The vulnerability poses a significant threat to public cloud providers, whose business model involves offering remote code execution as a service and renting out shared hardware resources.

A recent surge in ransomware attacks targeting SonicWall Gen 7 firewalls has been attributed to CVE-2024-40766, a critical improper access control vulnerability in SonicOS. SonicWall has denied the presence of a zero-day vulnerability.

Findings indicate that Siri and related services may transmit sensitive user data to Apple servers beyond what is disclosed in Apple’s privacy policies, raising questions about user consent, data handling transparency, and more.

A Nigerian national, Chukwuemeka Victor Amachukwu, was extradited from France to the US to face charges related to a multi-year cyber-enabled fraud campaign. The scheme involved spearphishing attacks, identity theft, and fraudulent filings.

China has accused U.S. intelligence agencies of conducting cyberattacks on two Chinese military enterprises, including the exploitation of a Microsoft Exchange zero-day vulnerability.

Federal cybersecurity officials are continuing to assess the strategic threat posed by the Chinese state-sponsored threat actor Volt Typhoon, which has infiltrated U.S. critical infrastructure networks, including systems on the island of Guam.

The FBI has issued a series of public service announcements (PSAs) warning about “The Com,” a rapidly growing and decentralized cybercriminal network composed primarily of minors and young adults aged 11 to 25.

Two critical zero-day vulnerabilities in Microsoft SharePoint—CVE-2025-53770 and CVE-2025-53771—are being actively exploited by China-linked threat actors Linen Typhoon, Violet Typhoon, and Storm-2603.

Arizona election officials reported a cyberattack on the state’s online candidate portal, where attacker(s) replaced candidate photos with images of the late Iranian Ayatollah Ruhollah Khomeini.

Karen Serobovich Vardanyan, a 33-year-old Armenian national, has been extradited to the United States and charged for his alleged involvement in Ryuk ransomware attacks that occurred between March 2019 and September 2020.