SC Staff

CyberScoop reports that the U.S. Court of Appeals for the Ninth Circuit has reversed the dismissal of a case filed by journalists from El Salvador-based independent news outlet El Faro against major spyware firm NSO Group, ruling that previous California court action involved discretionary abuse.

Sixty-one percent of local election officials expressed concern about the Cybersecurity and Infrastructure Security Agency's election security service reductions, according to StateScoop.

Many large language models continue to lack vulnerability research and exploitation capabilities, with 48% and 55% of models failing the first and second VR tasks, respectively, while 66% and 93% failed the first and second exploit development tests, respectively, Infosecurity Magazine reports.

Despite a year-over-year and quarter-over-quarter increase in active ransomware operations, organizations claimed to have been compromised by ransomware gangs have dropped by 22.9% between the first and second quarter of 2025, reports CRN.

Schneider Electric's EcoStruxure IT Data Center Expert software for data center equipment has been affected by six significant security flaws, which could be exploited to facilitate information leaks and remote access in critical infrastructure, according to GBHackers News.

BleepingComputer reports that Volkswagen, Skoda, and Mercedes-Benz vehicles have had their OpenSynergy BlueSDK Bluetooth stack impacted by a quartet of low- to high-severity vulnerabilities that could be chained to facilitate a PerfektBlue attack leading to remote code execution and infotainment systems compromise.

U.S. multinational doughnut and coffeehouse chain Krispy Kreme has been filed with a class action lawsuit alleging its negligence in a November data breach by the Play ransomware gang that affected 161,676 individuals, Cybernews reports.

Cybernews reports that popular Chicago-based classical music radio station WFMT had its systems claimed to have been compromised by the Play ransomware operation, which has already leaked a portion of the pilfered data.

Malicious actors have utilized a trojanized version of the crossplatform SSH client and servermanagement tool Termius to deliver an updated iteration of the ZuRu macOS malware, according to The Hacker News.

GitHub exploited to deliver utility-spoofing malware Threat actors have been leveraging the GitHub code repository to distribute the Lumma Stealer malware in the guise of legitimate utilities, including "Free VPN for PC" and "Minecraft Skin Changer", as part of a new attack campaign, reports Cyber Security News.