Tribe), a Pakistan-linked threat actor, has expanded its targeting to include Linux systems alongside Windows and macOS. It impersonates India's Ministry of Defence to lure victims.

Ascension, one of the largest private healthcare systems in the U.S., has disclosed a data breach affecting 437,329 individuals. The breach originated from a third-party vendor compromise, potentially linked to Clop ransomware

Ransomware groups Qilin and Hunters International are abusing Kickidler, a legitimate employee monitoring tool used by over 5,000 organizations across 60 countries, to conduct stealthy reconnaissance and credential harvesting.