A newly disclosed Grafana vulnerability is under active exploitation, with attackers targeting enterprise dashboards and infrastructure. Security teams must apply patches immediately.
CVE-2025-10547, a vulnerability in DrayOS routers, can lead to remote code execution via the WebUI. Administrators should patch and disable external access immediately.
CISA has listed CVE-2025-4008, a remote code execution bug in MeteoBridge devices, signaling active exploitation and urging immediate patching.
Signal has stated it may quit the European market if the EU forces apps to scan private messages under Chat Control, citing encryption and privacy concerns.
Microsoft Outlook has disabled inline SVG image rendering after attackers exploited the feature in phishing campaigns, marking another step in tightening email security.
Confucius hackers launched a phishing campaign in Pakistan deploying WooperStealer and Anondoor malware using PPSX and LNK files to compromise sensitive systems.
Intelliloan has notified customers of a March 2025 hack that exposed sensitive PII such as Social Security numbers, driver’s licenses, and financial data across its systems.
HackerOne has announced $81 million in bug bounty payouts over the past year, rewarding ethical hackers worldwide for reporting vulnerabilities across enterprise systems.
Hackers breached Red Hat and GitHub in coordinated attacks and stole customer data, underscoring risks even in widely trusted development platforms.
Google Mandiant has launched an investigation into a new cyberattack campaign targeting Oracle systems, raising alarms over advanced threat activity and enterprise risks.