Volkswagen Group faces a serious cybersecurity challenge after ransomware gang 8Base claimed to have stolen sensitive data from its global operations. The incident exposes growing supply-chain risks and highlights how industrial manufacturers remain prime targets for modern cyber-extortion campaigns.
Google filed a lawsuit in New York to disrupt “Lighthouse,” a phishing-as-a-service network behind large-scale smishing. Consequently, the case seeks injunctions, domain seizures, and damages. For defenders, the move creates detection windows as operators pivot infrastructure so tighten filters, accelerate takedowns, and harden fraud telemetry now.
Signal has called on Germany to reject the EU’s chat control proposal, warning that client-side scanning would break encryption, facilitate surveillance, and undermine trust in private communication.
AI-powered fraud is expanding at an unprecedented rate as criminals weaponize generative models, deepfakes and automated identity systems. Organizations must strengthen identity verification and adopt resilience-first strategies to withstand this next-generation threat.
Researchers have uncovered a new global campaign linked to the TA585 threat group, deploying a malware strain called MonsterV2. The campaign targets enterprise, finance, and industrial sectors, leveraging advanced persistence and evasion techniques to steal data and compromise corporate networks
GPT-5.1 Codex-Max can now code independently for hours inside terminals, IDEs and Windows environments. That jump from helper to autonomous coding agent dramatically changes the threat model, turning AI-generated patches, permissions and pipelines into first-class security concerns.
Docker Compose CVE-2025-62725 enables path traversal that can overwrite host files from malicious compose artifacts. Update to v2.40.2, restrict sources, and audit caches.
Security researchers discovered a critical vulnerability in Oracle E-Business Suite (EBS) that enables privilege escalation across enterprise systems. The flaw, tracked under CVE-2025-31245, could allow attackers to execute administrative actions without proper authorization if left unpatched.
A malicious MCP server can exfiltrate API keys and sensitive data from applications, exposing how trust in developer frameworks can be abused.
Belgian chains such as Brico and Carrefour are increasingly playing AI-generated, royalty-free music in their stores to cut licensing costs. This shift could slash 25–28 % of public performance income for local artists, warn rights organizations. Here’s how the technology works, the risks it raises, and what defenses stakeholders must consider.