Palo Alto's Unit 42 reveals a sophisticated cyber-espionage campaign by Liminal Panda (CL-STA-0969) targeting Southeast Asian telecom infrastructure with custom backdoors.

Microsoft's Recall AI feature still captures sensitive data like passwords and bank info, despite new protections. The system's VBS encryption and PIN access may also be vulnerable to remote exploits.

A new backdoor, Plague, disguised as a Linux PAM component, evaded detection for over a year. It grants attackers persistent SSH access and leaves no forensic trail.

Mozilla has issued a warning about a new phishing campaign targeting Firefox extension developers' accounts on the AMO platform, urging them to be cautious of fake login requests.

A new AI-generated crypto-stealer disguised as an NPM utility has been found, with polished documentation and emojis giving away its artificial origin. Over 1,500 users were infected.

Flashpoint reports an 800% surge in infostealer-fueled credential theft in H1 2025, leading to a 179% rise in ransomware and a 235% spike in data breaches.

A new report exposes ShadowSyndicate, a sophisticated cybercrime group tied to top-tier RaaS affiliates, bulletproof hosting, and suspected geopolitical influence operations.

APT37's new RoKRAT malware variant uses steganography to hide encrypted payloads in JPEG images, bypassing antivirus and traditional defenses by executing entirely in memory.

BBOT is a recursive, modular OSINT automation framework written in Python. BBOT currently has over 50 modules and counting.

German firm Einhaus Group declared bankruptcy after a $230K ransomware attack by Royal. Despite paying the ransom, the company couldn't recover, underscoring the true cost of cybercrime.

Linux Kernel 6.17 is getting a major influx of Rust code for drivers and infrastructure. This marks a significant step in Rust's growing role in core kernel development.

Linux Kernel 6.17 introduces "Attack Vector Controls," a new system for managing CPU security mitigations by attack type, simplifying administration and boosting performance.

Meta and Stanford unveiled a 3mm-thick holographic VR headset prototype, using laser projection to eliminate bulky optics and bringing VR glasses closer to consumer reality.

Proton has patched a critical flaw in its iOS Authenticator app (v1.1.1) that logged TOTP secrets in plaintext. Users are urged to update immediately to secure their accounts.

Cloudflare accuses Perplexity AI of ignoring robots.txt files and impersonating a browser to evade detection, and has removed it from its list of verified bots.

OpenAI adds new "take a break" reminders to ChatGPT and is refining responses to high-stakes decisions, aiming to combat misinformation and promote healthier AI usage.

A critical SQL injection flaw (CVE-2025-54119, CVSS 10.0) in ADOdb’s SQLite3 driver allows arbitrary SQL execution via improperly escaped table names.

Amazon is reorganizing its audio division, integrating Wondery's narrative content into Audible and creating a new "Creator Services" team for celebrity-led podcasts.

Broadcom has shipped Jericho4, a new 3nm Ethernet router designed for distributed AI. It connects over a million XPUs across data centers with lossless, secure 3.2 Tbps HyperPorts.

Meta is reportedly in talks to acquire AI video startup Pika Labs, a move that would accelerate its push into generative AI and short-form video creation for its platforms.

Elon Musk's xAI has filed a trademark for “MacroHard,” a provocative jab at Microsoft. The move hints at a new multi-agent AI venture and reignites a simmering rivalry with Bill Gates.