Overall, workers are broadly encouraged by their company to use AI as part of their workloads and the 1Password report found that of 5000 workers surveyed 73% said their company is in favor of such experimentation.

The King Addons for Elementor plugin, used on over 10,000 sites, contains two unauthenticated critical issues that can lead to full site takeover. New research from Patchstack shows two easily exploitable flaws.

Ribbon Communications, a provider of telecommunications services to the U.S. government and telecom companies worldwide, revealed that nation-state hackers breached its IT network as early as December 2024.

NFC relay malware has become increasingly prevalent in Eastern Europe, targeting Android users' payment card data. The malware exploits Android's HCE to manipulate contactless payment data.

A China-linked hacking group is exploiting a Windows zero-day in attacks targeting European diplomats in Hungary, Belgium, and other European nations. The attack chain begins with spearphishing emails that lead to the delivery of malicious LNK files.

A critical remote code execution vulnerability in Apache ActiveMQ is being actively exploited by the Kinsing (H2Miner) threat actor to deploy multiple malware strains, including the Sharpire backdoor, XMRig miner, and post-exploitation tools.

A critical remote code execution vulnerability in Windows Server Update Services (WSUS), tracked as CVE-2025-59287, is being actively exploited in the wild. Attackers are leveraging this flaw to deploy the Skuld infostealer.

Multiple vulnerabilities have been identified in various Splunk AppDynamics agents and the Splunk Operator for Kubernetes Add-on. These vulnerabilities stem from outdated third-party packages.

A critical access bypass vulnerability has been identified in the Drupal module Simple OAuth (OAuth2) & OpenID Connect, affecting versions 6.0.0 through versions prior to 6.0.7.

A phishing campaign is impersonating PayPal and Geek Squad to execute a tech support scam. Victims receive fake invoices via email, prompting them to call a fraudulent support number, leading to potential financial loss and system compromise.