CISA issues a 9.8 severity alert for WHILL wheelchairs! CVE-2025-14346 lets attackers hijack controls via Bluetooth. Update your firmware now.

Kaspersky unmasks HoneyMyte's 2025 campaign, using the ProjectConfiguration.sys kernel rootkit to deploy ToneShell backdoors with elite stealth.

Apache NuttX patches a moderate Use After Free (CVE-2025-48769) and a DoS flaw in its filesystem. Network-exposed devices must upgrade to v12.11.0.

RondoDox botnet exploits the critical React2Shell flaw (CVE-2025-55182) to infect vulnerable Next.js servers with malware and cryptominers.

Trust Wallet linked a second Shai-Hulud supply-chain attack to its Chrome extension hack, which resulted in the theft of about $8.5M in crypto

Cardano users alert: A fake "Eternl Desktop" app uses LogMeIn Resolve to grant hackers remote control. Verify all downloads via official channels!

RustFS patches a critical 9.8 CVSS flaw (CVE-2025-68926) where a hardcoded gRPC token allows unauthenticated attackers to wipe storage data.

GNU Wget2 flaws (CVE-2025-69194 & 69195) allow attackers to overwrite files and crash systems via malicious downloads. Update your tools immediately!

Wall Street braces for a $3 trillion spectacle in 2026 as SpaceX, OpenAI, and Anthropic reportedly prepare for the largest IPO wave in tech history.

Facing a severe sales chill, Apple has slashed Vision Pro production and shifted focus to a cheaper model. Is the spatial computing dream in danger?

Samsung is ditching chip-stacking for a Side-by-Side layout to end Exynos overheating. Will this radical 2nm design finally kill the "Exynos Curse"?

China cybersecurity law takes effect in 2026, enforcing one-hour incident reporting, tougher penalties, AI governance rules, and compliance risks.

A new cyberattack disrupted La Poste and La Banque Postale online services. Denial-of-service attacks by NoName057 temporarily blocked access.

The Cyber Express rounds up the cybersecurity stories for this week, including, China’s new cybersecurity law, TikTok disinformation and more.

Researchers uncovered a phishing campaign abusing Google Cloud Application Integration to send emails posing as legitimate Google messages.

The story you are reading is a series of scoops nestled inside a far more urgent Internet-wide security advisory. The vulnerability at issue has been exploited for months already, and it's time for a broader awareness of the threat. The…

Covenant Health suffered a ransomware attack by the Qilin group in May 2025, compromising data of over 478,000 individuals.

The three Iranians had only just been added to the list in 2024, but a U.S. official said they had separated themselves from the company.

MediaTek's Dimensity 7100 debuts with a powerful 4+4 CPU layout and native 45W fast charging, targeting a smoother 5G experience for 2026 mid-range phones.

OpenAI is prepping "Gumdrop," an AI-integrated pen designed by Jony Ive. Launching in 2027, it promises zero-latency, "audio-first" companion intelligence.

Two U.S. cybersecurity professionals pleaded guilty to charges tied to their roles in BlackCat/Alphv ransomware attacks.