A major data breach at Chinese cybersecurity firm Knownsec has reportedly exposed over 12,000 files revealing its alleged involvement in developing and deploying state-linked cyber-espionage tools.

Akira ransomware has generated over $244 million in illicit proceeds since late September 2025, showcasing a significant evolution in its tactics and capabilities. The group has expanded its targeting scope to include Nutanix AHV environments.

A medium-severity bug (CVE-2025-10259) has been identified in Mitsubishi Electric's MELSEC iQ-F Series programmable logic controllers (PLCs). The flaw, stemming from improper validation of specified quantity in input, can be exploited remotely.

Threat actors are exploiting the legacy Finger protocol via Windows' built-in finger command to execute remote commands and deploy malware through the ClickFix malware campaign.

Two evolving malware campaigns—Campaign Trio (Feb–Mar 2025) and Campaign Chorus (May 2025)—are distributing variants of the Gh0st remote access trojan (RAT) by impersonating known software applications through massive fake domain infrastructure.

A large-scale supply chain attack has flooded the npm open-source registry with over 150,000 malicious packages in a campaign exploiting the tea.xyz platform to harvest cryptocurrency rewards.

A sophisticated North Korean-backed campaign, dubbed Contagious Interview, has adopted novel tactics by leveraging legitimate JSON storage services—such as JSON Keeper, JSONsilo, and npoint.io—as covert payload delivery platforms.

Two medium-severity vulnerabilities have been identified in Siemens SICAM P850 and P855 devices, which are widely deployed in the Energy sector. Exploitation could allow attackers to impersonate users or perform unauthorized actions remotely.

Multiple high-severity vulnerabilities have been identified in all versions of Brightpick AI's Mission Control / Internal Logic Control platform. These bugs affect all versions of the product and are exploitable remotely with low attack complexity.

A critical data breach at The Washington Post has compromised sensitive personal and financial information of 9,720 employees and contractors. The breach was facilitated through a zero-day vulnerability in Oracle E-Business Suite (CVE-2025-61884).