A significant data breach at Dublin and Cork Airports has potentially exposed millions of passengers' travel information. The breach is linked to a third-party supplier, Collins Aerospace, and has raised concerns about the security of sensitive data in the aviation sector.

Microsoft has released urgent updates to address the critical WSUS RCE vulnerability CVE-2025-59287, which is currently under active exploitation. The flaw allows unauthorized attackers to execute code over a network, necessitating immediate patching for affected Windows Server versions.

A sophisticated text message phishing campaign, attributed to the Smishing Triad, is targeting users globally, affecting over 121 countries. The operation utilizes advanced social engineering tactics and operates through a Phishing-as-a-Service ecosystem.

CISA has issued an urgent alert regarding a critical flaw in Motex Lanscope Endpoint Manager, tracked as CVE-2025-61932. This vulnerability, rated 9.8 on the CVSS scale, allows attackers to bypass authentication mechanisms, leading to potential unauthorized access and data compromise.

Microsoft has released an out-of-band security update for a critical vulnerability in Windows Server Update Services (WSUS), tracked as CVE-2025-59287. This flaw allows remote code execution by unauthenticated threat actors, and a new patch is necessary to fully mitigate the issue as the initial patch was incomplete.

Salt Typhoon, a China-linked APT group, is leveraging zero-day exploits and DLL sideloading techniques to conduct sophisticated cyber espionage campaigns against critical infrastructure worldwide. Recent activities include targeting telecommunications and energy sectors, demonstrating advanced capabilities to compromise lawful intercept systems.

Hackers gained unauthorized access to the personal data of hundreds of racing drivers, including F1 champion Max Verstappen, due to a security flaw in the FIA's driver categorization portal. The FIA has since taken immediate steps to secure the data and reported the incident to data protection authorities.

Atlassian has disclosed a critical path traversal vulnerability in Jira Software Data Center and Server, allowing authenticated attackers to write files to any path accessible by the JVM. The flaw, tracked as CVE-2025-22167, affects versions from 9.12.0 through 11.0.1 and poses significant risks if unpatched.

Security flaws in Microsoft's Azure ecosystem enable cybercriminals to create deceptive applications that imitate official services like the Azure Portal. Varonis discovered that attackers can bypass safeguards using invisible Unicode characters, leading to potential phishing attacks.

Over 250 attacks have been reported in just 24 hours targeting Adobe Commerce and Magento due to a critical flaw tracked as CVE-2025-54236. This vulnerability allows for customer account takeovers via the REST API, with only 38% of stores currently patched.

Researchers have uncovered a large-scale phishing operation known as Smishing Triad, which utilizes text messages to deceive victims. The campaign involves thousands of malicious actors and has registered approximately 195,000 domains since January 2024, primarily targeting sensitive personal information.

A critical path traversal vulnerability in Smithery.ai has exposed over 3,000 hosted AI servers and compromised thousands of API keys. The flaw, stemming from a configuration bug, allows attackers to access sensitive files and execute arbitrary code on the servers.

A serious vulnerability, dubbed TARmageddon (CVE-2025-62518), has been discovered in the async-tar Rust library and its forks, including tokio-tar. This critical flaw could allow attackers to execute arbitrary code through file overwriting attacks, posing significant risks to Rust-based applications.

As AI becomes integral to various sectors, the need for robust governance frameworks is critical. California's SB 53 is a pioneering step towards regulating AI, but organizations must proactively implement oversight and accountability measures to manage risks effectively.

During the second day of the Pwn2Own Ireland 2025 hacking competition, researchers exploited 56 unique zero-day vulnerabilities, earning $792,750 in cash. Notable exploits included a chain of five security flaws in the Samsung Galaxy S25 and multiple vulnerabilities in various NAS devices and printers.

A vulnerability tracked as CVE-2025-6515 in the Oat++ MCP implementation allows threat actors with HTTP server access to hijack AI agent sessions. This flaw can lead to accelerated session creation and destruction, enabling attackers to exploit session IDs for malicious purposes.

A phishing campaign is impersonating well-known brands like KFC, Red Bull, and Ferrari to compromise Facebook login details. Malicious emails lead targets to a fake job posting site where they are prompted to enter their credentials.

CISA has flagged a critical vulnerability in the Windows SMB client that is actively being exploited, allowing attackers to gain elevated privileges on affected systems. Organizations are urged to patch immediately to prevent potential compromises.

The latest version of Vidar Stealer, known as Vidar 2.0, employs advanced memory injection techniques to bypass browser encryption and steal login credentials. This update marks a significant evolution in its capabilities, allowing it to efficiently extract sensitive information from multiple browsers.

Amazon's recent AWS outage has highlighted significant vulnerabilities in the automotive manufacturing sector's reliance on cloud infrastructure. The incident, which lasted 15 hours, raised urgent questions about digital resilience and the potential economic impact on production systems that depend heavily on cloud services.