Security Bulletin

Hackread reports that cybersecurity firm CloudSEK has contested Oracle's categorical rejection of an alleged breach of its Oracle Cloud single sign-on endpoint that purportedly resulted in the compromise of six million records.

Nearly 43% of cloud environments could be compromised in unauthenticated remote code execution attacks stemming from the exploitation of five critical security flaws impacting the Ingress NGINX Controller for Kubernetes, collectively dubbed as...

Authorization potentially bypassed with critical Next.js bug Attacks leveraging a recently patched critical security flaw in open-source JavaScript framework Next.js, tracked as CVE-2025-29927, could facilitate middleware authorization evasion and...

MacOS and Linux systems have been targeted by the newest samples of the Albabat ransomware, also known as White Bat, which was initially reported to have targeted Windows systems upon its emergence in 2023 before targeting Linux in January 2024...

Raspberry Robin breaks into organizations and sells access to Russian threat actors, including the military cyber unit behind attempted coups, assassinations, and influence operations throughout Europe.

Security experts worry the company's Chapter 11 status and aim to sell its assets could allow threat actors to exploit and misuse the genetic information it collected.

U.S.-based carriers blocked from using China-based services and equipment.

Exposing MFA’s weaknesses in an era of advanced threats.

Upgrading the organization's Windows 10 systems to Windows 11 could potentially introduce vulnerabilities into the environment through misconfigured hardware.

New agentic AI capabilities in Microsoft Security Copilot will allow agents to triage threats and provide recommendations.

The group, called FishMonger or Aquatic Panda, is working under contract for the Chinese government to steal data from governmental organizations, Catholic charities, NGOs, think tanks, and more.