News
-
UK’s NCSC pilots Proactive Notifications to warn organisations of exposed devices
The UK’s National Cyber Security Centre has begun piloting Proactive Notifications, a Netcraft-delivered service that scans public internet data to warn organisations about exposed devices and recommend updates; it complements the NCSC’s Early Warning alerts but is not a replacement and has no announced end to the pilot phase.
-
U.S. to release six-part national cybersecurity strategy in January, sources say
Sources say the Trump administration plans to release a five-page, six-pillar national cybersecurity strategy in January, emphasizing deterrence, workforce, procurement, infrastructure and emerging technologies; an executive order and exact timing remain unconfirmed.
-
Cloudflare mitigates 29.7 Tbps DDoS attack linked to AISURU botnet
Cloudflare said it mitigated a 29.7 Tbps DDoS attack linked to the AISURU botnet; the UDP “carpet-bombing” assault lasted 69 seconds, the target was not disclosed, and the company flagged a rise in large, sophisticated attacks in 2025.
-
Leroy Merlin notifies French customers after data breach
Leroy Merlin has notified customers in France that personal data including names, contact details, postal addresses, dates of birth and loyalty information were exposed in a cyberattack; the company said banking data and passwords were not affected and that it has taken steps to contain the incident.
-
Freedom Mobile discloses breach after subcontractor account used to access customer data
Freedom Mobile said attackers used a subcontractor’s account to access its customer account management platform, exposing names, addresses, dates of birth, phone numbers and account numbers; the company detected the breach on October 23 and has not disclosed the number of affected customers.
-
Critical React Server Components flaw (React2shell) allows unauthenticated remote code execution; Next.js also affected
A critical deserialization flaw in React Server Components, tracked as CVE-2025-55182 and nicknamed React2shell, can allow unauthenticated remote code execution; related Next.js App Router releases are covered by CVE-2025-66478. Patches are available and vendors and security firms advise applying fixes and using WAFs or access restrictions.
-
Critical privilege-escalation flaw in King Addons plugin under active exploitation
A high-severity privilege-escalation vulnerability (CVE-2025-8489, CVSS 9.8) in the King Addons for Elementor WordPress plugin is being actively exploited; administrators should update to version 51.1.35, audit for suspicious admin users, and monitor for unusual activity.
-
Water Saci campaign in Brazil uses WhatsApp worm, HTA and Python to deliver banking trojan; RelayNFC Android malware also active
Researchers say the Water Saci group has adopted a layered HTA/PDF/WhatsApp Web worm and a Python-based propagation script to deliver an AutoIt-backed banking trojan in Brazil, while a separate RelayNFC Android threat targets contactless payments.
-
University of Phoenix discloses data breach after Oracle E-Business Suite exploit
The University of Phoenix disclosed a data breach after attackers exploited a zero-day flaw in Oracle E-Business Suite, saying personal and financial records for students, staff and suppliers were accessed; the parent company filed an 8-K and affected individuals will be notified by mail.
-
India orders messaging apps to require active SIM and periodic web re‑authentication
India’s telecom regulator has ordered messaging apps to bind accounts to an active SIM and force six‑hour web session logouts, citing risks from long‑lived sessions and cross‑border fraud; providers have 90 days to comply.
