Major Cyber Attacks, Ransomware Attacks and Data Breaches: August 2025

Date

Victim

Summary

Threat Actor

Business Impact

Source Link

August 05, 2025

Various companies like Hitachi Vantara, Nissan Australia, Stanford Uni., etc

SonicWall urges customers to take VPN devices offline after ransomware campaign

Akira Ransomware

A wave of ransomware attacks starting mid-July 2025—particularly involving Akira ransomware—targeted organisations using SonicWall Gen 7 firewalls with SSL VPN enabled, initially suspected as exploiting a zero-day vulnerability, but later traced to the known CVE-2024-40766 tied to improper password handling during migration from Gen 6 to Gen 7; the breach exposed firms to rapid compromise despite MFA, prompting urgent mitigations though no specific threat actor group beyond Akira affiliates has been publicly named.

Sonicwall Zero-Day Attack 

August 05, 2025

DaVita

More than 1 million patients affected by DaVita ransomware attack

Interlock Ransomware

DaVita was struck by a ransomware attack—claimed by the InterLock group—that infiltrated its servers from March 24 to April 12, 2025, compromising sensitive data of over 2.6 million patients (including names, SSNs, health insurance info, dialysis results, and even check images), triggering data breach notifications, regulatory scrutiny, and widespread exposure of 1+ TB of internal files.

DaVita Ransomware Attack 

August 06, 2025

Pakistan Petroleum Limited

Pakistan Petroleum thwarts ransomware attempt, says no critical data compromised

Blue Locker

Pakistan Petroleum Limited had foiled a ransomware attempt by the Blue Locker group, suspending select non-critical services to contain the threat, and safeguarding critical systems and sensitive data.

Source: DataBreaches.net 

August 07, 2025

Spartanburg County

Spartanburg County hit by cyber attack, some online services disrupted

Unknown

Spartanburg County had suffered a ransomware cyber attack in early August 2025 that disrupted several online services, prompting swift activation of response protocols involving its cybersecurity provider and law enforcement; temporary shutdown of affected systems.

Source: DataBreaches.net  

August 11, 2025

St. Paul’s city government

Ransomware gang claims attack on St. Paul city government

Interlock Ransomware

The Interlock ransomware gang had breached St. Paul’s city government systems in late July 2025—stealing around 43 GB of internal data (primarily employee-related files), crippling key digital services and prompting the governor to activate the National Guard—while residents’ cloud-stored data remained untouched. 

Interlock attack on St. Paul's government 

August 11, 2025

Yes24

Second ransomware attack in two months disrupts South Korean ticketing giant

Unknown

South Korea’s largest ticketing and online bookstore, Yes24, endured a second ransomware attack in under two months that knocked its website and app offline—disrupting K-pop ticket sales (notably for Day6’s tour), prompting emergency shutdown and seven-hour restoration via backups, and drawing criticism for repeated failure to safeguard fans after prior promises of remediation.

Source: The Record Media 

August 13, 2025

Clinical Diagnostics in Rijswijk

Hacked lab paid ransom: 'Millions of euros demanded'

Nova Ransomware Group

Clinical Diagnostics in Rijswijk paid ransomware group Nova—who had demanded millions of euros—to prevent the release of stolen medical data from approximately 485,000 Dutch women, including names, addresses, BSNs, and cervical screening results (part of 300 GB of exfiltrated data, with about 100 MB already leaked), securing its data containment efforts though the exact ransom amount was undisclosed.

Nova Ransomware attack on Clinical Diagnostic Lab

August 14, 2025

Canada’s House of Commons

Hackers reportedly compromise Canadian House of Commons through Microsoft vulnerability

Unknown

Threat actors exploited a Microsoft SharePoint zero-day vulnerability (CVE-2025-53770) to breach Canada’s House of Commons network, gaining access to a device-management database and stealing employees’ names, job titles, office locations, email addresses, and device details

Source: The Record Media 

August 18, 2025

Colt Technology Services

UK telecom provider Colt says outages were due to cyber incident

WarLock Ransomware

Colt Technology Services had suffered a cyber attack in mid-August 2025 that knocked out its Colt Online customer portal and Voice API systems—initially framed as “technical issues”—and later was attributed to the WarLock ransomware group, which claimed to exfiltrate up to a million internal documents (including financial data, network designs, and employee/client details), leveraging a SharePoint remote-code execution vulnerability (CVE-2025-53770) to perform the breach.

Source: The Record Media 

August 19, 2025

Inotiv

Drug development company Inotiv reports ransomware attack to SEC

Qilin ransomware

Indiana-based drug research firm Inotiv suffered a ransomware attack by the Qilin gang which encrypted critical systems, disrupted access to internal networks and business applications, and allegedly exfiltrated 176 GB of research data spanning the previous decade, forcing the company to deploy offline workflows.

