Multiple bugs have been identified in Apple products, with the most severe potentially allowing for arbitrary code execution. Apple is aware of reports that CVE-2025-43529 and CVE-2025-14174 may have been exploited in sophisticated attacks.

A sophisticated cryptocurrency mining campaign has been identified targeting AWS customers. The attackers leverage compromised IAM credentials to deploy crypto miners, using advanced persistence techniques to evade detection and maintain operations.

A vulnerability in a photo booth company's website exposed private photos of users, posing significant privacy risks. The flaw allowed unauthorized access to photos and videos

The threat actor has shifted its focus from exploiting zero-day and N-day vulnerabilities to targeting known but unpatched flaws in edge devices. This strategy reduces their workload and chances of detection while maintaining operational outcomes.

A vulnerability in Mitsubishi Electric GT Designer3 allows attackers to obtain plaintext credentials, potentially leading to unauthorized operation of GOT2000 and GOT1000 series devices.

A critical vulnerability, CVE-2024-3596, has been identified in Hitachi Energy's AFS, AFR, and AFF series. This vulnerability can compromise data integrity and disrupt availability, posing significant risks to critical infrastructure sectors.

CISA identified a critical zero-day vulnerability, CVE-2025-43529, in Apple's WebKit rendering engine. This vulnerability is actively exploited in the wild, affecting millions of users across iOS, iPadOS, macOS, and other Apple platforms.

Cellik is a newly discovered Android malware-as-a-service (MaaS) that allows cybercriminals to create malicious versions of apps from the Google Play Store. It is offered for $150 per month or $900 for lifetime access.

BlindEagle, a threat actor operating in South America, has launched a sophisticated spear phishing campaign targeting a Colombian government agency under the Ministry of Commerce, Industry and Tourism (MCIT).

The "GhostPoster" campaign is exploiting Firefox extensions by embedding malicious JavaScript in the image logos using steganography. This technique allows attackers to monitor browser activity and plant a backdoor, affecting over 50,000 users.