Google has released an update for its Chrome browser that includes two security fixes. Both are classified as high severity, and one is reportedly exploited in the wild. These flaws were found in Chrome's V8 engine, which is the part of Chrome (and other Chromium-based browsers) that runs JavaScript. Chrome is by far the world's most popular browser, used by an estimated 3.4 billion people. READ MORE...
Cloudflare said the service disruption that led to significant customer outages on Tuesday was not the result of a hacker attack. Outages hit a wide range of online services, including ChatGPT, X, Dropbox, Shopify, and the game League of Legends. The incident has also reportedly caused some disruptions to websites and other digital services associated with critical organizations such as New Jersey Transit, New York City Emergency Management, and the French national railway company SNCF. READ MORE...
Jaguar Land Rover said revenue fell 24% during the fiscal second quarter, led by the impact of a late-summer cyberattack that disrupted automotive production for weeks until a phased restart in early October. The company said fiscal second-quarter revenue fell to $6.45 billion (4.9 billion pounds) from the same period a year ago. The attack also led to a major impact on the company's supply chain. READ MORE...
Around 50,000 ASUS routers have been compromised in a sophisticated attack that researchers believe may be linked to China, according to findings released today by SecurityScorecard's STRIKE team. Dubbed "Operation WrtHug", the campaign exclusively targets end-of-life ASUS WRT routers, exploiting multiple known vulnerabilities - some dating back to 2023. The affected routers are primarily concentrated in Taiwan and Southeast Asia. READ MORE...
An in-development build of the upcoming ShinySp1d3r ransomware-as-a-service platform has surfaced, offering a preview of the upcoming extortion operation. ShinySp1d3r is the name of an emerging RaaS created by threat actors associated with the ShinyHunters and Scattered Spider extortion groups. These threat actors have traditionally used other ransomware gangs' encryptors in attacks, but are now creating their own operation to deploy attacks themselves and their affiliates. READ MORE...
An intermittent outage at Cloudflare on Tuesday briefly knocked many of the Internet's top destinations offline. Some affected Cloudflare customers were able to pivot away from the platform temporarily so that visitors could still access their websites. But security experts say doing so may have also triggered an impromptu network penetration test for organizations that have come to rely on Cloudflare to block many types of abusive and malicious traffic. READ MORE...
Researchers have figured out how to spoof the signals that tell train conductors to brake, opening the door to any number of dangerous attack scenarios. When a large, moving train is rolling down the tracks toward an oncoming obstacle, one can't rely solely on a conductor to handle what's ahead. To account for human error, in emergency circumstances, you need a system built into the train itself that can automatically bring the stock to a halt. READ MORE...
Researchers in Austria used a flaw in WhatsApp to gather the personal data of more than 3.5 billion users in what they believe amounts to the "largest data leak in history." The messaging platform allows users to look up others' details by inputting their phone numbers. The feature, which has been part of the platform for years, can be abused to enumerate user data, including phone number, name, and in some cases their profile image if they have one set. READ MORE...
Fortinet on Tuesday announced patches for 17 vulnerabilities, including a zero-day resolved with the latest FortiWeb updates. Tracked as CVE-2025-58034 (CVSS score of 6.7), the bug is described as an OS command injection issue that can be exploited by authenticated attackers to execute arbitrary code on the underlying system, via crafted HTTP requests or CLI commands. "Fortinet has observed this to be exploited in the wild," the vendor notes in its advisory. READ MORE...
On a sunny morning on October 19 2025, four men allegedly walked into the world's most-visited museum and left, minutes later, with crown jewels worth 88 million euros ($101 million). The theft from Paris' Louvre Museum-one of the world's most surveilled cultural institutions-took just under eight minutes. Visitors kept browsing. Security didn't react (until alarms were triggered). The men disappeared into the city's traffic before anyone realized what had happened. READ MORE...