Covenant Health suffered a ransomware attack by the Qilin group in May 2025, compromising data of over 478,000 individuals.

The three Iranians had only just been added to the list in 2024, but a U.S. official said they had separated themselves from the company.

MediaTek's Dimensity 7100 debuts with a powerful 4+4 CPU layout and native 45W fast charging, targeting a smoother 5G experience for 2026 mid-range phones.

OpenAI is prepping "Gumdrop," an AI-integrated pen designed by Jony Ive. Launching in 2027, it promises zero-latency, "audio-first" companion intelligence.

Two U.S. cybersecurity professionals pleaded guilty to charges tied to their roles in BlackCat/Alphv ransomware attacks.

GreyNoise observed thousands of attacks targeting about a dozen Adobe ColdFusion vulnerabilities during the Christmas 2025 holiday.

France will probe AI-generated sexual deepfakes made with Grok after hundreds of women and teens reported “undressed” images shared online

Trump ordered the divestment of a $2.9M chip deal, citing U.S. national security risks if HieFo retained control of Emcore’s technology.

A new round of weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs in your email box

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape

In light of the tragic events that occurred in Venezuela, what is happening to the Internet in the country, and how are users accessing it?

QNAP patches high-severity flaws (CVSS 8.1) in Qfiling and MARS that allow data theft and code injection. Secure your NAS by updating to the latest versions!

PrestaShop patches a 9.1 critical flaw (CVE-2025-61922) in the Checkout module. Attackers can hijack accounts via email. PoC available.

Koi Security unmasks DarkSpectre, a Chinese threat group that used 300+ browser extensions to spy on 8.8M users and steal corporate meeting data.

Eaton warns of critical 8.6 severity flaws in UPS Companion software (CVE-2025-59887 & 59888). Upgrade to v3.0 now to prevent hijacking!

Researcher Anurag uncovers a WordPress phishing campaign that steals credit cards and 3-D Secure OTPs, exfiltrating data directly via Telegram bots.

CYFIRMA unmasks APT36's latest campaign: a fake JLPT exam lure using fileless LNK malware to evade antivirus and spy on Indian government targets.

JD Cloud alerts users to CVE-2025-66848, a 9.8 critical flaw allowing remote attackers to bypass auth and gain root access on NAS routers.

Unit 42 unmasks VVS Stealer, a Python-based threat using Pyarmor obfuscation to bypass AV, hijack Discord sessions, and steal browser credentials.

Threat actor uses React2Shell to deploy Sliver C2 on FortiWeb devices, using a Bangladesh Airforce decoy to target govt and financial sectors.

CVE-2026-21440: A critical 9.2 flaw in AdonisJS file uploads allows attackers to overwrite system files and gain RCE. Update to v10.1.2 immediately!