News from the economy, politics and the financial markets
In this section of our news section we provide you with editorial content from leading publishers.
TRENDING
Latest news
Record 29.7 Tbps DDoS Attack Linked to AISURU Botnet with up to 4 Million Infected Hosts
Cloudflare on Wednesday said it detected and mitigated the largest ever distributed denial-of-service (DDoS) attack that measured at 29.7 terabits per second (Tbps).
The activity, the web infrastructure and security company said, originated from a DDoS botnet-for-hire known as AISURU, which has been linked to a number of hyper-volumetric DDoS attacks over the past year. The attack lasted for 69
Critical RSC Bugs in React and Next.js Allow Unauthenticated Remote Code Execution
A maximum-severity security flaw has been disclosed in React Server Components (RSC) that, if successfully exploited, could result in remote code execution.
The vulnerability, tracked as CVE-2025-55182, carries a CVSS score of 10.0.
It allows "unauthenticated remote code execution by exploiting a flaw in how React decodes payloads sent to React Server Function endpoints," the React Team said in
Microsoft Silently Patches Windows LNK Flaw After Years of Active Exploitation
Microsoft has silently plugged a security flaw that has been exploited by several threat actors since 2017 as part of the company's November 2025 Patch Tuesday updates, according to ACROS Security's 0patch.
The vulnerability in question is CVE-2025-9491 (CVSS score: 7.8/7.0), which has been described as a Windows Shortcut (LNK) file UI misinterpretation vulnerability that could lead to remote
WordPress King Addons Flaw Under Active Attack Lets Hackers Make Admin Accounts
A critical security flaw impacting a WordPress plugin known as King Addons for Elementor has come under active exploitation in the wild.
The vulnerability, CVE-2025-8489 (CVSS score: 9.8), is a case of privilege escalation that allows unauthenticated attackers to grant themselves administrative privileges by simply specifying the administrator user role during registration.
It affects versions
Brazil Hit by Banking Trojan Spread via WhatsApp Worm and RelayNFC NFC Relay Fraud
The threat actor known as Water Saci is actively evolving its tactics, switching to a sophisticated, highly layered infection chain that uses HTML Application (HTA) files and PDFs to propagate via WhatsApp a worm that deploys a banking trojan in attacks targeting users in Brazil.
The latest wave is characterized by the attackers shifting from PowerShell to a Python-based variant that spreads the
Discover the AI Tools Fueling the Next Cybercrime Wave — Watch the Webinar
Remember when phishing emails were easy to spot? Bad grammar, weird formatting, and requests from a "Prince" in a distant country?
Those days are over.
Today, a 16-year-old with zero coding skills and a $200 allowance can launch a campaign that rivals state-sponsored hackers. They don't need to be smart; they just need to subscribe to the right AI tool.
We are witnessing the industrialization of
Chopping AI Down to Size: Turning Disruptive Technology into a Strategic Advantage
Most people know the story of Paul Bunyan. A giant lumberjack, a trusted axe, and a challenge from a machine that promised to outpace him. Paul doubled down on his old way of working, swung harder, and still lost by a quarter inch. His mistake was not losing the contest. His mistake was assuming that effort alone could outmatch a new kind of tool.
Security professionals are facing a similar
Picklescan Bugs Allow Malicious PyTorch Models to Evade Scans and Execute Code
Three critical security flaws have been disclosed in an open-source utility called Picklescan that could allow malicious actors to execute arbitrary code by loading untrusted PyTorch models, effectively bypassing the tool's protections.
Picklescan, developed and maintained by Matthieu Maitre (@mmaitre314), is a security scanner that's designed to parse Python pickle files and detect suspicious
Malicious Rust Crate Delivers OS-Specific Malware to Web3 Developer Systems
Cybersecurity researchers have discovered a malicious Rust package that's capable of targeting Windows, macOS, and Linux systems, and features malicious functionality to stealthily execute on developer machines by masquerading as an Ethereum Virtual Machine (EVM) unit helper tool.
The Rust crate, named "evm-units," was uploaded to crates.io in mid-April 2025 by a user named "ablerust,"
India Orders Messaging Apps to Work Only With Active SIM Cards to Prevent Fraud and Misuse
India's Department of Telecommunications (DoT) has issued directions to app-based communication service providers to ensure that the platforms cannot be used without an active SIM card linked to the user's mobile number.
