Chinese state-backed threat actors target Taiwan’s semiconductor sector with Colbalt Strike and custom backdoors.

Chinese state-backed threat actors target Taiwan’s semiconductor sector with Colbalt Strike and custom backdoors.

Recent months have seen a significant escalation in cyber espionage campaigns targeting Taiwan’s vital semiconductor industry, attributed to Chinese state-backed threat actors. These sophisticated operations, reported from March through June 2025 and potentially ongoing, are believed to be aimed at acquiring proprietary technology, disrupting business operations, and gathering sector intelligence. The uptick in attacks aligns with China’s strategic drive for semiconductor self-sufficiency amid increasingly restrictive export controls imposed by the United States and its allies.
A sophisticated cyberattack campaign is actively exploiting a vulnerability in the Apache HTTP Server to deploy a cryptocurrency mining malware known as “Linuxsys.”

A sophisticated cyberattack campaign is actively exploiting a vulnerability in the Apache HTTP Server to deploy a cryptocurrency mining malware known as “Linuxsys.”

A sophisticated cyberattack campaign is actively exploiting a vulnerability in the Apache HTTP Server to deploy a cryptocurrency mining malware known as “Linuxsys.” Leveraging the CVE-2021-41773 flaw, attackers are compromising servers and covertly mining cryptocurrency, highlighting the risks posed by unpatched open-source software.
OpenAI, Anthropic, Meta, and Google researchers issue a joint warning about the potential loss of a critical AI safety feature that could cause AI to hide its true intentions and deliberately deceive.

OpenAI, Anthropic, Meta, and Google researchers issue a joint warning about the potential loss of a critical AI safety feature that could cause AI to hide its true intentions and deliberately deceive.

A united front of over 40 researchers from the world’s leading artificial intelligence organizations—OpenAI, Anthropic, Meta, and Google DeepMind—has issued a rare joint statement addressing urgent risks in the future of AI safety. These experts, typically rivals in the AI arms race, have sounded the alarm over the potential loss of a critical safety feature: the ability to monitor AI systems' inner reasoning, or "chain-of-thought."
A cybersecurity researcher has discovered a significant security lapse involving sensitive adoption records.

A cybersecurity researcher has discovered a significant security lapse involving sensitive adoption records.

Cybersecurity researcher Jeremiah Fowler has discovered a significant security lapse involving sensitive adoption records. Fowler identified an unprotected, publicly accessible database belonging to a prominent U.S. adoption agency. The database, left online without password protection or encryption, presented a major privacy risk to thousands of individuals involved in adoption cases.
GhostContainer targets Microsoft Exchange servers of high-value targets across Asia.

GhostContainer targets Microsoft Exchange servers of high-value targets across Asia.

A newly identified threat, known as GhostContainer, has emerged as a significant cybersecurity risk, targeting Microsoft Exchange servers belonging to high-value organizations across Asia. Discovered by security researchers in mid-2025, GhostContainer demonstrates sophisticated techniques designed to evade detection, persist within victim environments, and facilitate long-term data compromise—raising serious concerns for governmental and high-tech sectors in the region.
Computer hacker holding up cash

Empirical Security secures $12 million in seed funding for the development of an AI-driven vulnerability management system.

Empirical Security, an emerging innovator in cybersecurity, has secured $12 million in seed funding to accelerate its development of artificial intelligence-driven vulnerability management solutions. The round was led by Costanoa Ventures, with additional support from DNX Ventures, Sixty Degree Capital, and a host of prominent industry figures—including the founder of Intrigue (acquired by Google/Mandiant), creators of the Verizon Data Breach Investigations Report, and former executives from Qualys and Google.
Oracle releases 309 patches for nearly 200 distinct vulnerabilities in July 2025 Critical Patch Update (CPU).

Oracle releases 309 patches for nearly 200 distinct vulnerabilities in July 2025 Critical Patch Update (CPU).

Oracle has issued its July 2025 Critical Patch Update (CPU) on time, providing important security improvements for customers globally and raising the issue of when disclosure might become a source of embarrassment. This latest quarterly update addresses nearly 200 distinct vulnerabilities, with a total of 309 individual security patches spanning an extensive array of Oracle products.