Xerox has released critical patches for FreeFlow Core version 8.0.4 to address two high-severity vulnerabilities—CVE-2025-8355 and CVE-2025-8356—that enable Server-Side Request Forgery (SSRF) and Remote Code Execution (RCE).

The MedusaLocker ransomware group, active since 2019 and operating under a Ransomware-as-a-Service (RaaS) model, has announced a recruitment drive for penetration testers via its Tor-based data leak site.

Connex Credit Union, one of Connecticut’s largest non-profit financial institutions, has disclosed a significant data breach that compromised the personal and financial information of approximately 172,000 individuals.

Researchers have uncovered critical vulnerabilities in smart bus systems that could allow attackers to remotely track, control, or spy on vehicles. These flaws arise from the insecure integration of passenger Wi-Fi and critical vehicle systems.

Researchers uncovered multiple critical vulnerabilities in Dell ControlVault3 and ControlVault3 Plus firmware, including CVE-2025-25215, CVE-2025-24922, and CVE-2025-24919.

A critical 0-day vulnerability in WinRAR, tracked as CVE-2025-8088, was actively exploited by the RomCom threat actor group in phishing campaigns. The flaw, a directory traversal vulnerability, allows attackers to extract files into arbitrary paths.

A major security lapse in TeleMessage, a Signal clone used by U.S. government officials, has led to the exposure of 410GB of sensitive communications. Over 780 CBP officer emails were compromised.

According to a new report, the Embargo ransomware group has amassed approximately $34.2 million in cryptocurrency since its emergence in April 2024. The group primarily targets the healthcare, business services, and manufacturing sectors.

A security researcher uncovered critical vulnerabilities in a major carmaker’s dealership web portal that allowed unauthorized creation of a national admin account. This access enabled full control over customer and vehicle data.

A new large-scale SMS phishing operation, dubbed Magic Mouse, has emerged following the takedown of the earlier scam campaign known as Magic Cat. Magic Mouse is now responsible for the theft of approximately 650,000 credit cards per month.