A high-severity vulnerability has been identified in Open WebUI, affecting versions 0.6.34 and older. This flaw, with a severity rating of 7.3, poses risks of account takeover and server compromise when the Direct Connections feature is enabled.

VVS Stealer is a Python-based malware targeting Discord users, employing advanced obfuscation techniques to extract sensitive data. It primarily focuses on stealing Discord tokens and browser information.

Artem Aleksandrovych Stryzhak, 35, was extradited from the Spanish city of Barcelona earlier this year after being arrested in June 2024. He pleaded guilty to one count of conspiracy to commit computer fraud, according to the US Justice Department.

A critical vulnerability in the Motors WordPress theme, developed by StylemixThemes, has been identified, potentially allowing logged-in users with minimal privileges to take over affected websites.

A new malware campaign has been identified, utilizing ClickFix social engineering tactics to deploy the CastleLoader malware family. This campaign employs a Python-based delivery chain, replacing earlier AutoIt droppers with a compact Python loader.

A significant cyber-espionage campaign linked to the Bloody Wolf Advanced Persistent Threat (APT) group has expanded across Central Asia, targeting government entities in Kyrgyzstan and Uzbekistan.

US radio broadcasters are being targeted in a surge of infrastructure hijackings where intruders exploit unsecured Barix audio devices to air unauthorized Emergency Alert System (EAS) tones and offensive content over public airwaves.

Authorities in London—including the Royal Borough of Kensington and Chelsea (RBKC) and Westminster City Council (WCC)—are responding to a serious cybersecurity incident first identified on Monday morning.

An ATM fraud operation led by the threat group UNC2891 involved ATM malware, money mule recruitment, rootkit-based PIN bypass, and coordinated cash withdrawal efforts targeting two major Indonesian banks between 2022 and 2024.

A sophisticated cyberattack employing the emerging modular post-exploitation framework Tuoni targeted a major US real estate firm. The attack began with a well-executed social engineering campaign leveraging Microsoft Teams impersonation.