Exposed cloud credentials become the launchpad for mass phishing, highlighting email services as a prime target in cloud exploitation campaigns.

Google has been penalized €325 million ($379 million) and clothing retailer Shein has been ordered to pay €150 million ($175 million) for not getting proper consent from users for advertising...

AmberWolf’s reveal of Zero Trust vulnerabilities shows how industry players can work together for the greater good

The Docker internal HTTP API is used to control most of Docker. Exposing this is an automatic game over in terms of container security. This is because you can start a privileged container that...

This article goes through how threat actors are attempting to phish users who use Gmail. The basic idea is common: your password is about to expire, so you must renew it now. Naturally, this sends...

VteNext is a CRM in Italy. Upon initially searching through the PHP codebase of the demo release with semgrep default PHP rules, they find some interesting sinks. The first issue they find is an...

Threat actors have been exploiting a zero-day vulnerability in legacy Sitecore deployments to deploy WeepSteel reconnaissance malware. [...]

WebViews are commonly used in Android applications to display webpages inside of the app itself. To improve usability, deeplinks or custom URIs on the app, are commonly used. When deeplinks are...

Sitecore Experience Platform is a Content Management System (CMS). There are at least 22K public Sitecore instances, making this a fairly impactful target. The HTTP handler XamlPageHandlerFactory...

Insikt Group reveals TAG-150’s multi-tiered infrastructure and CastleRAT malware—an advanced threat actor evolving rapidly with stealth and scale.

Texas Attorney General Ken Paxton has filed a lawsuit against education software company PowerSchool, which suffered a massive data breach in December that exposed the personal information of 62...

Spreading from a compromised organization to its peers with hijacked emails, using the ClickFix social engineering method – non-trivial tactics and techniques were reported this quarter.

SQL Injection vulnerability (CVE-2025-7385) has been found in Concept Intermedia GOV CMS software.

Chess.com has disclosed a data breach after threat actors gained unauthorized access to a third-party file transfer application used by the platform. [...]

Multiple vulnerabilities have been discovered in Google Android OS, the most severe of which could allow for remote code execution. Android is an operating system developed by Google for mobile...

TP-Link has confirmed the existence of an unpatched zero-day vulnerability impacting multiple router models, as CISA warns that other router flaws have been exploited in attacks. [...]

Cloud storage and remote operation can expose critical sectors to Chinese espionage, warned the Czech Republic's NÚKIB, "making trust in the reliability of the provider absolutely crucial."

The French data protection authority has fined Google €325 million ($378 million) for violating cookie regulations and displaying ads between Gmail users' emails without their consent. [...]

The browser is now the frontline for cyberattacks. From phishing kits and ClickFix lures to malicious OAuth apps and extensions, attackers are targeting the very place your employees access...

DPRK-aligned threat actors abuse CTI platforms to detect infrastructure exposure and scout for new assets.

Car tire giant Bridgestone confirms it is investigating a cyberattack that impacts the operation of some manufacturing facilities in North America. [...]

ESET researchers have identified a new threat actor targeting Windows servers with a passive C++ backdoor and a malicious IIS module that manipulates Google search results

A critical zero-day vulnerability in several Sitecore products could allow attackers to execute code remotely. The vulnerability, identified as CVE-2025-53690, stems from a ViewState...

Microsoft says the August 2025 security updates are triggering unexpected User Account Control (UAC) prompts and app installation issues for non-admin users across all supported Windows versions. [...]

The General Court of the Court of Justice of the European Union ruled against a French lawmaker who had challenged the EU-U.S. Data Privacy Framework, citing the fact that a U.S. data protection...

ABB Ability BeerMaker and B&R technologies will demonstrate integrated, unified brewery plant automation.

Data Patterns will replace its current solution with Teamcenter as a single source of truth for its mechanical, electrical and software domains.

Although the ISA100 Wireless standard has remained largely unchanged since its final version, recent advances have focused on safety-critical applications.

Sensor advancements help optimize process efficiency, safety and quality with reliable measurement, while reducing maintenance requirements and operational costs.

At HANNOVER MESSE, attendees from industry will learn how companies can succeed in this phase of rapid industrial transformation.