Major Incidents or Breaches

• Nevada State Government: A cyberattack has disrupted Nevada state IT systems, forcing the closure of all state offices and impacting government websites, phone systems, and online platforms.
• Farmers Insurance: Data breach affecting 1 million customers; details of the compromised data have not been publicly disclosed.
• Nissan Japan: Confirmed a data breach at subsidiary Creative Box Inc. (CBI), with Qilin ransomware claiming responsibility.
• Healthcare Services Group: Data breach impacted 624,000 individuals, with theft of personal information.
• Auchan: Data breach resulted in theft of personal information from hundreds of thousands of customers.
• Data I/O: Ransomware attack caused operational outages; the full scope of the breach is not yet known.
• Salesloft: Breach led to theft of OAuth and refresh tokens via its Drift chat agent integration, enabling attackers to access Salesforce customer environments and exfiltrate data.

Newly Discovered Vulnerabilities

Major Incidents or Breaches

• Farmers Insurance disclosed a data breach affecting 1.1 million individuals, with the compromise traced to broader attacks on Salesforce environments.
• French retailer Auchan reported a cyberattack that exposed sensitive loyalty account data of several hundred thousand customers.
• Aspire Rural Health System confirmed a data breach impacting nearly 140,000 individuals, attributed to the BianLian ransomware group.
• Data I/O, a chip programming firm, experienced a ransomware attack disrupting communications, shipping, and production operations.
• Arch Linux Project has been subject to a week-long DDoS attack, affecting its website, repository, and forums.
• US pharmaceutical company Inotiv suffered a cyberattack, as reported in threat intelligence bulletins.
• Lab-Dookhtegen claimed responsibility for attacks disabling communications on more than 60 Iranian cargo ships and oil tankers.

Newly Discovered Vulnerabilities

Major Incidents or Breaches

• Aspire Rural Health System suffered a data breach impacting nearly 140,000 individuals, attributed to the BianLian ransomware group, which exfiltrated sensitive data.
• Chip programming firm Data I/O disclosed a ransomware attack that disrupted communications, shipping, and production operations.
• Farmers Insurance reported a data breach affecting over 1 million individuals, with separate notifications filed by Farmers New World Life Insurance and Farmers Group.
• The Arch Linux Project has been subjected to a week-long DDoS attack, disrupting its website, repository, and forums.

Newly Discovered Vulnerabilities

Major Incidents or Breaches

• DaVita, a kidney dialysis provider, confirmed that a ransomware gang breached its network and exfiltrated personal and health information of nearly 2.7 million individuals.
• CPAP Medical Supplies and Services disclosed a data breach impacting 90,000 individuals, stemming from an intrusion in December 2024.
• Hundreds of organisations were targeted in a new Atomic macOS Stealer campaign via malvertising between June and August 2025.
• A clickjacking attack was reported that can steal credentials from browser-integrated password managers.
• Grok AI chats, intended to be shared privately, were indexed by Google and became publicly searchable.

Newly Discovered Vulnerabilities

Major Incidents or Breaches

• DaVita, a kidney dialysis provider, confirmed a ransomware attack resulted in the theft of personal and health information for nearly 2.7 million individuals.
• CPAP Medical Supplies and Services disclosed a data breach stemming from a December 2024 intrusion, impacting approximately 90,000 people.
• Over 300 entities were targeted between June and August in a new campaign using the Atomic macOS Stealer, delivered via malvertising.
• A clickjacking attack capable of stealing credentials from browser-integrated password managers was disclosed.
• Grok AI chat logs intended to be private were indexed by Google Search, exposing user conversations to the public web.

Newly Discovered Vulnerabilities

Major Incidents or Breaches

• Colt Technology Services Ransomware Attack

  • UK-based Colt Technology Services confirmed a data breach involving customer documentation theft. The Warlock ransomware gang is auctioning the stolen files. The company is working to restore disrupted systems.

• Orange Belgium Data Breach

  • Orange Belgium disclosed that attackers accessed data of approximately 850,000 customers during a July cyberattack. The breach affected customer accounts but no further technical details were provided.

