India has decided to roll back its mandate requiring citizens to install a cybersecurity app designed to enhance surveillance and security. The app, intended to monitor digital activities, faced backlash over privacy concerns, with citizens worried about excessive government monitoring and data collection. The government's initial push for this app was met with skepticism, drawing comparisons to Apple's controversial decision to distribute a U2 album to all iTunes users. By reversing this mandate, India acknowledges the public's apprehension regarding personal privacy and the implications of government surveillance. This situation underscores the delicate balance between national security and individual privacy rights, a conversation that continues to evolve in the digital age.
Latest Cybersecurity Threats
Real-time threat intelligence from trusted sources
Barts Health NHS Trust has reported a data breach involving the Clop ransomware group, which exploited a vulnerability in the Oracle E-business Suite software to steal files from their database. This incident highlights the ongoing risks associated with unpatched software vulnerabilities and the potential for significant data loss in healthcare organizations.
A new zero-click attack has been identified that targets the Perplexity Comet browser, allowing malicious emails to delete all contents of a user's Google Drive. This technique exploits the automation capabilities of the browser when connected to Gmail and Google Drive, posing a significant risk to users' data security.
The FBI has issued a warning regarding virtual kidnapping scams where criminals manipulate social media images to create fake proof of life photos. This alarming tactic is used to extort money from victims' families, highlighting the need for increased awareness and caution regarding online content.
The Hacker News
CVE-2025-66516A critical security vulnerability, CVE-2025-66516, has been identified in Apache Tika, posing a risk of XML external entity (XXE) injection attacks. With a CVSS score of 10.0, this flaw affects multiple modules and requires urgent attention from users to prevent exploitation.
The article highlights that manufacturers are increasingly becoming prime targets for cyberattacks in 2025 due to significant cybersecurity gaps and a shortage of expertise in the sector. This growing threat landscape poses serious risks to operational integrity and data security within manufacturing environments.
A critical vulnerability in the React JavaScript library is currently being targeted by threat actors linked to China, highlighting the urgency for developers to implement patches. The situation underscores the importance of immediate action to secure applications using this library from potential exploitation.
The article discusses a critical vulnerability in React that has been exploited by various threat actors, leading to a significant outage at Cloudflare as they implemented mitigations against the React2Shell exploit. This incident highlights the ongoing risks associated with vulnerabilities in widely used frameworks and the need for timely responses to emerging threats.
BleepingComputer
The European Commission has imposed a €120 million ($140 million) fine on X for failing to meet transparency obligations under the Digital Services Act (DSA). This penalty highlights the regulatory scrutiny on tech companies regarding their compliance with digital transparency standards, emphasizing the importance of accountability in online platforms.
Infosecurity Magazine
CrowdStrike has issued a warning about Warp Panda, a cyber-espionage group linked to China, which is actively targeting North American organizations to steal sensitive data. This campaign aims to advance Beijing's strategic interests, highlighting the ongoing threat posed by state-sponsored cyber activities.
US organizations are being warned about the presence of Chinese malware, specifically BrickStorm, Junction, and GuestConduit, which are being used by the group Warp Panda for long-term persistence in attacks. This poses a significant cybersecurity threat as these malware types can enable attackers to maintain access to compromised systems over extended periods.
BleepingComputer
Cloudflare has reported an outage due to the emergency patching of a critical React remote code execution vulnerability that is currently being exploited in attacks. This incident highlights the urgency and severity of addressing such vulnerabilities to maintain security and service continuity.
BleepingComputer
Inotiv, an American pharmaceutical company, has reported a data breach following a ransomware attack that occurred in August 2025, compromising the personal information of thousands of individuals. This incident highlights the ongoing risks associated with ransomware attacks and the importance of data protection in the pharmaceutical sector.
Infosecurity Magazine
The Louvre Museum is enhancing its safety and security systems following a significant burglary incident in October. This initiative involves a public tender worth €57 million, indicating the museum's commitment to improving its protection against potential threats.
The article discusses a record-breaking DDoS attack powered by the Aisuru botnet, which peaked at 29 Tbps. Cloudflare successfully mitigated this attack, highlighting the growing severity of DDoS threats and the need for robust cybersecurity measures.