A critical vulnerability in Grist-Core's Pyodide WebAssembly sandbox allows remote code execution (RCE) through malicious spreadsheet formulas. This flaw, with a CVSS score of 9.1, has been patched.

Over half (58%) ranked cyber-related breaches as their top risk, with three-quarters doubting their ability to manage them. Their concern is grounded in experience and 20% said they had suffered a breach over the past two years.

DeadLock ransomware has been identified using Polygon blockchain smart contracts to manage and rotate proxy server addresses. The latest samples include an HTML file used to communicate with victims via the Session encrypted messaging platform.

A high-severity vulnerability has been identified in Open WebUI, affecting versions 0.6.34 and older. This flaw, with a severity rating of 7.3, poses risks of account takeover and server compromise when the Direct Connections feature is enabled.

VVS Stealer is a Python-based malware targeting Discord users, employing advanced obfuscation techniques to extract sensitive data. It primarily focuses on stealing Discord tokens and browser information.

Artem Aleksandrovych Stryzhak, 35, was extradited from the Spanish city of Barcelona earlier this year after being arrested in June 2024. He pleaded guilty to one count of conspiracy to commit computer fraud, according to the US Justice Department.

A critical vulnerability in the Motors WordPress theme, developed by StylemixThemes, has been identified, potentially allowing logged-in users with minimal privileges to take over affected websites.

A new malware campaign has been identified, utilizing ClickFix social engineering tactics to deploy the CastleLoader malware family. This campaign employs a Python-based delivery chain, replacing earlier AutoIt droppers with a compact Python loader.

A significant cyber-espionage campaign linked to the Bloody Wolf Advanced Persistent Threat (APT) group has expanded across Central Asia, targeting government entities in Kyrgyzstan and Uzbekistan.

US radio broadcasters are being targeted in a surge of infrastructure hijackings where intruders exploit unsecured Barix audio devices to air unauthorized Emergency Alert System (EAS) tones and offensive content over public airwaves.