Paranoid Radio
Continuous playlist of cybersecurity newscasts. Autoplay advances to the next newscast on this page only.
Hackers Exploit Zimbra Vulnerability as 0-Day with Weaponized iCalendar Files
A zero-day vulnerability in the Zimbra Collaboration Suite (ZCS), identified as CVE-2025-27915, has been exploited in targeted attacks using weaponized iCalendar files. This stored cross-site scripting (XSS) flaw allows attackers to steal sensitive data from victims' email accounts.
Ransomware Attack Disrupts Major Airports in Europe
Collins Aerospace has been targeted by a ransomware attack involving HardBit, causing significant disruptions at major airports across Europe. The attack has led to delays and cancellations, with over a thousand computers reportedly impacted.
Stellantis Confirms Data Breach Exposing Customer Information
Automaker Stellantis has confirmed a data breach that compromised customer contact details through a third-party platform. The breach is linked to the ShinyHunters group, which has targeted multiple Salesforce clients this year.
Yubico Study Reveals Alarming Trends in Phishing Vulnerability Among Users
A recent Yubico survey highlights that nearly half of respondents interacted with phishing emails in the past year, with Gen Z being the most vulnerable demographic. Despite recognizing the insecurity of passwords, many users and organizations still lack adequate protective measures.
Trinity of Chaos Launches Data Leak Site Targeting 39 Companies
The Trinity of Chaos ransomware collective has launched a Data Leak Site on the TOR network, exposing data from 39 companies, including major firms like Google and Cisco. This incident highlights vulnerabilities in Salesforce and the ongoing threat posed by this group, which is linked to Lapsus$ and ShinyHunters.
Discord Users Affected by Data Breach via Third-Party Provider
Discord has reported a data breach affecting a limited number of users after a third-party customer service provider was compromised. Exposed data includes real names, email addresses, and limited billing details, though full credit card numbers and passwords were not accessed.
From Vulnerability Fatigue To Autonomous Remediation
The cybersecurity landscape is shifting from endless vulnerability management to proactive, automated remediation. This change aims to alleviate alert fatigue and enhance security resilience through innovative approaches in software development.
Asahi Confirms Ransomware Attack Disrupting Operations
Japanese beer giant Asahi has confirmed a ransomware attack that has led to significant IT disruptions, forcing the company to shut down factories in Japan. The attack has also resulted in evidence of data theft from compromised devices.
WestJet Data Breach Impacts 1.2 Million Customers
WestJet has disclosed a data breach affecting 1.2 million customers due to a cyber-attack in June 2025. Personal information, including names and contact details, was accessed, although sensitive data such as credit card numbers and passwords remain secure.
Microsoft Limits Inline SVG Images in Outlook to Combat Phishing and Malware
Microsoft is updating Outlook to stop displaying inline SVG images in an effort to mitigate security risks associated with phishing and malware. While SVG attachments will still be supported, the change aims to reduce the potential for cross-site scripting (XSS) attacks.
High-Severity VMware Vulnerability Exploited as Zero-Day
A newly patched VMware vulnerability, tracked as CVE-2025-41244, has been exploited as a zero-day for code execution with elevated privileges. The flaw affects VMware Aria Operations and VMware Tools, allowing attackers to escalate privileges to root on managed VMs.
Unity Discloses Major Security Vulnerability Affecting Game Developers
Unity has revealed a significant security vulnerability affecting games built with its development tool since 2017, urging developers to update immediately. While there is no evidence of exploitation, fixes are available, and platform partners like Valve and Microsoft have implemented mitigations.
ParkMobile Settles Class Action Lawsuit Over 2021 Data Breach Affecting 22 Million Users
ParkMobile has concluded a class action lawsuit related to its 2021 data breach that compromised the data of 22 million users. Affected individuals will receive a $1 in-app credit, which must be claimed manually and has an expiration date.
UK Schools Face Rising Cyber Attack Threats Amid Funding Pressures
A recent government survey reveals that six out of ten UK secondary schools have experienced a cyber-attack or breach in the past year, with further education colleges and universities facing even higher rates. Analysts attribute the vulnerability of state schools to funding pressures and a lack of specialist cybersecurity expertise.
Hackers Exploit Zimbra Flaw as Zero-Day Using iCalendar Files
A zero-day vulnerability in Zimbra Collaboration Suite (ZCS) has been exploited by hackers using malicious iCalendar files. The flaw, identified as CVE-2025-27915, allows attackers to execute arbitrary JavaScript and steal sensitive data from Zimbra Webmail.
Jaguar Land Rover to Resume Production After Major Cyber-Attack
Jaguar Land Rover (JLR) is set to restart production at its Wolverhampton plant following a significant cyber-attack that halted operations across multiple sites. The company faces ongoing challenges as it works to restore full capacity and support affected suppliers.
Researchers Warn AI Can Design Zero-Day Biology Threats With Deadly Toxins
A new study by Microsoft researchers reveals that generative AI can design genetic sequences capable of producing dangerous toxins, highlighting potential biosecurity risks. The findings suggest that existing safeguards in biotech companies may be insufficient to prevent such threats.
Cybercriminals Attempt Bribery of BBC Cyber Correspondent
Joe Tidy, a BBC cybersecurity journalist, was approached by the Medusa ransomware gang, who offered him a cut of ransom payments in exchange for insider access to the BBC's systems. This incident highlights the growing trend of bribery-based attacks targeting employees within organizations.
Oracle Patches Critical E-Business Suite Zero-Day Vulnerability Exploited by Clop Ransomware
Oracle has issued a critical patch for a zero-day vulnerability in its E-Business Suite, tracked as CVE-2025-61882, which allows unauthenticated remote code execution. The flaw has been actively exploited in data theft attacks by the Clop ransomware gang.
Self-Propagating Malware Spreading Via WhatsApp Targets Brazilian Users
Trend Research has identified an active malware campaign named Water Saci that spreads via WhatsApp using malicious ZIP file attachments. The malware, known as SORVEPOTEL, hijacks WhatsApp accounts to propagate itself among contacts, primarily targeting Brazilian financial institutions.
Jaguar Land Rover Cyber-Attack Highlights Growing Threats to Businesses
Jaguar Land Rover was targeted in a cyber-attack that forced the company to shut down computers and factories, raising concerns about the preparedness of British businesses against such threats. The attack has had a devastating impact on JLR's supply chain, leading to layoffs and financial strain on smaller suppliers.