Japanese retailer Muji has suspended its online sales and related services following a ransomware attack on its logistics partner, Askul. The cyberattack disrupted Muji’s ability to process orders and operate its app and website.

A significant rise in cyberattacks is impacting the Asia-Pacific (APAC) region, particularly in Australia and neighboring nations. Threat actors are exploiting vulnerabilities in SonicWall VPNs (CVE-2024-40766), targeting Microsoft 365 accounts.

Multiple vulnerabilities have been identified in Oxford Nanopore Technologies' MinKNOW software, a DNA and RNA sequencing platform. These flaws could allow attackers to gain unauthorized access, exfiltrate data, and disrupt sequencing operations.

A critical vulnerability (SYSS-2025-015) has been identified in Verbatim Keypad Secure USB 3.2 Gen 1 drives (Part Numbers #49427 and #49428), even after applying the latest firmware update v1.0.0.6.

A critical vulnerability persists in the Verbatim Store 'n' Go Secure Portable SSD even after applying the latest security update (v1.0.0.6). The flaw enables offline brute-force attacks, allowing unauthorized access to encrypted data.

Cursor and Windsurf IDEs, used by approximately 1.8 million developers, are vulnerable to over 94 known Chromium and V8 engine vulnerabilities due to reliance on outdated Electron framework versions.

A high-severity remote code execution vulnerability, CVE-2025-62518 (CVSS 8.1), has been discovered in the async-tar Rust library and its numerous forks, including tokio-tar, uv, testcontainers, wasmCloud, astral-tokio-tar, and krata-tokio-tar.

TP-Link has disclosed four command injection vulnerabilities affecting its Omada gateway devices, which are marketed as full-stack solutions (router, firewall, VPN gateway) for small to medium businesses.

Vidar Stealer 2.0 represents a significant evolution in infostealer malware, featuring a complete rewrite in C, multithreaded architecture, and advanced evasion and credential theft capabilities.

Sensitive details of these core members have been leaked following the doxxing campaign. The attack is suspected to have been carried out by cybercrime competitors, according to a Trend Micro report.