Source: The Record Media

August 22, 2025

Data I/O

Electronics manufacturer Data I/O reports ransomware attack to SEC

Unknown

Data I/O, a leading electronics manufacturer, was hit by a ransomware attack that forced the shutdown of its global IT infrastructure, halting manufacturing, production, shipping, and internal communications, and leading to an SEC disclosure of the incident.

Source: The Record Media

August 27, 2025

Miljödata, Sweden

IT system supplier cyber attack impacts 200 municipalities in Sweden

Unknown

A ransomware attack on Miljödata, an IT supplier serving about 80% of Sweden’s municipalities, disrupted HR and sick-leave systems across approximately 200 municipal governments—crippling operations like employee absence management.

Source: Bleeping Computer 

August 28, 2025

Mathworks

MATLAB dev says ransomware gang stole data of 10,000 people

Unknown

MathWorks experienced a ransomware breach in April 2025, which disrupted access to core internal services—including MFA, SSO, cloud centers, license systems, and the online store—resulting in the theft of personal data (such as names, addresses, dates of birth, and Social Security or equivalent identification numbers) for approximately 10,476 individuals. 

Mathworks Ransomware Attack 

Date

Victim

Summary

Threat Actor

Business Impact

Source Link

August 01, 2025

GiveWP Wordpress Plugin

Pi-hole discloses data breach triggered by WordPress plugin flaw

Unknown

Due to a flaw in the GiveWP WordPress donation plugin, around 30,000 Pi-hole donor names and email addresses were publicly exposed—raising privacy and reputational concerns for the project—though no financial or product-related data was affected

Source: Bleeping Computer 

August 01, 2025

Cisco

Cisco discloses data breach impacting Cisco.com user accounts

A wave of Salesforce-linked vishing campaigns-(Apparently) 

In July 2025, a cyber criminal executed a successful voice-phishing (vishing) attack on a Cisco representative—gaining access to and exporting user profiles (names, organisation, addresses, user IDs, email, phone, and account metadata) from a third-party cloud CRM system used for Cisco.com accounts, exposing customers to impersonation and phishing risks; no credentials, proprietary data, or services were affected, and although Cisco hasn’t confirmed the attacker’s identity, the incident mirrors a broader wave of Salesforce-linked vishing campaigns tied to the ShinyHunters extortion group.

Source: Bleeping Computer 

August 01, 2025

Aeroflot

Hackers leak purported Aeroflot data as Russia denies breach

Pro-Ukraine hacktivist groups Silent Crow and Belarusian Cyber-Partisans

A prolonged cyber attack, attributed to pro-Ukraine hacktivist groups Silent Crow and Belarusian Cyber-Partisans, crippled Aeroflot’s IT systems—forcing cancellation or delay of over 100 flights, affecting some 20,000 passengers, inflicting up to $50 million in financial and reputational damage, and potentially exposing executive travel data—while prompting a criminal investigation.

Source: Record Media

August 01, 2025

Cycle & Carriage

In Singapore, 147,000 customer records exposed in Cycle & Carriage data breach

Unknown

A news report said that a data breach discovered on July 14, 2025, a threat actor gained unauthorised access to Cycle & Carriage’s CRM system and exfiltrated around 147,000 customer records—primarily names and contact details (with about 2% including NRIC numbers and deposit amounts)—causing potential identity theft, reputational damage, regulatory scrutiny, and prompting investigations by both the Singapore police and the Personal Data Protection Commission (PDPC), though no banking or credit card information was exposed.

Source: DataBreaches.net 

August 01, 2025

Genoa Medical Facilities (Genoa Community Hospital)

Genoa Community Hospital discloses breach discovered in March

Unknown

According to a news source, in March 2025, Genoa Medical Facilities (Genoa Community Hospital) detected suspicious activity in an employee’s email account—which, according to a subsequent investigation concluded in July, may have exposed patients’ names, birth dates, Social Security or other government ID numbers, financial account data, medical treatment or diagnosis details, and health insurance information—though no misuse has been observed, no threat actor has been identified or claims made, and the hospital has already begun notifying affected individuals and bolstering email security.

Source: DataBreaches.net

August 04, 2025

Chanel

Fashion giant Chanel hit in wave of Salesforce data theft attacks

ShinyHunters

Sources said on July 25, 2025, hackers—linked to the ShinyHunters extortion group—exploited social engineering (via vishing) to trick a third-party vendor into granting malicious OAuth app access to Chanel’s Salesforce database, resulting in the theft of U.S. customer records (names, email, mailing address, phone number), raising risks of targeted phishing and reputational harm, though no financial or credential data was taken and affected individuals have been notified.

