Cyber Security Badge

CyberNetSec.io

Daily Cybersecurity Threat Briefings

Home Publications

Security Advisories & Threat Intelligence

Real-time cybersecurity alerts, vulnerability advisories, and threat analysis

Filter by Category

Showing 1 - 10 of 136 articles
1 / 14
Per page:

Google Issues Emergency Patch for Critical Chrome RCE Flaw Found by AI

CRITICAL

Google Patches Critical Remote Code Execution Vulnerability (CVE-2025-12036) in Chrome's V8 Engine

Google has released an emergency security update for the Chrome browser, addressing a critical remote code execution (RCE) vulnerability in its V8 JavaScript engine. The flaw, tracked as CVE-2025-12036, was discovered by Google's internal AI-driven research project, 'Big Sleep.' Successful exploitation could allow an attacker to execute arbitrary code on a user's system by tricking them into visiting a malicious website. The patch has been rolled out for Windows, macOS, and Linux users, who are urged to update their browsers immediately to mitigate the high-severity threat.

Oct 25, 2025
4 min read
Vulnerability
Patch Management
Google ChromeV8RCECVE-2025-12036Vulnerability +2 more
Google Issues Emergency Patch for Critical Chrome RCE Flaw Found by AI

Nation-State and Financial Cybercrime Blur as Industrial Sector Becomes Top Target

HIGH

Trellix Report: Nation-State Espionage and Financial Cybercrime Converge, with Industrial Sector as Primary Target

A new report from Trellix reveals a significant convergence between the tactics of nation-state actors and financially motivated cybercriminals, with both increasingly leveraging AI-powered tools. The industrial sector has emerged as the most targeted industry, accounting for over 36% of attacks analyzed between April and September 2025. The research highlights the dominance of PowerShell as a key attack tool, used in nearly 78% of ransomware campaigns. The United States remains the most targeted nation, and the ransomware landscape is highly fragmented, with the top five groups accounting for less than 40% of all incidents.

Oct 25, 2025
5 min read
Threat Intelligence
Threat Actor
Industrial Control Systems
Threat IntelligenceTrellixAPTCybercrimeIndustrial Sector +2 more
Nation-State and Financial Cybercrime Blur as Industrial Sector Becomes Top Target

India Enacts New Telecom Cybersecurity Rules for IMEI and Mobile Number Validation

INFORMATIONAL

India Implements Telecommunications (Telecom Cyber Security) Amendment Rules, 2025

India's Ministry of Communications has enacted new cybersecurity regulations for its telecommunications sector, effective October 22, 2025. The 'Telecommunications (Telecom Cyber Security) Amendment Rules, 2025' introduce two key measures: the establishment of a centralized Mobile Number Validation (MNV) platform to secure digital communications, and stricter controls on International Mobile Equipment Identity (IMEI) numbers. The new IMEI rules prohibit the assignment of already-used IMEIs to new devices and mandate that sellers and buyers of used devices verify the IMEI against a national database to combat theft and tampering.

Oct 25, 2025
4 min read
Regulatory
Policy and Compliance
Mobile Security
IndiaRegulationPolicyCybersecurityIMEI +1 more
India Enacts New Telecom Cybersecurity Rules for IMEI and Mobile Number Validation

UN Convention Against Cybercrime Signed in Hanoi Amid Global Endorsement and Controversy

INFORMATIONAL

Nearly 100 Nations Sign UN Convention against Cybercrime in Hanoi

In a landmark event in Hanoi, Vietnam, representatives from nearly 100 UN member states have signed the United Nations Convention against Cybercrime. Adopted by the UN General Assembly in December 2024, this treaty, also known as the Hanoi Convention, establishes the first global legal framework for international cooperation in combating a wide array of online crimes, including fraud, child exploitation, and money laundering. While hailed as a milestone by the UN Secretary-General, the event drew criticism from rights groups over the choice of Vietnam as the host, and a major tech industry group, the Cybersecurity Tech Accord, declined to attend.

Oct 25, 2025
4 min read
Policy and Compliance
Regulatory
United NationsCybercrimePolicyLawInternational Cooperation +1 more
UN Convention Against Cybercrime Signed in Hanoi Amid Global Endorsement and Controversy

EU Accuses Meta and TikTok of Breaching Digital Services Act Transparency Rules

INFORMATIONAL

European Commission Finds Meta and TikTok in Preliminary Breach of Digital Services Act (DSA)

The European Commission has issued preliminary findings that Meta's platforms (Facebook and Instagram) and TikTok have breached their obligations under the Digital Services Act (DSA). The Commission alleges the companies failed to provide adequate access to public data for researchers, hindering independent scrutiny of their platforms. Furthermore, Meta is accused of using 'dark patterns' and creating a burdensome process for users to report illegal content. These are initial findings, and both companies will have the opportunity to respond and propose remedies before any final decision or penalties are imposed.

