Summary On September 4, 2025, Jaguar Land Rover (JLR) confirmed that a hacker known as “Rey” linked to the group Hellcat has claimed responsibility for a second cyberattack this year. The incident has halted vehicle production at key UK facilities like Solihull and Halewood, delayed thousands of deliveries, and raised serious concerns about vendor and […]
Summary A significant data breach at TransUnion, one of the three major U.S. credit reporting agencies, has compromised the personal information of approximately 4.4 million Americans, including Social Security numbers. Over 377,000 Texans were among those affected. The breach stemmed from a third-party application vulnerability, prompting TransUnion to offer two years of free credit monitoring […]
Summary In August 2025, attackers stole OAuth tokens from Salesloft’s Drift chatbot integration and used them to access Salesforce data at hundreds of organizations. High-profile victims that disclosed impact include Zscaler, Palo Alto Networks, and Cloudflare. Exposed data varies by company, but often includes business contact info and support case details. The total blast radius […]
Summary On September 5, 2025, U.S. authorities revealed a massive cyber campaign dubbed “Salt Typhoon”, in which suspected Chinese hackers may have accessed sensitive American data and infiltrated power grid infrastructure. The FBI and DOJ are now spearheading a high-stakes response. The incident raises national security concerns, infrastructure risk, and potential implications for the average […]
Incident window: July 19–21, 2025 Public alert issued: Late July 2025 What happened In one of the most significant enterprise security incidents in recent memory, a zero-day vulnerability in on-premises Microsoft SharePoint servers was actively exploited in a widespread cyber campaign. Between July 19 and July 21, over 8,000 servers globally were reportedly compromised by […]
Incident date: July 16, 2025 Public notification: Mid‑August 2025 What happened Allianz Life Insurance Company of North America recently disclosed a major security breach originating from a third-party customer relationship management (CRM) vendor. On July 16, 2025, the CRM platform was compromised through a targeted social engineering attack. This breach exposed personal details belonging to […]
Timeline: Reported continuously from July 18 to July 31, 2025 What happened In the past two weeks, deepfake scams targeting corporate environments have surged dramatically. These attacks involve perpetrators creating highly realistic AI-generated video or audio impersonations of CEOs or senior executives. In several reported cases, employees in finance or HR were convinced to transfer […]
Introduction On April 14, 2025, a significant cybersecurity incident involving a Windows zero-day vulnerability was disclosed, highlighting the persistent threat of ransomware attacks. This report examines the details of this incident, which exploited a flaw in the Windows Common Log File System (CLFS), enabling attackers to deploy ransomware and steal sensitive data. As cybersecurity threats […]
Cybercriminals are at it again, and this time they’re using a trick that’s as old as the internet but dressed up in a shiny new package. In the past week, a sophisticated phishing campaign has been making waves by exploiting Webflow’s Content Delivery Network (CDN) and fake CAPTCHA pages to steal your personal info. If […]
Cybercrime doesn’t take a vacation, and the past week proved it with a sneaky new tactic from the Akira ransomware gang. If you thought your VPN was a fortress, think again—hackers are now targeting SonicWall VPNs with a clever trick that could leave businesses scrambling. Let’s dive into what happened, why it matters, and how […]
