Researchers identified five critical vulnerabilities in Bloomberg’s Comdb2 version 8.1, an open-source clustered database system. These flaws can be exploited remotely to cause denial-of-service (DoS) conditions via specially crafted TCP packets.

A newly discovered botnet campaign is exploiting VoIP-enabled routers by leveraging default password attacks over Telnet. Initially detected in a small New Mexico community, the operation has since expanded globally, compromising over 500 devices.

Qdos, a UK-based business insurance and employment status specialist serving tech contractors, has confirmed a data breach involving unauthorized access to one of its web applications, mygoqdos.com.

Researchers uncovered 13 critical vulnerabilities in the Niagara Framework, developed by Tridium. These flaws, consolidated into 10 CVEs, affect building management, industrial automation, and smart infrastructure systems globally.

Morgan County 911, based in Decatur, Alabama, confirmed a ransomware attack by the Qilin group in May 2025. While administrative systems were disrupted, critical dispatch operations remained unaffected.

A recent supply chain attack compromised Toptal’s GitHub account, resulting in the distribution of malware through its Picasso developer toolbox. The attack affected over 5,000 downloads and involved 10 npm packages.

NASCAR experienced a data breach. The Medusa ransomware group claimed responsibility, demanding a $4 million ransom with a deadline around April 19. The breach exposed names and Social Security numbers of an undisclosed number of individuals.

North Providence, Rhode Island, has disclosed a ransomware attack that compromised the personal data of 1,804 individuals. The Medusa ransomware group claimed responsibility and demanded a $100,000 ransom.

A sophisticated cyber espionage campaign by Fire Ant has targeted VMware ESXi hosts, vCenter servers, and network appliances. This activity is part of a broader trend of persistent targeting of network edge devices by China-linked threat actors.

A recent wave of phishing campaigns has been observed exploiting spoofed Microsoft SharePoint domains and abusing legitimate hosting platforms to harvest user credentials.hese campaigns employ structured domain naming conventions.