A 25-year-old former GCHQ intern has been sentenced to seven-and-a-half years’ imprisonment for illegally transferring classified national security data to his personal devices and possessing indecent images of children.
Hasaan Arshad, a computer science student from Rochdale, pleaded guilty to violations of the Computer...
The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical zero-click vulnerability in Apple's iOS to its Known Exploited Vulnerabilities (KEV) catalog, following evidence that the flaw has been actively exploited by sophisticated spyware campaigns targeting journalists across Europe.
CISA has designated CVE-2025-43200 as...
Apache Tomcat, the widely used open-source Java servlet container, disclosed four security vulnerabilities on June 16, 2025, including two high-severity denial-of-service (DoS) vulnerabilities and a moderate-risk authentication bypass issue.
The vulnerabilities affect all major Tomcat branches (versions 9.x, 10.x, and 11.x), potentially exposing millions...
A critical vulnerability in Langflow to deliver the Flodrix botnet malware. The vulnerability, tracked as CVE-2025-3248 with a CVSS score of 9.8, affects Langflow versions prior to 1.3.0 and allows unauthenticated remote code execution on vulnerable servers.
The vulnerability, tracked as CVE-2025-3248 with a...
A critical remote code execution vulnerability affecting Zyxel Internet Key Exchange (IKE) packet decoders.
GreyNoise Intelligence has observed a concentrated burst of exploitation attempts targeting CVE-2023-28771.
The security firm detected 244 unique IP addresses attempting to exploit the vulnerability over UDP port 500 on...
The Washington Post has confirmed that cybercriminals successfully infiltrated email accounts belonging to select journalists in what security experts are characterizing as a sophisticated targeted attack.
The breach, discovered last Thursday, prompted immediate security protocols and a comprehensive system-wide credential reset affecting all newspaper...