Quantum encryption promises stronger security, yet it also strains satellite hardware, bandwidth and mission design. Switzerland’s Armed Forces now redesign their space architecture to handle quantum-era threats, “harvest-now, decrypt-later” campaigns and the limits of legacy spacecraft.
A misconfigured VTEX cloud bucket exposed personal data of over 6 million shoppers, revealing major gaps in vendor cloud security and breach response.
The RondoDox botnet now targets unpatched XWiki servers through CVE-2025-24893, a critical eval injection flaw that lets any guest execute remote code and drop miners, turning forgotten wiki instances into entry points and compute fuel.
GrayBravo’s modular loader, CastleLoader, now powers four distinct threat clusters targeting logistics, travel, and enterprise users a clear sign of rapid MaaS expansion and rising risk for global organizations.
Australia’s eSafety Commissioner may classify GitHub as a social network and ban kids under 16 from using it. Officials argue GitHub’s social features resemble TikTok and Discord, but critics say the move could block young coders from learning and accessing open-source tools
A widespread campaign exploited the Chrome Web Store to distribute 131 rebranded extensions that hijack WhatsApp Web for automated bulk messaging. These add-ons pose a significant risk to organizations and users alike, demanding immediate review of extension governance and messaging platform protections.
Set up Google Workspace the right way: one SPF with include:_spf.google.com, a 2048-bit DKIM key at google._domainkey, and a strict, report-ready DMARC policy with alignment. Start at p=none to discover stray senders, then ramp to quarantine and reject. Verification steps and copy-paste examples included.
A WhatsApp API flaw allowed researchers to enumerate 3.5 billion accounts by abusing weak rate-limiting in the contact-discovery endpoint, exposing global phone-number mappings and public profile metadata that adversaries could weaponize for large-scale phishing, impersonation and SIM-swap attacks.
A newly discovered backdoor, dubbed Net-CAPI, has infiltrated multiple Russian government networks by hijacking Windows cryptographic services. Analysts believe the tool, developed by a sophisticated threat group, uses advanced evasion and persistence methods to hide within legitimate system operations—making detection nearly impossible.
Ukraine’s CERT-UA has warned that CabinetRAT backdoor malware is being actively deployed in cyber espionage campaigns targeting government and critical networks.