Two former US executives pleaded guilty to concealing a years-long tech support fraud scheme that victimized individuals worldwide, with Americans losing at least $2.1 billion to such scams in 2025.
NIST has announced it will only enrich CVE records that meet specific priority criteria, abandoning its longstanding goal of processing every submitted vulnerability as submission volumes grow exponentially.
Overwhelmed by a growing flood of vulnerabilities, NIST has announced it will limit in-depth CVE analysis to those in CISA's known exploited vulnerabilities catalog, federal government software, and critical software under Executive Order 14028.
More than 30 WordPress plugins in the EssentialPlugin package were secretly backdoored in August 2025 following an acquisition, with the malicious code recently activated to generate spam pages, redirects, and fake content.
A newly identified malware family called AgingFly is being deployed against Ukrainian local governments, hospitals, and Defense Forces personnel, stealing credentials from Chromium browsers and WhatsApp. Ukraine's CERT team attributed the campaign to threat cluster UAC-0247.
A critical unauthenticated vulnerability in Nginx UI's Model Context Protocol endpoint is being actively exploited in the wild, enabling attackers to fully take over web servers without credentials. Over 2,600 publicly exposed instances remain potentially vulnerable.
A 16-year-old boy was arrested in Portadown, County Armagh, on suspicion of Computer Misuse Act offenses after an attack took the C2K educational platform offline, affecting up to 300,000 pupils and 20,000 teachers.
CISA has added CVE-2025-60710, a Windows Task Host privilege escalation vulnerability patched by Microsoft in November 2025, to its actively exploited vulnerabilities catalog, giving federal agencies two weeks to patch.
Microsoft has confirmed that installing the April 2026 KB5082063 security update can push certain Windows Server 2025 machines into BitLocker recovery mode on first reboot, affecting systems with specific Group Policy configurations.
Siemens, Schneider Electric, Aveva, Rockwell Automation, ABB, Phoenix Contact, Mitsubishi Electric, and Moxa have all published new ICS security advisories, addressing vulnerabilities ranging from critical Wi-Fi flaws to privilege escalation and denial-of-service issues.