Microsoft 365 suffered a widespread outage across Australia, causing authentication failures, email disruptions and Teams connection issues. Although services gradually recovered, the incident exposed cloud reliability concerns for businesses that rely heavily on Microsoft’s ecosystem.
The U.S. Justice Department indicted a Ukrainian national for her role in Russia-backed cyberattacks targeting critical infrastructure — a move highlighting the resurgence of politically motivated malware campaigns against essential services.
North Korean–linked attackers exploited a critical React2Shell vulnerability (CVE-2025-55182) to deploy a new smart-contract based RAT named EtherRAT. The malware uses Ethereum smart-contracts for C2 resolution, hides payloads through obfuscation, and employs multiple persistence mechanisms — a serious threat to Web3 and developer environments.
SAP has released fixes for three SAP critical vulnerabilities affecting Solution Manager, Commerce Cloud, and the jConnect SDK. These flaws enable remote code execution and unsafe deserialization, posing significant risk to enterprise systems. This article breaks down technical details and offers mitigation guidance.
Japanese organizations continue facing ransomware incidents that cause months of operational disruption. This investigative analysis explores how long-tail damage unfolds, why attackers target Japan’s supply chain ecosystem, and how companies can strengthen long-term resilience.
Microsoft’s December 2025 Patch Tuesday delivers critical security updates — 56 vulnerabilities across Windows, Office, Exchange and more including three zero-day flaws. Attackers exploited at least one, making immediate patching vital for enterprise and personal systems alike.
GrayBravo’s modular loader, CastleLoader, now powers four distinct threat clusters targeting logistics, travel, and enterprise users a clear sign of rapid MaaS expansion and rising risk for global organizations.
A chilling evolution: Storm-0249 has shifted from selling access to enabling full-blown ransomware campaigns. Their new combination of ClickFix social-engineering, fileless PowerShell and DLL sideloading dramatically increases stealth and persistence across enterprise environments.
A critical Ivanti Endpoint Manager code execution flaw, tracked as CVE-2025-10573, allows unauthenticated attackers to plant malicious JavaScript in the EPM dashboard and hijack admin sessions. This article explains how the bug works, which versions are affected, and how to patch and harden EPM cores.
A misconfiguration in Cursor’s integration with AWS Bedrock allows non-admin users or attackers with minimal access to raise spending caps and drain cloud budgets rapidly. Here’s what happened, why it matters, and how to secure your AI-cloud environment.