Financial software provider Marquis Software Solutions is warning that it suffered a data breach that impacted dozens of banks and credit unions across the US. Marquis Software Solutions provides data analytics, CRM tools, compliance reporting, and digital...

Attackers are exploiting a critical-severity privilege escalation vulnerability (CVE-2025–8489) in the King Addons for Elementor plugin for WordPress, which lets them obtain administrative permissions during the registration process. The threat activity started...

Japanese e-tailer Askul has resumed online sales, 45 days after a ransomware attack. Askul operates several e-commerce brands serving both consumers and business buyers, plus logistics services used by other consumer brands including Muji. Its own site serves...

India’s Civil Aviation Minister has revealed that local authorities have detected GPS spoofing and jamming at eight major airports. In an written answer presented to India’s parliament, Minister Ram Mohan Naidu Kinjarapu said his department is aware of “recent”...

The Korean National Police have arrested four individuals suspected of hacking over 120,000 IP cameras across the country and then selling stolen footage to a foreign adult site. Although the suspects or the websites haven’t been named, the police are already...

The Federal Trade Commission (FTC) is proposing that education technology provider Illuminate Education to delete unnecessary student data and improve its security to settle allegations related to an incident in 2021 that exposed info of 10 million students....

Two high-severity Android bugs were exploited as zero-days before Google issued a fix, according to its December Android security bulletin.  The two vulnerabilities are CVE-2025-48633, an information-disclosure flaw in Android's framework component, and...

ESET researchers have identified new MuddyWater activity primarily targeting organizations in Israel, with one confirmed target in Egypt. MuddyWater, also referred to as Mango Sandstorm or TA450, is an Iran-aligned cyberespionage group known for its persistent...

India’s government has issued a directive that requires all smartphone manufacturers to install a government app on every handset in the country and has given them 90 days to get the job done – and to ensure users can’t remove the code. The app is called...

The Glassworm campaign, which first emerged on the OpenVSX and Microsoft Visual Studio marketplaces in October, is now in its third wave, with 24 new packages added on the two platforms. OpenVSX and the Microsoft Visual Studio Marketplace are both extension...