Apple Bug Bounty Adds Bonus for Lockdown Bypass Finds
Apple has expanded its bug bounty program to reward researchers up to $2 million for zero-click exploit chains. Bonuses for Lockdown Mode bypasses and beta findings may push payouts even higher.
Tag: security
Read More
Cl0p-Linked Hackers Launch New Data-Leak Campaign
A new Cl0p ransomware breach has hit dozens of organizations across finance, energy, and logistics sectors. Analysts warn the campaign marks a resurgence of the group’s dark-web leak operations, signaling a return to large-scale, supply-chain-style extortion attacks.
Google Issues Warning on Expanding Oracle-Linked Threat Activity
Google has disclosed a widespread Oracle-linked hacking campaign impacting dozens of organizations across sectors including energy, tech, and logistics. The operation, active since mid-2025, exploited software integrations between vendors and clients marking one of the year’s most significant supply chain cyberattacks.
Hackers Claim Water Plant Attack But It Was a Honeypot All Along
A new cyberattack demonstrates how hacktivists target critical infrastructure with increasing precision. In this case, attackers believed they breached a real water treatment facility, yet the environment was a sophisticated decoy — a honeypot designed to study intrusions into industrial control systems (ICS).
DraftKings Accounts Targeted in Credential-Stuffing Wave
Online betting platform DraftKings has confirmed a credential-stuffing breach exposing customer data. Attackers reused leaked passwords from past breaches to gain access to DraftKings accounts, compromising personal details, account balances, and transaction history. Users are advised to reset passwords and enable multi-factor authentication immediately.
Open-Source Projects Exploited by Chinese State-Backed Hackers
Security researchers have exposed a large-scale espionage campaign where Chinese hackers weaponized open-source tools to infiltrate critical infrastructure systems worldwide. The operation showcases a shift toward covert, community-blended tactics where public codebases become vectors for nation-state exploitation.
Google Rewards AI Vulnerability Reports With Up to $30K
Google has launched a new AI Vulnerability Reward Program (AI VRP) that pays up to $30,000 for critical flaws in its AI systems. Covering products such as Gemini, Search, and Workspace, the initiative bridges responsible AI research with traditional bug bounty frameworks, rewarding ethical hackers who strengthen AI security.
North Korean State Hackers’ Cryptocurrency Theft Hits New Highs
In 2025 alone, North Korean hacker groups have stolen over $2 billion in cryptocurrency funding state operations and deepening reliance on digital crime. They target exchanges, DeFi bridges, and individual holders, laundering via mixers and OTC channels. This escalation signals a bold shift in DPRK’s cyber financing, demanding vigilance from exchanges and regulators alike.
Redis Users Warned: Decade-Old Bug Now Exploited in Wild
A Redis vulnerability (CVE-2025-23345) active for 13 years exposes servers to remote code execution. Rated CVSS 10.0, it affects millions of instances.
Cisco Firewall Vulnerability CVE-20333 Allows RCE — Update Now
A 0-day buffer overflow vulnerability in Cisco ASA and FTD devices, exploitable via WebVPN, allows unauthenticated remote code execution. Cisco has released patches and issued guidance for mitigation.