A critical vulnerability persists in the Verbatim Store 'n' Go Secure Portable SSD even after applying the latest security update (v1.0.0.6). The flaw enables offline brute-force attacks, allowing unauthorized access to encrypted data.

Cursor and Windsurf IDEs, used by approximately 1.8 million developers, are vulnerable to over 94 known Chromium and V8 engine vulnerabilities due to reliance on outdated Electron framework versions.

A high-severity remote code execution vulnerability, CVE-2025-62518 (CVSS 8.1), has been discovered in the async-tar Rust library and its numerous forks, including tokio-tar, uv, testcontainers, wasmCloud, astral-tokio-tar, and krata-tokio-tar.

TP-Link has disclosed four command injection vulnerabilities affecting its Omada gateway devices, which are marketed as full-stack solutions (router, firewall, VPN gateway) for small to medium businesses.

Vidar Stealer 2.0 represents a significant evolution in infostealer malware, featuring a complete rewrite in C, multithreaded architecture, and advanced evasion and credential theft capabilities.

Sensitive details of these core members have been leaked following the doxxing campaign. The attack is suspected to have been carried out by cybercrime competitors, according to a Trend Micro report.

A new report from cybersecurity research firm Sublime Security reveals yet another widespread credential phishing campaign where scammers try to get your login information, specifically by stealing victims’ Facebook login details.

The Russian state-backed Star Blizzard hacker group has ramped up operations with new, constantly evolving malware families (NoRobot, MaybeRobot) deployed in complex delivery chains that start with ClickFix social engineering attacks.

PolarEdge was first documented by Sekoia in February 2025, attributing it to a campaign targeting routers from Cisco, ASUS, QNAP, and Synology with the goal of corralling them into a network for an as-yet-undetermined purpose.

Following the public disclosure of its LOSTKEYS malware in May 2025, the Russian state-sponsored threat group known as COLDRIVER, also tracked under aliases such as UNC4057, Star Blizzard, and Callisto, has rapidly evolved its cyber operations.