Risk
-
NIST proposes AI security overlays built on SP 800-53, invites public feedback
NIST published a concept paper proposing a framework of AI security overlays built on SP 800-53 and opened a public call for input, detailing use cases like generative, predictive, and agentic AI while inviting feedback through COSAIS channels.
-
Colt Technology Services says cyber incident disrupted customer portal and Voice API; no evidence of data breach reported
Colt Technology Services disclosed a cyber incident that disrupted its customer portal and internal systems, with no confirmed evidence of data breach. The company has engaged cyber experts and is restoring services, while updating customers via its status page. Separately, a ransomware group claimed to have stolen Colt documents, a claim awaiting verification.
-
Norway says pro-Russian hackers sabotaged Bremanger dam to demonstrate capabilities
Norwegian authorities accuse pro-Russian hackers of taking control of Bremanger dam’s operations and opening outflow valves in what officials describe as a demonstration of Moscow’s ability to disrupt critical infrastructure, prompting warnings about hybrid threats.
-
Unicode homoglyph phishing campaign uses Japanese character to spoof Booking.com, delivering MSI malware
Security researchers warn of a phishing campaign that uses the Japanese character ん to visually imitate Booking.com in order to redirect users to a lookalike domain and deliver MSI malware; a separate Lntuit/Intuit-themed campaign is also observed, underscoring the evolving use of homoglyphs in brand impersonation and malware delivery.
-
Canada’s House of Commons Investigates Data Breach Tied to Reported Microsoft Vulnerability Exploitation
Canada’s House of Commons is investigating a data breach after a cyberattack reportedly exposed employee information. The Cyber Centre is assisting, and authorities caution that attribution remains complex. The incident comes as Canada and other nations grapple with recently disclosed Microsoft vulnerabilities, including CVE-2025-53770 (ToolShell) and CVE-2025-53786, which have seen active exploitation by various threat…
-
PhantomCard Android Trojan Uses NFC Relay to Enable Fraudulent Banking Transactions in Brazil
Authorities warn of PhantomCard, a new Android trojan that uses NFC relay technology to siphon card data and complete fraudulent banking transactions in Brazil. Distributed via fake card-protection apps on phishing pages, the threat is linked to a broader ecosystem of NFC fraud tools and a network of threat actors, underscoring rising global risk to…
-
Italy hotel data breach: AGID confirms theft claims affecting up to 10 establishments, investigation opened
Italy’s digital agency AGID says claims by a cybercriminal about data thefts targeting hotel booking systems are credible, with ten hotels affected and thousands of guest identity documents potentially stolen. The case prompted a formal investigation by the national data protection authority, which also warned of scams targeting victims.
-
CISA Adds Two N-able N-central Vulnerabilities to KEV; MSP Patch Push Underway
U.S. authorities added two vulnerabilities in N-able N-central to the Known Exploited Vulnerabilities catalog, while noting no public exploitation has been reported. The flaws—CVE-2025-8875 (insecure deserialization) and CVE-2025-8876 (command injection)—require authentication and have been patched in N-central versions 2025.3.1 and 2024.6 HF2, with upgrades urged for on-premises deployments.
-
Croatian Research Institute Confirms Ransomware Attack via ToolShell Vulnerabilities
The Ruđer Bošković Institute in Croatia confirmed it was among thousands of institutions hit by ransomware exploiting SharePoint ToolShell vulnerabilities, encryption of administrative data, a pledge not to pay ransom, and ongoing forensic investigations.
-
Zoom and Xerox patch critical Windows and FreeFlow Core flaws that could enable privilege escalation and remote code execution
Zoom and Xerox released patches for critical vulnerabilities in Zoom Clients for Windows and FreeFlow Core, including a high-severity privilege-escalation flaw (CVE-2025-49457) in Windows Zoom clients and two severe flaws in FreeFlow Core (CVE-2025-8355 and CVE-2025-8356) that could enable remote code execution, prompting enterprise patches and risk-mitigation guidance.
