Two British teenagers have pleaded not guilty to serious Computer Misuse Act charges over a 2024 cyberattack on Transport for London, an intrusion that disrupted digital services, exposed customer data and allegedly cost the authority about £39 million. Their case now sits at the intersection of teen cybercrime, critical-infrastructure risk and the UK’s toughest penalties for hacking.
Researchers documented CVSS 8.9 command injection in three official Claude Desktop extensions Chrome, iMessage, and Apple Notes. Because those connectors built AppleScript commands with unescaped user input, prompt injection could pivot from web content to local shell execution on macOS. Anthropic patched the issues. This analysis explains the exploit chain, the fixes, and the validation steps security teams should run to keep MCP servers safe.
CISA and NSA published a focused plan to harden Microsoft Exchange. Enforce modern authentication, cut exposure, enable Extended Protection, and lock down TLS to stop real-world attacks.
Edge’s scareware sensor uses on-device AI and SmartScreen integration to shut down tech support scams fast. It exits full-screen traps, warns users, and gives admins policy control.
A zero-day vulnerability in Oracle E-Business Suite, CVE-2025-61882, has been actively exploited by Cl0p in data theft campaigns. Oracle’s emergency patch addresses unauthenticated remote code execution in the BI Publisher integration component.
A China-linked cyber espionage malware campaign demonstrates how attackers abuse DNS traffic to maintain stealthy, long-term command-and-control access.
Multiple vulnerabilities in TeamViewer DEX expose risks in enterprise endpoint monitoring platforms, raising concerns about unauthorized access, telemetry abuse, and internal reconnaissance within corporate environments.
Ludwigshafen detected suspicious activity and took city IT offline to contain risk. Teams isolate systems, assess scope, and plan a safe, phased restoration while core services continue with workarounds.
A cyberattack on Crisis24’s OnSolve CodeRED platform disrupted emergency alerts for cities, counties, police and fire agencies across the U.S. The INC Ransom group claims responsibility, with stolen resident data, clear-text passwords and a rollback to older backups now forcing agencies to rebuild their notification capabilities and review credential hygiene.
The U.S. Secret Service dismantled a massive telecom threat in New York City, seizing 100,000 SIM cards and 300 servers hidden across abandoned apartments. Authorities say the “imminent” campaign, discovered before the UN Assembly, could have crippled cellular services, government operations, and emergency systems. Investigators believe foreign threat actors used the network for covert communication with criminal enterprises