Thousands of ASUS WRT routers, mostly end-of-life or outdated devices, have been hijacked in a global campaign called Operation WrtHug that exploits several vulnerabilities.

The United States, the United Kingdom, and Australia announced sanctions targeting Russian bulletproof hosting (BPH) providers that have supported ransomware gangs and other cybercrime operations.

The vulnerability, tracked as CVE-2025-9501, in the W3 Total Cache (W3TC) WordPress plugin can be exploited to run PHP commands on the server by posting a comment that contains a malicious payload.

The Sneaky2FA phishing-as-a-service (PhaaS) kit has added browser-in-the-browser (BitB) capabilities that are used in attacks to steal Microsoft credentials and active sessions.

A new global campaign, ShadowRay 2.0, is compromising publicly exposed instances of the distributed computing framework Ray by exploiting a critical, unpatched vulnerability (CVE-2023-48022).

A ransomware attack has targeted an overseas facility of LG Energy Solution, a major global battery manufacturer. The Akira ransomware group claims responsibility for the incident, alleging the theft of 1.7 terabytes of sensitive data.

A widespread scam campaign is exploiting WhatsApp’s screen-sharing feature alongside malware-based propagation via WhatsApp Web to compromise accounts and execute large-scale financial fraud.

A critical remote code execution (RCE) vulnerability, tracked as CVE-2025-25257, has been identified in FortiWeb—a web application firewall (WAF) platform developed to safeguard APIs and web applications from exploitation.

A data breach at Pajemploi, a French public social service facilitating payroll for parents employing in-home caregivers, has compromised the private data of approximately 1.2 million registered childcare workers.

The Congressional Budget Office (CBO) has confirmed the successful expulsion of threat actors from its email systems following a previously disclosed cyberattack that targeted the agency’s internal communications.