Security researchers have exposed a large-scale espionage campaign where Chinese hackers weaponized open-source tools to infiltrate critical infrastructure systems worldwide. The operation showcases a shift toward covert, community-blended tactics where public codebases become vectors for nation-state exploitation.
Google has launched a new AI Vulnerability Reward Program (AI VRP) that pays up to $30,000 for critical flaws in its AI systems. Covering products such as Gemini, Search, and Workspace, the initiative bridges responsible AI research with traditional bug bounty frameworks, rewarding ethical hackers who strengthen AI security.
In 2025 alone, North Korean hacker groups have stolen over $2 billion in cryptocurrency funding state operations and deepening reliance on digital crime. They target exchanges, DeFi bridges, and individual holders, laundering via mixers and OTC channels. This escalation signals a bold shift in DPRK’s cyber financing, demanding vigilance from exchanges and regulators alike.
A Redis vulnerability (CVE-2025-23345) active for 13 years exposes servers to remote code execution. Rated CVSS 10.0, it affects millions of instances.
A 0-day buffer overflow vulnerability in Cisco ASA and FTD devices, exploitable via WebVPN, allows unauthenticated remote code execution. Cisco has released patches and issued guidance for mitigation.
ParkMobile breach victims will receive a $1 parking credit as part of a 2025 class-action settlement. The 2021 incident exposed 21 million user records.
Huawei confirmed a data breach stemming from a compromised vendor system, exposing partner and employee records. Security experts warn of new supply-chain risks.
A public PoC exploit for CVE-2025-32463 in Sudo has been released, enabling local privilege escalation to root. Linux users are urged to update to Sudo 1.9.16p1.
A recently disclosed Chrome RCE exploit uses Wasm and JavaScript to manipulate memory and execute shellcode in the browser. Update to version M137.0.7151.57 immediately to prevent remote compromise.
Signal has called on Germany to reject the EU’s chat control proposal, warning that client-side scanning would break encryption, facilitate surveillance, and undermine trust in private communication.