The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a cross-site scripting (XSS) vulnerability, CVE-2021-26829, in OpenPLC ScadaBR to its Known Exploited Vulnerabilities (KEV) catalog.

A highly coordinated supply chain attack exploiting a South Korean Managed Service Provider (MSP) has led to the deployment of the Qilin ransomware, culminating in a significant data heist campaign dubbed "Korean Leaks".

A sophisticated North Korean-backed campaign, dubbed Contagious Interview, has adopted novel tactics by leveraging legitimate JSON storage services—such as JSON Keeper, JSONsilo, and npoint.io—as covert payload delivery platforms.

A novel side-channel attack technique, dubbed Whisper Leak, has been disclosed, targeting encrypted communications between users and streaming-mode large language models (LLMs).

A sophisticated software supply chain attack has been uncovered involving nine malicious NuGet packages embedded with time-delayed logic bombs. These packages, published by a user named shanhai666, were downloaded nearly 9,500 times.

Multiple Chinese state-linked threat actors are exploiting legacy bugs in widely used software to conduct cyberespionage. These target government, non-profit, and private sector organizations across the U.S., Asia, Europe, and Latin America.

A critical command injection bug has been identified in two npm packages. It allows remote unauthenticated attackers to execute arbitrary OS commands on development machines running the vulnerable Metro server.

A malicious VSX extension named SleepyDuck has been discovered in the Open VSX registry, embedding a Remote Access Trojan (RAT) that leverages Ethereum smart contracts to maintain and update its command-and-control (C2) infrastructure.

A China-affiliated threat actor known as UNC6384 has been linked to a fresh set of attacks exploiting an unpatched Windows shortcut vulnerability to target European diplomatic and government entities between September and October 2025.

The Australian Signals Directorate (ASD) has issued a bulletin about ongoing cyber attacks targeting unpatched Cisco IOS XE devices in the country with a previously undocumented implant known as BADCANDY.