• Ex-Developer Sentenced for Sabotage

Major Incidents or Breaches

• Inotiv, a pharmaceutical company, confirmed a ransomware attack that resulted in the compromise and encryption of internal systems, with business operations impacted.
• Vulnerabilities in a Workhorse Software application used by hundreds of municipalities exposed sensitive data; CERT/CC disclosed details following the release of patches.
• Vulnerable internal services at Intel exposed information of 270,000 employees, as reported by a security researcher.
• Microsoft is investigating an outage affecting Copilot and Office.com, impacting user access across North America.
• Six major password managers are currently vulnerable to unpatched clickjacking flaws, potentially exposing user credentials, two-factor authentication codes, and credit card information.
• McDonald’s staff and partner portals were found to have exposed APIs, sensitive data, and corporate documents due to security flaws.
• Hackers are using legitimate ADFS redirects via office.com links to steal Microsoft 365 login credentials through phishing attacks.
• The RapperBot DDoS-for-hire botnet was disrupted, and the alleged developer and administrator has been charged by the US Department of Justice.
• A member of the “Scattered Spider” cybercrime group was sentenced to 10 years in prison and ordered to pay $13 million in restitution for SIM-swapping and related cyber offences.
• Europol has clarified that a purported $50,000 reward for Qilin ransomware group members is a scam.

Newly Discovered Vulnerabilities

Major Incidents or Breaches

• Allianz Life (US): Hackers stole personal information of 1.1 million individuals in a Salesforce data theft attack. Exposed data includes physical addresses, dates of birth, phone numbers, and other sensitive information for life insurance customers.
• Business Council of New York State (US): Data breach in February led to theft of personal, financial, and health information of over 47,000 individuals.
• Inotiv (US): Ransomware attack resulted in encryption of systems and data, impacting business operations.
• Bragg Gaming Group (Global): Hackers accessed internal systems, though operations reportedly unaffected.
• TPG Telecom/iiNet (Australia): Unauthorised access detected in iiNet order management system; investigation ongoing.
• Highly Sensitive Medical Cannabis Data (US): Nearly one million records, including SSNs, government IDs, and health data, exposed due to an unsecured database.
• Polish Power Plant (Poland): Russian hacktivists launched a cyberattack causing operational disruption at a power plant.
• RapperBot DDoS Botnet: US authorities charged a 22-year-old Oregon man for operating the RapperBot botnet, which powered over 370,000 distributed denial-of-service attacks.

Newly Discovered Vulnerabilities

Major Incidents or Breaches

• Workday disclosed a data breach after attackers accessed a third-party CRM platform via social engineering, likely linked to the broader Salesforce attacks attributed to the ShinyHunters group. Exposed data was limited to “commonly available” business contact information, with no customer data compromised.
• The Canadian House of Commons experienced a data breach, as noted in recent threat intelligence reporting.
• Over 800 N-able N-central servers remain unpatched against two critical vulnerabilities (CVE-2025-8875 and CVE-2025-8876) that have been actively exploited. More than 870 instances are affected globally.
• Multiple web hosting firms in Taiwan were targeted by Chinese APT group UAT-7237, aiming for long-term access to high-value targets.
• The US Department of Justice seized $2.8 million in cryptocurrency from a Zeppelin ransomware operator, following an indictment.

Newly Discovered Vulnerabilities

Major Incidents or Breaches

• Workday disclosed a data breach resulting from attackers gaining access to a third-party CRM platform, reportedly linked to a wider wave of Salesforce-related attacks targeting multiple organizations.
• The Canadian House of Commons suffered a data breach, as reported in the latest threat intelligence bulletin.
• A UK individual was sentenced to 20 months in prison for hacking approximately 3,000 websites.
• Over 800 N-able N-central servers remain unpatched and exposed to two critical vulnerabilities (CVE-2025-8875 and CVE-2025-8876) that have been actively exploited.
• US authorities seized $2.8 million in cryptocurrency from a Zeppelin ransomware operator following an indictment.

Newly Discovered Vulnerabilities