- U.S. CISA adds a flaw in Gogs to its Known Exploited Vulnerabilities catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw impacting Gogs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Gogs path traversal vulnerability, tracked as CVE-2025-8110 (CVSS Score of 8.7), to its Known Exploited Vulnerabilities (KEV) catalog. Gogs (Go Git Service) is a lightweight, open-source, self-hosted Git service written
- Meta fixes Instagram password reset flaw, denies data breach
Meta fixed an Instagram password reset flaw that let third parties send reset emails, while denying a data breach despite leak claims. Meta confirmed fixing an Instagram password reset vulnerability that allowed third parties to trigger reset emails, while denying any breach despite claims of leaked user data. “We fixed an issue that let an
- Europol and Spanish Police arrest 34 in crackdown on Black Axe criminal network
Europol announced the arrest of 34 suspected Black Axe members in Spain during a joint operation with Spanish and European law enforcement. Europol announced the arrest of 34 suspects in Spain linked to the Black Axe criminal network, following a joint operation by Spanish police, Bavarian authorities, and Europol, with most arrests in Seville. “The
- Credential-harvesting attacks by APT28 hit Turkish, European, and Central Asian organizations
Russia-linked cyberespionage group APT28 targets energy, nuclear, and policy staff in Turkey, Europe, North Macedonia, and Uzbekistan with credential-harvesting attacks. Between February and September 2025, Recorded Future’s Insikt Group observed Russia-linked group APT28 (aka UAC-0001, Fancy Bear, Pawn Storm, Sofacy Group, Sednit, BlueDelta, and STRONTIUM) running credential-harvesting campaigns. Targets included Turkish energy and nuclear agency staff, European think tank personnel, and organizations
- The ideals of Aaron Swartz in an age of control
Today marks Aaron Swartz ’s death anniversary. His fight for open knowledge and digital rights continues as the forces he opposed grow stronger. Today marks the anniversary of the death of Aaron Swartz (Chicago, November 8, 1986 – New York, January 11, 2013), a figure whose life, work, and ideals continue to shape the internet,
- SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 79
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter VVS Discord Stealer Using Pyarmor for Obfuscation and Detection Evasion A Broken System Fueling Botnets Malicious NPM Packages Deliver NodeCordRAT Boto-Cor-de-Rosa campaign reveals Astaroth WhatsApp-based worm activity in Brazil CNCERT: Risk Warning Regarding
- Student Loan Breach Exposes 2.5M Records
2.5 million people were affected, in a breach that could spell more trouble down the line.
- Watering Hole Attacks Push ScanBox Keylogger
Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.
- Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.
- Ransomware Attacks are on the Rise
Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group.
- Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.
- Twitter Whistleblower Complaint: The TL;DR Version
Twitter is blasted for security and privacy lapses by the company’s former head of security who alleges the social media giant’s actions amount to a national security risk.
Français 
English