Multiple critical vulnerabilities were discovered in Chaos Mesh, an open-source chaos engineering platform for Kubernetes. These flaws, collectively named "Chaotic Deputy," allow unauthenticated in-cluster attackers to execute arbitrary commands.

A self-replicating JavaScript worm named Shai-Hulud has compromised over 180 npm packages in a rapidly evolving supply chain attack. The worm targets npm developers, leveraging stolen credentials to propagate itself and exfiltrate sensitive data.

CVE-2025-43300 is a 0-day vulnerability in Apple’s ImageIO framework that enables memory corruption via malicious image files. The vulnerability was initially patched in August 2025. The issue was addressed by implementing improved bounds checking.

A new FileFix-based social engineering campaign is actively delivering the StealC infostealer malware by exploiting user trust and abusing the File Explorer address bar. This attack impersonates Meta support and uses steganography to evade detection.

A sophisticated SEO poisoning campaign has been uncovered targeting Chinese-speaking Microsoft Windows users. The attackers manipulated search engine results to promote fraudulent websites mimicking legitimate software providers.

Academic researchers have developed a new Rowhammer-based attack, dubbed Phoenix, that bypasses DDR5 memory protections, including Target Row Refresh (TRR). The Phoenix attack was able to flip bits on all 15 DDR5 memory chips tested.

A new AI-powered penetration testing tool named Villager has garnered nearly 11,000 downloads on PyPI. Villager’s AI-driven architecture enables large-scale, parallelized exploitation.

A critical vulnerability (CVE-2025-5086) in DELMIA Apriso factory software is being actively exploited in the wild. The flaw, a deserialization of untrusted data issue, enables remote code execution and affects versions from 2020 through 2025.

A new phishing-as-a-service platform, VoidProxy, has emerged as a significant threat by enabling attackers to bypass multifactor authentication (MFA) and compromise high-value accounts.

HybridPetya mimics Petya/NotPetya and introduces the ability to bypass UEFI Secure Boot using CVE-2024-7344. Although not yet seen in the wild, it demonstrates a significant evolution in ransomware capabilities by targeting UEFI-based systems.