Firmware and driver flaws continue to expose kernel and physical-memory abuse paths
Several low-level vulnerabilities showed how drivers and firmware can grant attackers dangerous kernel capabilities. CERT published a Pegatron tdeio64.sys issue that allowed arbitr
AI-generated malware and botnets are moving from concept to production
Researchers reported multiple malware and botnet projects that show signs of LLM assistance, including TuxBot v3 Evolution and AI-generated PowerShell reconnaissance code. TuxBot w
The Russian cyber ecosystem faces escalating sanctions and enforcement actions
The U.S., UK, and EU widened sanctions and enforcement actions against Russian-linked cybercriminals, bulletproof hosting operators, and state-aligned actors. Officials said these
A wave of product vulnerabilities hits security vendors and enterprise software
Numerous vendors disclosed severe flaws across the security and enterprise software stack, including Zoom, FortiSandbox, FreeRDP, NGINX, SAP, Adobe, Siemens, Schneider Electric, an
Google and Microsoft are tightening identity and OAuth telemetry after stealthy account attacks
Attackers have started abusing OAuth client ID behavior in Microsoft Entra ID to enumerate accounts and evade normal sign-in logging. Proofpoint showed that spoofed client IDs can
RedHook, LabubaRAT, and other mobile malware families widen Android abuse
Several mobile malware reports this week showed attackers expanding their Android tradecraft. RedHook was observed using Wireless ADB to gain shell access without a computer connec
U-Boot and old Secure Boot shims expose a long-lived firmware trust problem
Researchers disclosed six vulnerabilities in U-Boot and separately showed that 11 Microsoft-signed UEFI shim bootloaders can still undermine Secure Boot. These boot-chain problems
Lidl and EY both disclosed third-party support and service-provider data breaches
Lidl notified customers in Germany, Belgium, and the Netherlands that a breach at an external IT service provider exposed customer data stored in a separate file. The retailer said
Google and Microsoft move decisively toward passkeys and stronger sign-in defaults
Microsoft announced major changes to Entra ID that make passkeys the default authentication experience in the public cloud, with SMS and voice gradually being phased down. The comp
A rash of CMS and Joomla flaws is being actively exploited for webshell and file-upload attacks
Australia's Signals Directorate warned that attackers are mounting a broad campaign against content management systems, including WordPress and Joomla, by exploiting known fla

