A massive misconfigured database exposed billions of LinkedIn-related records, enabling attackers to refine phishing, impersonation, and identity-based attacks. This investigative report examines how the leak happened and why its long-tail impact will persist for years.
Google has disclosed a widespread Oracle-linked hacking campaign impacting dozens of organizations across sectors including energy, tech, and logistics. The operation, active since mid-2025, exploited software integrations between vendors and clients marking one of the year’s most significant supply chain cyberattacks.
Malicious npm packages are being used as hidden attack infrastructure, abusing the open-source supply chain to distribute malware, evade detection, and compromise developer environments.
Threat actors behind a coordinated network on YouTube have uploaded over 3,000 videos that masquerade as software tutorials and cheat walkthroughs, yet lead to credential‐stealer malware downloads. The operation uses compromised channels, fake engagement and download links to evade detection posing a new category of platform-based threat for security teams.
Europe moves away from big tech companies toward regional technology alternatives driven by privacy, compliance, and digital sovereignty priorities.
A MongoDB vulnerability tracked as CVE-2025-14847 highlights how weaknesses in access control handling can expose database environments to unauthorized access and data compromise.
A college student has been sentenced to four years in federal prison for orchestrating a PowerSchool cyberattack that compromised sensitive education data. The case highlights growing concerns over insider-driven breaches targeting school information systems.
A Redis vulnerability (CVE-2025-23345) active for 13 years exposes servers to remote code execution. Rated CVSS 10.0, it affects millions of instances.
A 0-day buffer overflow vulnerability in Cisco ASA and FTD devices, exploitable via WebVPN, allows unauthenticated remote code execution. Cisco has released patches and issued guidance for mitigation.
The UK introduced a Cyber Security and Resilience Bill to harden essential services and their suppliers. Consequently, regulators expand scope, speed incident reporting, and push provable resilience across NHS, water, transport, and energy.