RondoDox is a large-scale botnet active since June 2025, targeting 56 n-day vulnerabilities across over 30 device types, including routers, DVRs, and web servers. Since its discovery, the botnet has expanded its arsenal of exploits

Recent research reveals that large language models (LLMs) can develop backdoor vulnerabilities from as few as 250 malicious documents embedded in their training data. The study involved training LLMs ranging from 600 million to 13 billion parameters.

A significant data breach has impacted all users of SonicWall’s MySonicWall cloud backup service. Threat actors accessed firewall configuration backup files, potentially exposing encrypted credentials and configuration data.

Williams & Connolly, a prominent Washington, DC-based law firm, was breached by Chinese state-sponsored hackers who exploited a zero-day vulnerability to access a limited number of attorney email accounts.

A threat actor group identifying as Scattered Lapsus$ Hunters claimed responsibility for a massive data breach involving Australian telecom giant Telstra. The group claims to have exfiltrated over 100GB of PII.

A new variant of the Chaos ransomware family, dubbed Chaos-C++, has emerged targeting Microsoft Windows systems. This version is the first known Chaos variant not written in .NET, marking a significant shift in its development.

A new ransomware alliance has emerged between DragonForce, LockBit, and Qilin, signaling a major evolution in the cyber threat landscape. This coalition aims to enhance attack effectiveness by sharing tools and infrastructure.

Salesforce has confirmed it will not comply with extortion demands following a series of cyberattacks attributed to a threat group linked to Scattered Spider, Lapsus$, and ShinyHunters.

A critical authentication bypass vulnerability (CVE-2025-5947) in the Service Finder WordPress theme is being actively exploited by threat actors. Over 13,800 exploitation attempts have been recorded since August 1.

The Institute of Culinary Education (ICE) has disclosed a ransomware attack affecting 33,342 individuals. The ransomware group Payouts King claimed responsibility, stating it exfiltrated 1.5 TB of data.