A high-severity vulnerability was discovered in Mozilla Firefox's WebAssembly garbage-collection implementation. This flaw exposed over 180 million users worldwide to risk of memory corruption and potential RCE.

A widespread scam campaign is exploiting WhatsApp’s screen-sharing feature alongside malware-based propagation via WhatsApp Web to compromise accounts and execute large-scale financial fraud.

The EchoGram attack exploits LLM guardrails designed to detect and block malicious prompts. By leveraging carefully selected “flip tokens,” it can silently override guardrail verdicts, enabling prompt injections and false positives.

A critical vulnerability in Amazon WorkSpaces client for Linux (CVE-2025-12779) allows local attackers to extract valid authentication tokens, potentially leading to unauthorized access and lateral movement within corporate environments.

NGate is a newly identified Android malware that enables attackers to perform unauthorized ATM withdrawals by relaying NFC payment data from victims’ smartphones. It leverages Host Card Emulation (HCE) and advanced social engineering.

BlueNoroff has launched AI-driven cyberattacks under the GhostCall and GhostHire campaigns. These operations are part of the broader SnatchCrypto campaign targeting blockchain, digital finance, and emerging crypto technologies.

A critical vulnerability (CVE-2025-54539) in Apache ActiveMQ NMS AMQP Client allows remote code execution via insecure deserialization in the .NET implementation. The vulnerability affects all versions up to and including 2.3.0.

North Korean state-sponsored actors launched a large-scale supply chain attack campaign, Contagious Interview, targeting blockchain and cryptocurrency developers. The attackers distributed 338 malicious npm packages, downloaded over 50,000 times.

In October 2025, researchers discovered an unprotected Amazon S3 bucket linked to Invoicely, a Vienna-based SaaS invoicing platform. The misconfigured bucket exposed 178,519 sensitive documents.

The campaign targets enterprises across finance, healthcare, and technology sectors that have adopted LLM chatbots for customer service and automation. Attackers have successfully exfiltrated internal system data and more.