The U.S. government has issued urgent warnings for iPhone and Android users to update their devices immediately due to active attacks exploiting multiple vulnerabilities, including WebKit and Chromium flaws, driven by commercial spyware. Deadlines for federal agencies to update are set between December 23 and January 5, emphasizing the critical need for all users to apply updates to prevent exploitation.
Executions in the U.S. nearly doubled in 2025, with Florida conducting a record number of executions, driven by political support and federal policies, despite declining public support for the death penalty overall.
A researcher exploited vulnerabilities in Kindle e-readers to hijack Amazon accounts via malicious ebooks, highlighting security risks associated with side-loading books from third-party sources. Amazon has fixed these critical flaws following disclosure, emphasizing the importance of device security and cautious downloading practices.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a mandatory update warning for Android devices due to two critical vulnerabilities that could allow remote denial of service attacks. Google and Samsung have confirmed fixes, with a deadline of December 23 for federal users and a recommended update for all others. The vulnerabilities, particularly affecting Samsung devices, involve remote memory access issues, emphasizing the need for timely updates to mitigate risks.
Google's December 2025 Android Security Bulletin reveals numerous severe vulnerabilities affecting Android 13 and later, including critical flaws in the Android Framework and system level, which will be addressed in device-specific updates starting December 5, 2025. Users are advised to update their devices to stay protected.
Microsoft's November 2025 Patch Tuesday addresses 63 vulnerabilities across its ecosystem, including one zero-day actively exploited in the wild, emphasizing the urgent need for immediate patch deployment to mitigate risks from critical flaws in Windows, Office, Azure, and other products.
Apple released iOS 26.1 and iPadOS 26.1, which include about 50 security updates addressing various vulnerabilities such as privilege escalation, privacy issues, and system stability bugs. Users are encouraged to update their devices to enhance security and fix critical bugs.
AI browsers like ChatGPT Atlas and Edge's Copilot Mode are transforming web navigation but pose significant cybersecurity risks, including vulnerabilities that could lead to data leaks, malicious code injection, and malware deployment, as researchers warn that these issues are just beginning to surface.
The U.S. CISA added five security flaws to its KEV catalog, including a weaponized Oracle E-Business Suite vulnerability (CVE-2025-61884) and other critical bugs in Microsoft, Kentico, and Apple, with some actively exploited in the wild. Agencies must remediate these vulnerabilities by November 10, 2025.
Over 266,000 F5 BIG-IP instances are exposed online following a breach where hackers stole source code and vulnerabilities, prompting F5 to release patches for 44 flaws and urging immediate updates. The attack, linked privately to China, involved sophisticated malware and targeted government and corporate networks, with U.S. authorities mandating urgent security measures for federal agencies.
A nation-state threat actor compromised F5's networks, stealing source code and undisclosed vulnerabilities, which could enable future exploits. F5 has identified several critical vulnerabilities and recommends immediate patching and security measures to mitigate potential risks. The attack highlights the importance of robust cybersecurity practices for organizations using F5 products.
Originally Published 2 months ago — by CISA (.gov)
CISA has issued an emergency directive requiring federal agencies to inventory, update, and disconnect vulnerable F5 BIG-IP devices due to a nation-state cyber threat that compromised F5's source code and could enable exploitation, data exfiltration, and network compromise.
AI has been used to design toxic proteins, revealing biosecurity vulnerabilities that require ongoing vigilance to prevent potential threats, despite recent efforts to patch some weaknesses.
CISA has revealed that threat actors exploited two vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM) to deploy malware, with evidence suggesting a China-linked espionage group was involved. The malware was delivered via segmented HTTP requests, allowing attackers to execute remote commands, exfiltrate data, and establish persistence. Ivanti addressed the vulnerabilities in May, but attacks had already occurred, prompting recommendations for immediate patching and heightened security measures.
A new study warns that AI agents, which perform tasks on computers, can be manipulated through specially altered images like wallpapers or social media posts, potentially allowing hackers to control or damage devices. While no real-world attacks have been reported yet, the research highlights the importance of developing safeguards as AI technology becomes more widespread, especially for open-source models that are more vulnerable to such manipulations.
