The UK's National Cyber Security Centre (NCSC) has issued a warning about the persistent threat of "prompt injection" attacks on AI systems. These attacks manipulate AI models into executing unintended commands, posing a significant security risk.

The ToolShell campaign has exposed critical vulnerabilities in Microsoft's SharePoint software, exploited by three Chinese hacking groups: Linen Typhoon, Violet Typhoon, and Storm-2603.

The JS#SMUGGLER campaign leverages compromised websites to deploy the NetSupport RAT, that allows attackers full control over victim systems. The campaign targets enterprise users through a sophisticated multi-stage web-based malware operation.

ChrimeraWire trojan manipulates search engine rankings by simulating user activity through Chrome. Unlike traditional malware, it focuses on boosting the visibility of specific websites in search results rather than stealing data or encrypting files.

Two malicious VSCode extensions, Bitcoin Black and Codo AI, have been identified on Microsoft's registry. These extensions, published under the developer name 'BigBlack', are designed to infect developers' machines with information-stealing malware.

American pharmaceutical firm Inotiv said that an attack had disrupted business operations after some of its networks and systems (including databases and internal applications) were taken down.

A human rights lawyer from Pakistan's Balochistan province received a suspicious link on WhatsApp from an unknown number, marking the first time a civil society member in the country was targeted by Intellexa's Predator spyware.

Security researcher Lyra Rebane has devised a novel clickjacking attack that relies on Scalable Vector Graphics and Cascading Style Sheets. Rebane demonstrated the technique at BSides Tallinn and has now published a summary of her approach.

A maximum severity vulnerability in Apache Tika, tracked as CVE-2025-66516 (CVSS score of 10.0), allows XML external entity attacks. The vulnerability lets attackers trigger an XXE injection in Apache Tika’s core, PDF, and parser modules.

The U.S. Cybersecurity and Infrastructure Security Agency on Friday formally added a critical security flaw impacting React Server Components to its Known Exploited Vulnerabilities (KEV) catalog following reports of active exploitation in the wild.