Cybersecurity News Bytes

Summary: Threat actors have been exploiting a recently disclosed vulnerability, CVE-2025-21042, to deliver advanced malware hidden in image files targeted at users in the Middle East. This campaign demonstrates a…

PROMPTFLUX: Malware Uses Advanced AI to Mutate Code Hourly Google security researchers have identified a novel malware campaign dubbed PROMPTFLUX, which leverages Gemini-based generative AI to rewrite and obfuscate its…

Rogue Ransomware Negotiators Charged in Major Crackdown Recent law enforcement action resulted in the charges brought against several rogue ransomware negotiators who allegedly acted on behalf of cybercrime victims but…

Hackers Exploit Unpatched Rounding Bug to Drain Balancer Again In early November 2025, Balancer, a popular decentralized finance (DeFi) protocol, suffered another significant loss after threat actors exploited a subtle…

A sophisticated cyberattack has recently targeted the Congressional Budget Office (CBO), resulting in potential exposure of sensitive government data. The breach raises critical concerns regarding vulnerabilities in federal digital infrastructure,…

Washington Post Data Breach Tied to Oracle Vulnerabilities The Washington Post has publicly confirmed that it was among multiple high-profile victims of a hacking campaign exploiting vulnerabilities in Oracle's suite…

CVE-2025-12058: Arbitrary File Loading and SSRF Exploitation Threat A new vulnerability, CVE-2025-12058, has surfaced, allowing attackers to perform arbitrary file loading and Server Side Request Forgery (SSRF) attacks. The flaw…

Congressional Budget Office Hacked: National Policy Implications and Technical Analysis The Congressional Budget Office (CBO) experienced a significant cyber breach, reportedly carried out by a foreign threat actor. This attack…

A critical vulnerability (CVE-2025-12058) affecting widely used web platforms enables attackers to load arbitrary files and conduct Server-Side Request Forgery (SSRF) attacks, posing significant risks to exposed organizations. The exploitation…

Critical Out-of-Bounds Write Vulnerability in WebGPU (CVE-2025-12725) Enables Remote Code Execution A newly disclosed out-of-bounds write flaw in WebGPU, tracked as CVE-2025-12725, allows remote attackers to execute arbitrary code on…