Apple Bug Bounty Adds Bonus for Lockdown Bypass Finds
Apple has expanded its bug bounty program to reward researchers up to $2 million for zero-click exploit chains. Bonuses for Lockdown Mode bypasses and beta findings may push payouts even higher.
Tag: safety
Read More
New ChaosBot Campaign Hits Active Directory Logins
The ChaosBot malware campaign is exploiting Cisco VPN credentials and Active Directory passwords to infiltrate enterprise environments. By combining brute-force attacks with credential reuse, ChaosBot’s operators are building a fast-spreading botnet focused on corporate VPN and identity systems.
Cl0p-Linked Hackers Launch New Data-Leak Campaign
A new Cl0p ransomware breach has hit dozens of organizations across finance, energy, and logistics sectors. Analysts warn the campaign marks a resurgence of the group’s dark-web leak operations, signaling a return to large-scale, supply-chain-style extortion attacks.
Google Issues Warning on Expanding Oracle-Linked Threat Activity
Google has disclosed a widespread Oracle-linked hacking campaign impacting dozens of organizations across sectors including energy, tech, and logistics. The operation, active since mid-2025, exploited software integrations between vendors and clients marking one of the year’s most significant supply chain cyberattacks.
Google Rewards AI Vulnerability Reports With Up to $30K
Google has launched a new AI Vulnerability Reward Program (AI VRP) that pays up to $30,000 for critical flaws in its AI systems. Covering products such as Gemini, Search, and Workspace, the initiative bridges responsible AI research with traditional bug bounty frameworks, rewarding ethical hackers who strengthen AI security.
North Korean State Hackers’ Cryptocurrency Theft Hits New Highs
In 2025 alone, North Korean hacker groups have stolen over $2 billion in cryptocurrency funding state operations and deepening reliance on digital crime. They target exchanges, DeFi bridges, and individual holders, laundering via mixers and OTC channels. This escalation signals a bold shift in DPRK’s cyber financing, demanding vigilance from exchanges and regulators alike.
ParkMobile to Compensate Breach Victims With $1 Parking Credit
ParkMobile breach victims will receive a $1 parking credit as part of a 2025 class-action settlement. The 2021 incident exposed 21 million user records.
Signal Urges Germany Not to “Capitulate” to Client-Side Scanning
Signal has called on Germany to reject the EU’s chat control proposal, warning that client-side scanning would break encryption, facilitate surveillance, and undermine trust in private communication.
CVE-2025-61882: Oracle’s Emergency Patch After Cl0p Exploits
A zero-day vulnerability in Oracle E-Business Suite, CVE-2025-61882, has been actively exploited by Cl0p in data theft campaigns. Oracle’s emergency patch addresses unauthenticated remote code execution in the BI Publisher integration component.
ICS Calendar XSS Risk: New Zimbra Zero-Day Exploit Revealed
Researchers discovered a zero-day in Zimbra webmail where malicious JavaScript injected into .ICS calendar files executes within session context — allowing attackers to steal emails, credentials, and forward mail.