A new global campaign, ShadowRay 2.0, is compromising publicly exposed instances of the distributed computing framework Ray by exploiting a critical, unpatched vulnerability (CVE-2023-48022).

A ransomware attack has targeted an overseas facility of LG Energy Solution, a major global battery manufacturer. The Akira ransomware group claims responsibility for the incident, alleging the theft of 1.7 terabytes of sensitive data.

A widespread scam campaign is exploiting WhatsApp’s screen-sharing feature alongside malware-based propagation via WhatsApp Web to compromise accounts and execute large-scale financial fraud.

A critical remote code execution (RCE) vulnerability, tracked as CVE-2025-25257, has been identified in FortiWeb—a web application firewall (WAF) platform developed to safeguard APIs and web applications from exploitation.

A data breach at Pajemploi, a French public social service facilitating payroll for parents employing in-home caregivers, has compromised the private data of approximately 1.2 million registered childcare workers.

The Congressional Budget Office (CBO) has confirmed the successful expulsion of threat actors from its email systems following a previously disclosed cyberattack that targeted the agency’s internal communications.

British lawmakers have been warned of a growing espionage campaign spearheaded by China’s Ministry of State Security (MSS), which leverages LinkedIn as a vector to target members of Parliament and policy influencers.

A sophisticated cyberattack employing the emerging modular post-exploitation framework Tuoni targeted a major US real estate firm. The attack began with a well-executed social engineering campaign leveraging Microsoft Teams impersonation.

In a coordinated attack on Kenyan government digital infrastructure, multiple ministry websites—including those of Interior, Health, Education, Energy, Labor, and Water—were defaced with hate-based white supremacist messages.

Princeton University has disclosed a data breach involving its advancement database that houses personal information of donors, alumni, students, faculty, and parents. The breach occurred on November 10 and lasted less than 24 hours.