ASUS recently disclosed a critical security vulnerability affecting routers that have AiCloud enabled, potentially allowing remote attackers to perform unauthorized execution functions on vulnerable devices.

The vulnerability is being tracked as CVE-2025-2492 and was given a CVSS score of 9.2 on a 10.0 scale, making it classified as critical.

According to ASUS researchers, the "improper authentication control vulnerability," which only exists in certain ASUS router firmware series, can be triggered by a "crafted request" on behalf of the attackers.

For the third time in as many months, Apple has released an emergency patch to fix an already exploited zero-day vulnerability impacting a wide range of its products.

The new vulnerability, identified as CVE-2025-24201, exists in Apple's WebKit open source browser engine for rendering Web pages in Safari and other apps across macOS, iOS, and iPadOS. WebKit is a frequent target for attackers because of how deeply integrated it is with Apple's ecosystem.

The Hellcat ransomware group has stolen roughly 5,000 documents, potentially containing confidential information, from the telecom giant's internal database.

A Chinese threat actor infiltrated several IT and security companies in a bring-your-own VS code, with an eye to carrying out a supply-chain-based espionage attack.

A local government resource for helping Japanese citizens cut ties with organized crime was successfully phished in a tech support scam, and could have dangerous consequences.

The last known cyberattack waged against Iranian infrastructure took place last December with blame placed on Israel and the US.

CryptoChameleon attackers trade quantity for quality, dedicating time and resources to trick even the most diligent into handing over their high-value credentials.

RansomHub, which is speculated to have some connection to ALPHV, has stolen 4TB of sensitive data from the beleaguered healthcare company.

Like Spectre, the new exploit could give attackers a way to access sensitive information from system memory, and take other malicious actions.

France, the UK, the US, and others will work on a framework for the responsible use of tools like NSO Group's Pegasus, and Shadowserver Foundation gains £1 million investment.

SolarWinds' access controls contain five high and three critical-severity security vulnerabilities that need to be patched yesterday.

While Intel is still investigating the incident, the security industry is bracing itself for years of potential firmware insecurity if the keys indeed were exposed.

The potential leak from MSI Gaming of signing keys for an important security feature in Intel-based firmware could cast a shadow on firmware security for years to come and leave devices that use the keys highly vulnerable to cyberattacks, security experts say.

Researchers warn that polymorphic malware created with ChatGPT and other LLMs will force a reinvention of security automation.

Google's Android and Chrome Vulnerability Reward Programs (VRPs) in particular saw hundreds of valid reports and payouts for security vulnerabilities discovered by ethical hackers.

VirusTotal can be used to collect large amounts of credentials without infecting an organization or buying them online, researchers found.

Researcher shares how he unearthed newer bugs in Apple's operating system by closer scrutiny of previous research, including vulnerabilities that came out of the Pwn2Own competition.