To that end, messaging apps like WhatsApp, Telegram, Snapchat, Arattai, Sharechat, Josh, JioChat, and Signal that use an Indian mobile number for uniquely identifying their
Researchers Capture Lazarus APT's Remote-Worker Scheme Live on Camera
A joint investigation led by Mauro Eldritch, founder of BCA LTD, conducted together with threat-intel initiative NorthScan and ANY.RUN, a solution for interactive malware analysis and threat intelligence, has uncovered one of North Korea’s most persistent infiltration schemes: a network of remote IT workers tied to Lazarus Group’s Famous Chollima division.
For the first time, researchers managed
GlassWorm Returns with 24 Malicious Extensions Impersonating Popular Developer Tools
The supply chain campaign known as GlassWorm has once again reared its head, infiltrating both Microsoft Visual Studio Marketplace and Open VSX with 24 extensions impersonating popular developer tools and frameworks like Flutter, React, Tailwind, Vim, and Vue.
GlassWorm was first documented in October 2025, detailing its use of the Solana blockchain for command-and-control (C2) and harvest npm,
Malicious npm Package Uses Hidden Prompt and Script to Evade AI Security Tools
Cybersecurity researchers have disclosed details of an npm package that attempts to influence artificial intelligence (AI)-driven security scanners.
The package in question is eslint-plugin-unicorn-ts-2, which masquerades as a TypeScript extension of the popular ESLint plugin. It was uploaded to the registry by a user named "hamburgerisland" in February 2024. The package has been downloaded
Iran-Linked Hackers Hits Israeli Sectors with New MuddyViper Backdoor in Targeted Attacks
Israeli entities spanning academia, engineering, local government, manufacturing, technology, transportation, and utilities sectors have emerged as the target of a new set of attacks undertaken by Iranian nation-state actors that have delivered a previously undocumented backdoor called MuddyViper.
The activity has been attributed by ESET to a hacking group known as MuddyWater (aka Mango
SecAlerts Cuts Through the Noise with a Smarter, Faster Way to Track Vulnerabilities
Vulnerability management is a core component of every cybersecurity strategy. However, businesses often use thousands of software without realising it (when was the last time you checked?), and keeping track of all the vulnerability alerts, notifications, and updates can be a burden on resources and often leads to missed vulnerabilities.
Taking into account that nearly 10% of
Google Patches 107 Android Flaws, Including Two Framework Bugs Exploited in the Wild
Google on Monday released monthly security updates for the Android operating system, including two vulnerabilities that it said have been exploited in the wild.
The patch addresses a total of 107 security flaws spanning different components, including Framework, System, Kernel, as well as those from Arm, Imagination Technologies, MediaTek, Qualcomm, and Unison.
The two high-severity shortcomings
India Orders Phone Makers to Pre-Install Sanchar Saathi App to Tackle Telecom Fraud
India's telecommunications ministry has reportedly asked major mobile device manufacturers to preload a government-backed cybersecurity app named Sanchar Saathi on all new phones within 90 days.
According to a report from Reuters, the app cannot be deleted or disabled from users' devices.
Sanchar Saathi, available on the web and via mobile apps for Android and iOS, allows users to report
ShadyPanda Turns Popular Browser Extensions with 4.3 Million Installs Into Spyware
A threat actor known as ShadyPanda has been linked to a seven-year-long browser extension campaign that has amassed over 4.3 million installations over time.
Five of these extensions started off as legitimate programs before malicious changes were introduced in mid-2024, according to a report from Koi Security, attracting 300,000 installs. These extensions have since been taken down.
"These
⚡ Weekly Recap: Hot CVEs, npm Worm Returns, Firefox RCE, M365 Email Raid & More
Hackers aren’t kicking down the door anymore. They just use the same tools we use every day — code packages, cloud accounts, email, chat, phones, and “trusted” partners — and turn them against us.
One bad download can leak your keys. One weak vendor can expose many customers at once. One guest invite, one link on a phone, one bug in a common tool, and suddenly your mail, chats, repos, and
Webinar: The "Agentic" Trojan Horse: Why the New AI Browsers War is a Nightmare for Security Teams
The AI browser wars are coming to a desktop near you, and you need to start worrying about their security challenges.
For the last two decades, whether you used Chrome, Edge, or Firefox, the fundamental paradigm remained the same: a passive window through which a human user viewed and interacted with the internet.
That era is over. We are currently witnessing a shift that renders the old
Showing 41 to 60 of 588 entries
