A newly discovered Android spyware, Android.Backdoor.916.origin, is actively targeting Russian-speaking business executives by masquerading as a fake antivirus app named "GuardCB." The malware is designed for surveillance and data theft.

Data I/O, a prominent manufacturer of manual and automated programming systems for flash memory, microcontrollers, and logic devices, reported a ransomware attack that forced the company to take several operational systems offline.

CISA has added CVE-2025-43300, a zero-day vulnerability affecting Apple iOS, iPadOS, and macOS, to its KEV catalog. Successful exploitation can result in memory corruption, potentially allowing attackers to execute arbitrary code.

Microsoft has ceased sharing proof-of-concept (PoC) exploit code with Chinese firms via its Microsoft Active Protections Program (MAPP) after the mass exploitation of SharePoint vulnerabilities in July 2025.

The United Kingdom has imposed a new wave of sanctions targeting Kyrgyz financial institutions and cryptocurrency networks accused of facilitating Russian sanctions evasion, military procurement, and ransomware operations.

A UK-based hacker, Al-Tahery Al-Mashriky (26), linked to the Yemen Cyber Army (YCA) and Spider Team, has been sentenced to 20 months in prison for defacing thousands of websites and possessing stolen personal data.

Google has released Chrome version 139 to address a high-severity vulnerability (CVE-2025-9132) in the V8 JavaScript and WebAssembly engine. CVE-2025-9132 is a high-severity out-of-bounds write vulnerability in the V8 engine.

A critical exploit chain targeting SAP NetWeaver leverages CVE-2025-31324 (CVSS 10.0) and CVE-2025-42999 (CVSS 9.1), enabling attackers to bypass authentication and achieve remote code execution (RCE).

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2025-54948, a critical vulnerability in Trend Micro Apex One on-premise management console, to its Known Exploited Vulnerabilities (KEV) catalog.

Pro-Russian hackers seized control of a dam in Bremanger, Norway, in a demonstrative cyberattack targeting critical infrastructure. The attackers opened a flood gate to release 500 liters of water per second for four hours before being stopped.