Arch Linux users urged to Firefox browser packages after discovery of malware in the Arch User Repository.

Arch Linux users urged to Firefox browser packages after discovery of malware in the Arch User Repository.

Arch Linux users have been urged to delete several community-maintained Firefox-based browser packages following the discovery of malware in the Arch User Repository (AUR). Security researchers and Arch maintainers identified multiple packages that were distributing a Remote Access Trojan (RAT), prompting swift action to mitigate the threat.
France says they have arrested the administrator of XSS.is, one of the longest-running Russian cybercrime forums on the dark web.

France says they have arrested the administrator of XSS.is, one of the longest-running Russian cybercrime forums on the dark web.

French authorities have confirmed the arrest of a suspected administrator of XSS.is, one of the longest-running Russian-language cybercrime forums on the dark web. The arrest was carried out in Ukraine on July 22, 2025, through a coordinated international operation involving French law enforcement, Ukrainian authorities, and Europol.
CISA adds four known exploited vulnerabilities to the KEV catalog.

CISA adds four known exploited vulnerabilities to the KEV catalog.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added four additional security vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, following evidence of active exploitation in the wild. The inclusion of these vulnerabilities underscores the urgent need for all organizations—particularly federal agencies—to assess exposure and apply necessary mitigations or patches.
New Coyote banking trojan becomes first known instance of a threat actor weaponizing Windows accessibility features.

New Coyote banking trojan becomes first known instance of a threat actor weaponizing Windows accessibility features.

A new strain of the banking trojan known as Coyote is making headlines for exploiting a little-watched but powerful feature within the Windows operating system. Cybersecurity researchers have discovered that this malware is leveraging Microsoft’s UI Automation (UIA) framework, a tool originally designed to assist users with disabilities, to covertly harvest sensitive information and user credentials.
UK sanctions Russia military units, the GRU, and 18 operatives for malicious cyber activity, espionage, and attempted assassinations.

UK sanctions Russia military units, the GRU, and 18 operatives for malicious cyber activity, espionage, and attempted assassinations.

The United Kingdom has announced a new round of sanctions targeting three units of Russia’s military intelligence agency, the GRU, along with 18 of their operatives, in response to a pattern of malicious cyber activity, espionage, and attempted assassinations directed at the UK, Ukraine, and other European allies.
Aruba Instant On Wi-Fi access points have hardcoded administrative credentials embedded in the device firmware.

Aruba Instant On Wi-Fi access points have hardcoded administrative credentials embedded in the device firmware.

Hewlett Packard Enterprise (HPE) has disclosed a critical vulnerability affecting its Aruba Instant On Wi-Fi access points, potentially exposing countless business and home networks to unauthorized access. The flaw, tracked as CVE-2025-37103, stems from hardcoded administrative credentials embedded in device firmware versions up to 3.2.0.1. If exploited, the issue allows attackers to bypass authentication and gain full access to the device’s management interface.
GLOBAL GROUP gains attention for use of AI chatbots to apply psychological pressure during ransomware negotiations.

GLOBAL GROUP gains attention for use of AI chatbots to apply psychological pressure during ransomware negotiations.

A newly emerged ransomware-as-a-service (RaaS) operation, known as GLOBAL GROUP, is gaining attention in the cybersecurity community for its use of artificial intelligence to automate victim negotiations. The group’s deployment of AI chatbots represents a significant evolution in ransomware operations, increasing both scalability and psychological pressure on targeted organizations.