Microsoft today pushed updates to fix at least 56 security flaws in its Windows operating systems and supported software. This final Patch Tuesday of 2025 tackles one zero-day bug that is already being exploited, as well as two publicly disclosed vulnerabilities. Despite releasing a lower-than-normal number of security updates these past few months, Microsoft patched a whopping 1,129 vulnerabilities in 2025, an 11.9% increase from 2024. READ MORE...
A Ukrainian woman was charged in the US in two separate indictments for her alleged ties with two hacktivist groups known for launching hundreds of cyberattacks in support of the Russian government's interests. The individual, Victoria Eduardovna Dubranova, 33, allegedly played a role in cyberattacks and intrusions that pro-Russia hacktivist groups CyberArmyofRussia_Reborn (CARR) and NoName057(16) (NoName) carried out against critical infrastructure organizations worldwide. READ MORE...
The National Police in Spain have arrested a suspected 19-year-old hacker in Barcelona, for allegedly stealing and attempting to sell 64 million records obtained from breaches at nine companies. The teen now faces charges related to involvement in cybercrime, unauthorized access and disclosure of private data, and privacy violations. "The cybercriminal accessed nine different companies where he obtained millions of private records that he later sold online," reads the police's announcement. READ MORE...
Industrial giants Siemens, Rockwell Automation, Schneider Electric, and Phoenix Contact have published Patch Tuesday advisories informing customers about vulnerabilities found in their ICS/OT products. Siemens has published 14 new advisories. An overall severity rating of 'critical' has been assigned to three advisories covering dozens of third-party component vulnerabilities affecting Comos, Sicam T, and Ruggedcom ROX products. READ MORE...
More than two months after ransomware shutdown its operations, Japanese food and beverage giant Asahi Holdings continues to suffer from back-office disruptions and was recently forced to acknowledge the possibility of a data breach affecting 1.9 million people. The company is not alone among Japanese firms. Japanese online retailer Askul announced this week that it would resume taking orders from its corporate clients more than six weeks after the firm acknowledged an attack. READ MORE...
A new phishing kit called Spiderman is targeting customers of numerous European banks and cryptocurrency services using pixel-perfect replicas of legitimate sites. The platform allows cybercriminals to launch phishing campaigns that can capture login credentials, two-factor authentication (2FA) codes, and credit card data. The Spiderman phishing kit, analyzed by researchers at Varonis, targets financial institutions in five countries. READ MORE...
A quiet economic subsector is emerging around humanoid robots, and it's already experiencing a variety of cybersecurity challenges. In case large language models (LLMs) don't wipe out enough jobs, organizations in the US and Asia are currently working toward replacing manual laborers too, with machines that look and move like people but won't demand wages. Humanoid robots are inevitably going to get cheaper to manufacture over time. READ MORE...
LLMs are moving deeper into enterprise products and workflows, and that shift is creating new pressure on security leaders. A new guide from DryRun Security outlines how these systems change long standing assumptions about data handling, application behavior, and internal boundaries. It is built around the OWASP Top 10 for LLM Applications, which the company uses as the structure for a full risk model and a reference architecture for teams building with LLMs. READ MORE...