A serious security vulnerability has recently been uncovered in the underlying technology powering most of the world’s web browsers, placing over four billion devices at risk of a data leak. The flaw was discovered by autonomous security specialist AISLE, which rated the issue as Medium severity (4.3). Despite its rating, the scale of exposure was enormous, as it affected all major browsers built on the Chromium code base—including Google Chrome, Microsoft Edge, Brave, and Opera.

A severe security flaw in the King Addons for Elementor WordPress plugin has come under active exploitation, putting thousands of websites at risk.

The regulatory landscape is evolving faster and becoming more complex, with new requirements covering more domains. On average, the financial industry spends $181B on compliance each year. Learn how to transform regulatory compliance from a check-the-box exercise to an innovation enabler in this ebook from RegTech Analyst and AuditBoard.

A new Android malware family called Albiriox is being sold under a malware-as-a-service model, offering extensive capabilities for on-device fraud, real-time device control, and screen manipulation. It targets more than 400 financial and cryptocurrency apps and spreads through dropper apps delivered via social engineering and obfuscation techniques.

OpenAI has disclosed a data breach stemming from Mixpanel, a third-party analytics provider used to track API dashboard activity. The incident did not involve unauthorized access to OpenAI’s own systems; instead, an attacker compromised Mixpanel and exported metadata linked to API users. No passwords, API keys, chat data, or payment information were exposed.

Cybersecurity researchers have uncovered vulnerable code embedded in several legacy Python packages, raising concerns about potential supply chain attacks against the Python Package Index (PyPI). The issue stems from a domain takeover risk linked to outdated bootstrap scripts used by the build automation tool zc.buildout. According to ReversingLabs, these scripts still reference a long-abandoned domain, python-distribute[.]org, which is now available for purchase.

A nationwide cyberattack has compromised the OnSolve CodeRED emergency notification system, prompting cities and counties across the United States to warn residents and advise password changes. CodeRED, widely used by local governments, delivers urgent alerts during severe weather, evacuations, missing persons, and other emergencies.