A critical ingestion bug in Adobe Analytics caused cross-tenant data leakage, exposing customer tracking data from one organization to others. The issue lasted for nearly a day and affected multiple Adobe Analytics services globally.

Threat actors are exploiting unsecured Milesight IoT cellular routers to send SMS-based phishing messages. These routers are widely deployed in critical infrastructure such as traffic lights and electric power meters.

A widespread extortion campaign is targeting Oracle customers with emails claiming data theft from Oracle’s E-Business Suite. The emails are allegedly linked to the Clop ransomware group.

Multiple vulnerabilities have been identified in VMware Aria Operations and VMware Tools, the most critical of which (CVE-2025-41244) allows local privilege escalation to root.

Rhadamanthys, a modular infostealer, has released version 0.9.2 with significant updates. These changes impact detection, analysis, and reverse engineering, and include new evasion techniques, configuration formats, and delivery mechanisms.

A wave of smishing attacks has been traced to exploited Milesight Industrial Cellular Routers, with attackers abusing their APIs to send phishing SMS messages. These campaigns primarily target Belgian users.

Researchers have uncovered a novel technique to bypass Address Space Layout Randomization (ASLR) in Apple devices by exploiting deterministic behaviors in the NSKeyedArchiver and NSKeyedUnarchiver serialization frameworks.

A critical vulnerability (CVE-2022-3079) has been identified in Festo CPX-CEC-C1 and CPX-CMXX control blocks. This flaw allows unauthenticated, remote access to critical webpage functions, potentially resulting in a denial of service (DoS).

A significant data breach has compromised RemoteCOM, a US-based surveillance provider, exposing highly sensitive data of nearly 14,000 individuals under court supervision and 6,896 law enforcement personnel.

A critical vulnerability in Tesla’s TCU allowed attackers with physical access to gain root-level code execution. The flaw has been patched via an over-the-air (OTA) update.