A threat actor known as Dark Storm, a pro-Russian hacktivist collective, has escalated its cyber disruption campaigns across Europe and Russia, increasingly targeting government institutions and critical infrastructure.

A highly sophisticated email espionage campaign led by the persistent threat actor ToddyCat has been detected making use of enhanced and stealthy malware methodologies to exfiltrate corporate email data.

A critical vulnerability has been identified in multiple models of Festo's MSE6-C2M, D2M, and E2M devices. Exploitation of this remotely accessible flaw may allow a low-privileged authenticated attacker to trigger undocumented test modes.

A data breach has affected Italy’s national railway operator, Ferrovie dello Stato Italiane, following a successful cyberattack on its digital services provider, Almaviva. Threat actors claim to have exfiltrated 2.3 TB of highly sensitive info.

A newly discovered and actively exploited vulnerability in Oracle Fusion Middleware—tracked as CVE-2025-61757—has been added to the Known Exploited Vulnerabilities (KEV) Catalog maintained to promote early detection and remediation.

A sophisticated Android malware has been identified utilizing advanced evasion and detection resistance strategies. The malware employs strong packing and obfuscation to hinder traditional antivirus (AV) systems.

Cox Enterprises has suffered a significant data breach due to exploitation of a zero-day vulnerability in Oracle E-Business Suite. The Cl0p ransomware group exploited CVE-2025-61882.

Recent ransomware developments have shifted focus toward exploiting cloud-native environments, particularly Amazon S3, through misconfigurations and advanced misuse of AWS encryption and access mechanisms.

A newly emerged malware campaign, dubbed Tsundere Botnet, is actively targeting Windows systems through various sophisticated infection mechanisms. This Node.js-based botnet utilizes Ethereum blockchain smart contracts.

The OWASP Top 10 for 2025 introduces core changes emphasizing systemic risks in modern application ecosystems. Key additions include “Supply Chain Failures” at rank #3 and “Mishandling of Exceptional Conditions” at rank #10.