Oct 25, 2025
4 min read
Regulatory
Policy and Compliance
EUDigital Services ActDSAMetaTikTok +3 more
EU Accuses Meta and TikTok of Breaching Digital Services Act Transparency Rules

Ransomware Attacks on Critical Industries Skyrocket by 34%, KELA Reports

HIGH

KELA Report Finds Ransomware Attacks on Critical Infrastructure Surged 34% in 2025, with U.S. as Top Target

A new report from cyber intelligence firm KELA reveals a staggering 34% year-over-year increase in ransomware attacks targeting critical industries between January and September 2025. These vital sectors, including manufacturing, healthcare, and energy, accounted for half of all 4,701 recorded global incidents. The United States was the most heavily targeted nation. The report also highlights the consolidation of the ransomware ecosystem, with just five groups—Qilin, Clop, Akira, Play, and SafePay—responsible for nearly a quarter of all attacks.

Updated: Oct 25, 2025
5 min read
Ransomware
Threat Intelligence
Cyberattack
RansomwareKELACriticalInfrastructureQilinClop +2 more
Ransomware Attacks on Critical Industries Skyrocket by 34%, KELA Reports

Patch Now: Microsoft Fixes 170+ Flaws, Including Four Actively Exploited Zero-Days

CRITICAL

Microsoft's October 2025 Patch Tuesday Addresses Over 170 Vulnerabilities, Including Four Zero-Days Under Active Exploitation

Microsoft has released its October 2025 Patch Tuesday update, a massive release fixing over 170 security vulnerabilities across its product ecosystem. The update is critical for all users, as it contains patches for four zero-day vulnerabilities that are being actively exploited in the wild. Two of these flaws, CVE-2025-24990 and CVE-2025-59230, allow for local privilege escalation to Administrator or SYSTEM rights. CISA has added the exploited vulnerabilities to its KEV catalog, mandating urgent patching for federal agencies.

Updated: Oct 25, 2025
5 min read
Patch Management
Vulnerability
Patch TuesdayMicrosoftZero-DayVulnerabilityCVE-2025-24990 +5 more
Patch Now: Microsoft Fixes 170+ Flaws, Including Four Actively Exploited Zero-Days

UK Gov & NCSC Issue Urgent Warning to FTSE 350 Boards on Cyber Resilience

INFORMATIONAL

NCSC and UK Government Urge FTSE 350 to Make Cyber Resilience a Board-Level Priority Amid 50% Rise in Major Incidents

The UK's National Cyber Security Centre (NCSC) and government ministers have sent a formal letter to the leaders of all FTSE 350 companies, demanding that cyber resilience be treated as a top board-level priority. The call to action follows the NCSC's latest annual review, which revealed a 50% increase in significant cyber incidents. The letter outlines three practical steps: adopt the government's Cyber Governance Code, enroll in the NCSC's Early Warning service, and mandate Cyber Essentials certification throughout supply chains.

Updated: Oct 24, 2025
5 min read
Policy and Compliance
Regulatory
Security Operations
NCSCUKcyber resiliencegovernanceboard responsibility +2 more
UK Gov & NCSC Issue Urgent Warning to FTSE 350 Boards on Cyber Resilience

Google Patches 6th Actively Exploited Chrome Zero-Day of 2025

CRITICAL

Google Patches Actively Exploited Chrome V8 Zero-Day (CVE-2025-10585)

Google has issued an emergency security update for its Chrome web browser to address CVE-2025-10585, a high-severity type confusion vulnerability in the V8 JavaScript engine. This marks the sixth time in 2025 that Google has patched a Chrome zero-day vulnerability that was being actively exploited in the wild. The flaw could allow an attacker to achieve arbitrary code execution on a victim's machine by tricking them into visiting a malicious website. All users of Chrome and other Chromium-based browsers are urged to update immediately.

Oct 24, 2025
5 min read
Vulnerability
Patch Management
ChromeZero-DayV8 EngineRCEBrowser Security +1 more
Google Patches 6th Actively Exploited Chrome Zero-Day of 2025

Agenda Ransomware Evolves, Hits Critical Infrastructure

HIGH

Agenda (Qilin) Ransomware Abuses Legitimate Tools in Attacks on Critical Infrastructure

The Agenda ransomware group, also known as Qilin, is escalating its attacks by targeting critical infrastructure sectors with evolved tactics. According to research from Trend Micro, the ransomware-as-a-service (RaaS) operation is using a cross-platform approach, abusing legitimate remote management tools and deploying Linux-based ransomware on Windows hosts to evade security. The group also employs Bring Your Own Vulnerable Driver (BYOVD) attacks to neutralize endpoint defenses and steals backup credentials to hinder recovery, primarily targeting high-value organizations in the U.S., Canada, and the U.K.

Oct 24, 2025
5 min read
Ransomware
Threat Actor
Industrial Control Systems
Agenda RansomwareQilinRaaSBYOVDCritical Infrastructure
Agenda Ransomware Evolves, Hits Critical Infrastructure
Showing 1 - 10 of 136 articles
1 / 14