Security Bulletin

Major UK multinational food and clothing retailer Marks & Spencer had its contactless payment and online click-and-collect services taken down following a recent cyberattack, Computer Weekly reports.

BleepingComputer reports that attacks involving a critical stack-based overflow zero-day vulnerability impacting Qualitia's web-based email client Active! mail, tracked as CVE-2025-42599, have been launched against major Japanese organizations.

Official XRP Ledger library infected to facilitate crypto theft Widely used XRP Ledger Foundation-maintained npm JavaScript library xrpl.js which Ripple recommended for the XRP blockchain has been compromised with malicious code enabling the...

Docker environments have been subjected to a novel cryptojacking malware campaign that facilitated cryptomining by establishing a link to the Web3 service teneo.pro, which allows social media data monetization, Infosecurity Magazine reports.

Enterprises face several challenges to secure access to AI models and chatbots. Cisco Secure Access extends the security perimeter to address these challenges.

Critics — which include the US embassy in Zambia — contend the just-signed Cyber Security Act and the Cyber Crime Act allow suppression of dissent and too much concentration of power.

The cybersecurity landscape confounded expectations in 2024, as anticipated threats and risk didn't materialize and less widely touted attack scenarios shot up.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

In the last week I ran into some issues that I hadn't anticipated:

Understanding how multiple AI models speak to each other and deciding which framework to use requires careful evaluation of both the business benefits of advanced AI orchestration and the cybersecurity implications of connecting automated services.