The U.S. for years has struggled to provide rapid cybersecurity support to international allies before, during and after cyberattacks. The Biden administration created a cyber aid program that includes a rapid-response fund, but upgrading the entire foreign-aid bureaucracy to match the speed of cyber incidents has been a challenge. The Trump administration’s pause in foreign assistance, which affected multiple […]
A critical security vulnerability in ChatGPT has been discovered that allows attackers to embed malicious SVG (Scalable Vector Graphics) and image files directly into shared conversations, potentially exposing users to sophisticated phishing attacks and harmful content. The flaw, recently documented as CVE-2025-43714, affects the ChatGPT system through March 30, 2025. Security researchers identified that instead […]
A new wave of cyber attacks against British companies is a “critical national security threat”, an analyst has told Sky News. It follows the exposure of a previously unknown vulnerability in software used by hundreds of companies. But unlike the recent attacks against M&S, Co-op and Harrods, the latest incident was not ransomware but rather […]
The Spanish government is gathering information on the cybersecurity measures of the country’s small electricity generating companies to assess whether malicious actors exploited them to take down the country’s electricity grid, according to Financial Times. The Spanish government has yet to determine the specific causes of the blackout that left the country without power for […]
A moderate-severity vulnerability in VMware Tools could allow attackers with limited privileges to manipulate files and trigger insecure operations within virtual machines. The vulnerability, tracked as CVE-2025-22247, affects both Windows and Linux versions of VMware Tools 11.x.x and 12.x.x, with macOS versions confirmed to be unaffected. Since there are currently no workarounds and exploitation might compromise the […]
The Russia-linked threat actor known as COLDRIVER has been observed distributing a new malware called LOSTKEYS as part of an espionage-focused campaign using ClickFix-like social engineering lures. “LOSTKEYS is capable of stealing files from a hard-coded list of extensions and directories, along with sending system information and running processes to the attacker,” the Google Threat Intelligence Group (GTIG) said. The […]
The recent wave of cyber-attacks on UK retailers should serve as a “wake-up call” for businesses across the country, a senior government minister has warned. Chancellor of the Duchy of Lancaster Pat McFadden said that the recent incidents impacting household names like Marks & Spencer (M&S), the Co-op and Harrods, demonstrated that cybersecurity is not a luxury but an […]
The senior information security executive at JPMorgan Chase is urging the software industry to prioritize secure development practices over speed to market, warning that increasing supply-chain disruptions are weakening the global economic system. Patrick Opet, global CISO at JPMorgan Chase, warned in an open letter on Friday that global companies are dependent on interconnected technologies and warned […]
It’s now been more than a week of chaos for Marks and Spencer (M&S), one of the UK’s biggest brands, following what – it is now obvious – is a significant cyber attack. It has cost it millions of pounds in lost sales and a lower share price. M&S has not said what or who […]
COMMENTARY: Over the past year, cyber operations by foreign adversaries, including the People’s Republic of China (PRC), have moved away from traditional espionage and data theft to developing strategic plans that could infiltrate and cripple critical U.S. infrastructure. Moreover, the strategic exploitation of vulnerabilities by foreign adversaries at critical U.S. infrastructure locations could be remotely […]