A newly emerged malware campaign, dubbed Tsundere Botnet, is actively targeting Windows systems through various sophisticated infection mechanisms. This Node.js-based botnet utilizes Ethereum blockchain smart contracts.

Multiple iCam365 CCTV camera models are affected by missing authentication vulnerabilities, impacting ONVIF and RTSP services. These flaws expose video streams and configuration data to unauthorized users on the same local network.

A newly discovered Android banking trojan named Sturnus poses a significant threat to device and data security by targeting encrypted messaging applications such as Signal, WhatsApp, and Telegram.

A new global campaign, ShadowRay 2.0, is compromising publicly exposed instances of the distributed computing framework Ray by exploiting a critical, unpatched vulnerability (CVE-2023-48022).

A widespread scam campaign is exploiting WhatsApp’s screen-sharing feature alongside malware-based propagation via WhatsApp Web to compromise accounts and execute large-scale financial fraud.

A critical remote code execution (RCE) vulnerability, tracked as CVE-2025-25257, has been identified in FortiWeb—a web application firewall (WAF) platform developed to safeguard APIs and web applications from exploitation.

A sophisticated cyberattack employing the emerging modular post-exploitation framework Tuoni targeted a major US real estate firm. The attack began with a well-executed social engineering campaign leveraging Microsoft Teams impersonation.

Multiple critical vulnerabilities have been identified in IBM AIX 7.2, 7.3 and IBM VIOS 3.1, 4.1. These flaws, affecting the Network Installation Manager (NIM) services and credential handling mechanisms, pose major security risks.

A critical email spoofing vulnerability discovered in DoorDash’s Business platform enabled unauthorized actors to send branded phishing emails directly from DoorDash's official servers through the free Business account interface.

A medium-severity bug (CVE-2025-10259) has been identified in Mitsubishi Electric's MELSEC iQ-F Series programmable logic controllers (PLCs). The flaw, stemming from improper validation of specified quantity in input, can be exploited remotely.