Cyber Attack

Cybersecurity researcher Jeremiah Fowler found an unprotected database with 957,434 records belonging to an Ohio organization that assists people in obtaining certified medical marijuana cards. The database contained personal information, including PII, driver’s licenses, medical records, Social Security numbers, and other sensitive data. The publicly exposed databases were not password-protected …

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has included the critical Trend Micro Apex One vulnerability, CVE-2025-54948, in its Known Exploited Vulnerabilities (KEV) Catalog due to active exploitation. Trend Micro Apex One is a popular endpoint security platform that detects and responds to malware and other security threats. However, …

A threat actor named “Chucky_BF” has advertised on a cybercrime forum that they are selling a “Global PayPal Credential Dump 2025” with over 15.8 million email and plaintext password pairs. The 1.16GB dataset in plain text reportedly contains sensitive credentials from PayPal accounts worldwide, indicating a significant breach. According to …

Researchers have identified a new Crypto24 ransomware campaign, which they describe as a “dangerous evolution” in cybersecurity threats. According to Trend Micro researchers, recent attacks by Crypto24 actors display a combination of advanced evasion techniques and custom tools that can disable EDR solutions — including Trend Micro’s own Vision One …

UK telecoms company Colt suffered a cyberattack by the Warlock ransomware gang. The attack began on Tuesday, 12th August, around 11 am BST, initially reported as a technical issue. By Thursday, 14th August, Cold announced they were addressing a cyber incident affecting Colt Technology Services, including hosting, porting services, Colt …

Fortinet warns customers of a critical security flaw in FortiSIEM which it said there exists an exploit in the wild. CVE-2025-25256 is a critical vulnerability with a CVSS score of 9.8 out of 10. “An improper neutralization of special elements used in an OS command (‘OS Command Injection’) vulnerability [CWE-78] …

A sophisticated cyber fraud has stolen over ₹5.58 crore from many bank accounts, highlighting serious concerns about digital payment security. This scam involved cloning biometric data and affected 251 accounts in 17 districts. Authorities are working hard to contain the situation and catch those responsible. The Modus Operandi: A Digital …

Google confirmed that a recent data breach in one of its Salesforce CRM systems exposed information about potential Google Ads customers. “We’re writing to let you know about an event that affected a limited set of data in one of Google’s corporate Salesforce instances used to communicate with prospective Ads …

More than 28,000 unpatched Microsoft Exchange servers are publicly accessible and vulnerable to the critical security flaw CVE-2025-53786, as reported by The Shadowserver Foundation on August 7, 2025. CISA’s Emergency Directive 25-02 on August 7 requires federal agencies to fix a critical vulnerability in Microsoft Exchange hybrid setups by 9:00 …

Bouygues Telecom, a major telecom company in France and the third-largest mobile operator, announced on Wednesday that it suffered a cyberattack affecting millions of customers’ data. The nature of the attack was not disclosed, and the company said the “situation was resolved as quickly as possible” by its technical teams, …