A critical flaw in Windows Imaging Component
ESET researchers examined CVE‑2025‑50165, a serious Windows vulnerability described to grant remote code execution by merely opening a specially crafted JPG file – one of…
Latest Cybersecurity News — Page 726
View all →
Threat Actors Weaponizing Nezha Monitoring Tool as Remote Access Trojan
Researchers at Ontinue’s Cyber Defense Center have uncovered a significant threat as attackers exploit Nezha, a legitimate open-source server monitoring tool, for post-exploitation access. The…
Cloud security is stuck in slow motion
Cloud environments are moving faster than the systems meant to protect them. A new Palo Alto Networks study shows security teams struggling to keep up…
Critical n8n Flaw (CVSS 9.9) Enables Arbitrary Code Execution Across Thousands of Instances
Dec 23, 2025Ravie LakshmananVulnerability / Workflow Automation A critical security vulnerability has been disclosed in the n8n workflow automation platform that, if successfully exploited, could…
CISA Adds Digiever Authorization Vulnerability to KEV List Following Active Exploitation
A critical vulnerability affecting Digiever DS-2105 Pro network video recorders was added to the Known Exploited Vulnerabilities (KEV) catalog on December 22, 2025, following evidence…
Weak enforcement keeps PCI DSS compliance low
Payment card breaches continue to surface across industries, even after years of investment in security standards. A new study links this pattern to enforcement, showing…
FCC Bans Foreign-Made Drones and Key Parts Over U.S. National Security Risks
Dec 23, 2025Ravie LakshmananCybersecurity / Surveillance The U.S. Federal Communications Commission (FCC) on Monday announced a ban on all drones and critical components made in…
Kuaishou Cyberattack Sends Shares To One-Month Low
Chinese short-video platform Kuaishou Technology saw its shares fall sharply after the company confirmed a cyberattack that briefly disrupted its livestreaming services, exposed users to…
Spotify Music Library With 86M Music Files Scraped by Hacktivist Group
The shadow library known as Anna’s Archive has executed a massive scrape of Spotify, releasing a torrent collection containing approximately 86 million audio tracks and…
Formal proofs expose long standing cracks in DNSSEC
DNSSEC is meant to stop attackers from tampering with DNS answers. It signs records so resolvers can verify that data is authentic and unchanged. Many…
La Poste Cyberattack Disrupts Postal Services Across France
The La Poste cyberattack disrupted France’s national postal service just days before Christmas, temporarily knocking key websites and mobile applications offline and slowing parcel deliveries…
AI code looks fine until the review starts
Software teams have spent the past year sorting through a rising volume of pull requests generated with help from AI coding tools. New research puts…