One of the most severe issues, tracked as CVE-2025-41250, is an SMTP header injection bug in vCenter. With a CVSSv3 base score of 8.5, it allows attackers with non-administrative privileges to modify ...

A new campaign has been observed using malicious Windows shortcuts in credential-themed ZIP files to deploy PowerShell script ...

AI security was the main focus for acquisitions in September, while Mitsubishi Electric unveiled a $1bn deal to buy OT security firm Nozomi Networks ...

PwC found that AI security has become a top investment priority in cyber budgets over the next 12 months, ahead of cloud and network security ...

A newly identified cyber espionage group has been targeting government and telecommunications organizations across Africa, the Middle East and Asia for at least the past two and a half years, ...

The NCA warns that house buyers could face losses of over £80,000 from a type of BEC called payment diversion fraud ...

Tim Capel, ICO interim executive director – regulatory supervision, revealed that the privacy watchdog issued a notice of intent to fine Imgur parent company MediaLab on September 10.

According to research by Sekoia.io’s Threat Detection & Research (TDR) team, the routers’ APIs were abused to send phishing text messages – a tactic that has repeatedly targeted Belgian users by ...

At its core, Klopatra is a sophisticated banking Trojan. It enables attackers to seize control of infected devices using Hidden VNC for remote operations, dynamic overlays to steal credentials and ...

The Trump administration wants CISA to transition to a “new model” for supporting local government agencies’ cyber strategy ...

The first indirect prompt injection vulnerability affects Gemini Cloud Assist: a tool designed to help users understand complex logs in the Google Cloud Platform (GCP) by summarizing entries and ...

Japanese brewery giant Asahi revealed that a cyber-attack had caused a “system failure”, with order and shipment operations suspended in Japan ...