A significant data breach at Dublin and Cork Airports has potentially exposed millions of passengers' travel information. The breach is linked to a third-party supplier, Collins Aerospace, and has raised concerns about the security of sensitive data in the aviation sector.

The rise of AI-powered ransomware marks a significant shift in the cybersecurity landscape, with 80% of ransomware attacks now utilizing artificial intelligence. This new category of ransomware not only encrypts files but also learns and adapts to maximize damage, posing unprecedented challenges for organizations worldwide.

OpenAI's new AI web browser, ChatGPT Atlas, has been found to be vulnerable to clipboard injection attacks. This vulnerability could allow malicious actors to manipulate the user's clipboard, potentially leading to security breaches.

Microsoft has released an emergency security patch for a critical vulnerability in Windows Server Update Services (WSUS) that is being actively exploited. The vulnerability, tracked as CVE-2025-59287, allows remote code execution and carries a severity score of 9.8 out of 10.

Microsoft has released an out-of-band security update for a critical vulnerability in Windows Server Update Services (WSUS), tracked as CVE-2025-59287. This flaw allows remote code execution by unauthenticated threat actors, and a new patch is necessary to fully mitigate the issue as the initial patch was incomplete.

The UK government has introduced new anti-ransomware guidance aimed at addressing supply chain vulnerabilities that have led to significant cyber incidents. Developed in collaboration with Singapore, the guidance outlines practical steps for organizations to enhance their supply chain security and prevent exploitation by cyber criminals.

Researchers have identified a new wave of cybersecurity attacks against European drone makers by the Lazarus Group, a North Korean government-affiliated threat actor. This campaign, part of 'Operation DreamJob,' uses social engineering tactics to exfiltrate proprietary information.

Toys “R” Us Canada has confirmed a data breach where customer records were leaked by threat actors. The company is notifying affected customers and has upgraded its security measures following the incident.

Mimecast's latest report reveals a staggering 500% increase in AI-driven phishing and ClickFix schemes as cybercriminals exploit trusted services to bypass email security. The report highlights that phishing now accounts for 77% of all attacks, marking a significant evolution in attacker behavior.

Hackers gained unauthorized access to the personal data of hundreds of racing drivers, including F1 champion Max Verstappen, due to a security flaw in the FIA's driver categorization portal. The FIA has since taken immediate steps to secure the data and reported the incident to data protection authorities.

Security flaws in Microsoft's Azure ecosystem enable cybercriminals to create deceptive applications that imitate official services like the Azure Portal. Varonis discovered that attackers can bypass safeguards using invisible Unicode characters, leading to potential phishing attacks.

Cybersecurity experts have raised concerns about OpenAI's new browser, ChatGPT Atlas, which may be susceptible to attacks that could compromise user data. The browser's features, including 'browser memories' and 'agent mode,' could potentially be exploited through prompt injection attacks, leading to unauthorized access to sensitive information.

A critical path traversal vulnerability in Smithery.ai has exposed over 3,000 hosted AI servers and compromised thousands of API keys. The flaw, stemming from a configuration bug, allows attackers to access sensitive files and execute arbitrary code on the servers.

A serious vulnerability, dubbed TARmageddon (CVE-2025-62518), has been discovered in the async-tar Rust library and its forks, including tokio-tar. This critical flaw could allow attackers to execute arbitrary code through file overwriting attacks, posing significant risks to Rust-based applications.

During the second day of the Pwn2Own Ireland 2025 hacking competition, researchers exploited 56 unique zero-day vulnerabilities, earning $792,750 in cash. Notable exploits included a chain of five security flaws in the Samsung Galaxy S25 and multiple vulnerabilities in various NAS devices and printers.

A vulnerability tracked as CVE-2025-6515 in the Oat++ MCP implementation allows threat actors with HTTP server access to hijack AI agent sessions. This flaw can lead to accelerated session creation and destruction, enabling attackers to exploit session IDs for malicious purposes.

Cybercriminals are exploiting Microsoft 365's Direct Send feature to bypass security filters and conduct phishing campaigns. This legitimate feature, designed for enterprise convenience, has become a vector for business email compromise attacks, prompting security researchers to raise alarms.

Cybercriminals are evolving their email phishing tactics, utilizing legacy methods combined with advanced techniques to evade security measures. New strategies include the use of QR codes, password-protected attachments, and multi-stage verification chains to compromise victims.

A newly uncovered attack campaign, dubbed Jingle Thief, is targeting global retailers' gift card systems using phishing and smishing techniques. The attackers, believed to be based in Morocco, operate entirely in cloud environments without deploying traditional malware.

Researchers at Koi Security have identified a new cyber threat named GlassWorm that spreads through infected Visual Studio Code extensions. Utilizing invisible Unicode characters, this worm evades detection and employs the Solana blockchain for command-and-control operations.