China has accused U.S. intelligence agencies of conducting cyberattacks on two Chinese military enterprises, including the exploitation of a Microsoft Exchange zero-day vulnerability.

Luxembourg experienced a nationwide telecommunications outage lasting over three hours, reportedly due to a cyberattack targeting Huawei router software within POST Luxembourg’s infrastructure.

A data breach at a Florida prison has exposed the personal contact information of prison visitors to all inmates, raising significant concerns about potential extortion, harassment, and physical threats to both inmates and their families.

A critical prompt-injection vulnerability, identified as CVE-2025-54135 and dubbed "CurXecute", affects almost all versions of the AI-powered Cursor IDE prior to version 1.3. This flaw allows remote code execution with developer privileges.

Pi-hole, a widely-used network-level ad-blocker, has disclosed a data breach caused by a vulnerability in the GiveWP WordPress donation plugin. The flaw exposed donor names and email addresses to the public via the webpage's source code.

Flashpoint’s Global Threat Intelligence Index: 2025 Midyear Edition, analyzing over 3.6 petabytes of data, reports an 800% surge in credential theft, with 1.8 billion credentials stolen from 5.8 million infected devices.

A new variant of the DoubleTrouble trojan is actively targeting users across Europe, posing a significant threat to financial data security. Initially spread via phishing websites, the malware now leverages Discord-hosted APKs for distribution.

A critical zero-day vulnerability (CVE-2025-5394, CVSS 9.8) in the Alone – Charity Multipurpose Non-profit WordPress Theme is being actively exploited by threat actors. The theme has over 9,000 installations.

CVE-2024-7348 is a race condition vulnerability in PostgreSQL's `pg_dump` utility that allows attackers with sufficient privileges to execute arbitrary SQL commands as the user running the dump, often a superuser.

Microsoft has confirmed that the Russian state-sponsored threat group Secret Blizzard (aka Turla, VENOMOUS BEAR) is conducting cyber-espionage operations against foreign embassies in Moscow by exploiting local ISPs.