A critical vulnerability, CVE-2025-68493, has been identified in Apache Struts 2, affecting versions 2.0.0 through 6.1.0. This flaw, discovered by Zast AI, involves unsafe XML parsing in the XWork component, which can lead to system crashes.

The GhostPoster malware campaign has been active for five years, affecting over 840,000 users through browser extensions on Chrome, Firefox, and Edge. The malware uses hidden payloads within PNG images to evade detection.

Spindletop Center, a behavioral health clinic in Texas, experienced a significant data breach in September 2025. Rhysida ransomware claimed responsibility for the attack, demanding a ransom of 15 bitcoin, equivalent to $1.65 million at the time.

An XSS vulnerability was discovered in CISA's "Software Acquisition Guide: Supplier Response Web Tool." This vulnerability allowed attackers to inject malicious JavaScript into the web page, potentially affecting other users and defacing the website.

Chinese cyberspies, identified as the Mustang Panda group, have launched a targeted phishing campaign against US government agencies. The campaign used the geopolitical event of Venezuelan President Nicolás Maduro's capture as a lure.

A ransomware attack has disrupted operations at Kyowon, a major South Korean conglomerate with interests in education, publishing, media, and technology. The attack potentially exposed customer data, affecting approximately 9.6 million accounts.

A sophisticated phishing scam is leveraging PayPal's legitimate invoice system to deceive users by sending verified invoices with fake support numbers. This scam bypasses traditional email security filters, posing a significant threat to users.

The Gootloader malware has adopted a new delivery method using malformed ZIP archives, which involves concatenating up to 1,000 parts to evade detection. This technique is designed to crash analysis tools like 7-Zip and WinRAR.

Cisco has patched a critical 0-day vulnerability in its AsyncOS Software for Secure Email Gateway and Secure Email and Web Manager. This vulnerability, exploited by a China-linked APT group, allows RCE due to insufficient validation of HTTP requests.

DeadLock ransomware has been identified using Polygon blockchain smart contracts to manage and rotate proxy server addresses. The latest samples include an HTML file used to communicate with victims via the Session encrypted messaging platform.