ZEST Security’s Cloud Risk Exposure Impact Report Reveals 62% of Incidents are Related to Risks Known to the Organization

CERT Polska, the Polish computer emergency response team, revealed that coordinated cyber attacks targeted more than 30 wind and photovoltaic farms, a private company from the manufacturing sector, and a large combined heat and power plant (CHP) supplying heat to almost half a million customers in the country. The incident took place on December 29,…

In the fourth of our five-part series, Sophos X-Ops explores threat actors’ real-world criminal business interests

Cybersecurity researchers have warned of a malicious campaign targeting users of the Python Package Index (PyPI) repository with bogus libraries masquerading as “time” related utilities, but harboring hidden functionality to steal sensitive data such as cloud access tokens. Software supply chain security firm ReversingLabs said it discovered two sets of packages totaling 20 of them….

Microsoft on Tuesday announced that it’s extending Windows 10 Extended Security Updates (ESU) for an extra year by letting users either pay a small fee of $30 or by sync their PC settings to the cloud. The development comes ahead of the tech giant’s upcoming October 14, 2025, deadline, when it plans to officially end…

The Homeland Justice APT tried spying on countries and organizations from six continents, using more than 100 hijacked email accounts.

ASUS has disclosed a critical security flaw impacting routers with AiCloud enabled that could permit remote attackers to perform unauthorized execution of functions on susceptible devices. The vulnerability, tracked as CVE-2025-2492, has a CVSS score of 9.2 out of a maximum of 10.0. “An improper authentication control vulnerability exists in certain ASUS router firmware series,”