Source: Bleeping Computer

August 05, 2025

PBS

PBS confirms data breach after employee info leaked on Discord servers

Insider behavior or opportunistic sharing-(Apparently)

PBS confirmed that a data breach originating from its internal MyPBS.org platform resulted in a JSON file containing corporate contact details for 3,997 employees and affiliates—including names, emails, titles, departments, time zones, locations, job functions, hobbies, and supervisors’ names—being circulated on PBS Kids fan Discord servers, apparently driven by youthful curiosity and a desire for notoriety rather than any malicious intent, though it nonetheless exposes employees to risks like doxxing or phishing.

Source: Bleeping Computer 

August 05, 2025

Pandora

Pandora confirms data breach amid ongoing Salesforce data theft attacks

ShinyHunters

Danish jewelry giant Pandora suffered a breach via its Salesforce CRM—its customer names, birthdates, and email addresses were stolen through targeted social engineering and OAuth abuse by the ShinyHunters extortion group (continuing a broader campaign since early 2025), exposing clients to phishing and impersonation risks, while financial, password, and ID data remained secure and Pandora has since reinforced its security.

Source: Bleeping Computer

August 05, 2025

Google’s Salesforce

Google suffers data breach in ongoing Salesforce data theft attacks

ShinyHunters

As per an official report, Google’s corporate Salesforce CRM was compromised in June 2025 as ShinyHunters (tracked as UNC6040/UNC6240) used voice-phishing to infiltrate the system, extracting business names, contact details, and related notes for small-to-medium enterprises before their access was cut off—though no sensitive financial or account credentials were exposed. 

Source: Bleeping Computer

August 06, 2025

Air France and KLM

Air France and KLM disclose data breaches impacting customers

ShinyHunters

Air France and KLM suffered a data breach via unauthorised access to an external customer-service platform in late July 2025, resulting in exposure of customer names, contact details, Flying Blue loyalty numbers and statuses, and email subject lines—though no sensitive data like passwords, passports, payment cards, or miles balances were compromised—and the incident, tied to a broader Salesforce-focused campaign likely linked to the ShinyHunters and possibly Scattered Spider groups, led the airlines to notify authorities, inform affected individuals, and implement countermeasures.

Source: Bleeping Computer

August 06, 2025

Bouygues Telecom

Bouygues Telecom confirms data breach impacting 6.4 million customers

Unknown

Bouygues Telecom was hit by a cyber attack, in which a known cyber criminal group breached internal systems and exfiltrated personal data—including contact details, contract information, civil or company status, and IBAN numbers—for approximately 6.4 million customers, prompting swift containment, regulatory notification, customer alerts, and strengthened defenses.

Source: Bleeping Computer

August 07, 2025

Columbia University

Columbia University says hacker stole SSNs and other data of nearly 900,000

Unknown

A politically motivated hacktivist breached Columbia University’s systems—gaining access to and stealing sensitive personal data (including Social Security numbers, contact details, academic records, financial aid, and health insurance information) of approximately 868,969 individuals—disrupting IT services, prompting breach notifications and credit monitoring offers, and leaving the attacker unidentified beyond ideological motives.

Source: Record Media

August 08, 2025

The U.S. Federal Judiciary

U.S. Judiciary confirms breach of court electronic records service

Unknown

The U.S. Federal Judiciary had confirmed that its electronic case management systems—including CM/ECF and PACER—had been breached in early July 2025, potentially exposing sealed court files (such as identities of confidential informants and sensitive filings) across multiple federal districts, prompting the implementation of stricter access controls and enhanced cybersecurity, although the perpetrators remained unidentified, with nation-state–affiliated actors suspected.

Source: Bleeping Computer 

August 11, 2025

Connex Credit Union

Connex Credit Union data breach impacts 172,000 members

Unknown

Connex Credit Union had its systems breached around June 2–3, 2025, enabling unknown attackers to steal personal and financial data—including names, account numbers, debit card details, Social Security numbers, and government-issued IDs—impacting approximately 172,000 members, prompting breach notifications, free credit monitoring, fraud warnings, and tightened cybersecurity defenses; no funds were reported lost, and the threat actor remained unidentified.

Source: Bleeping Computer

August 11, 2025

Manpower’s Lansing, Michigan franchise

Manpower discloses data breach affecting nearly 145,000 people

RansomHub

Manpower’s Lansing, Michigan franchise suffered a ransomware breach between December 2024 and January 2025, claimed by the RansomHub gang—which stole roughly 500 GB of sensitive corporate and client data (including passport scans, SSNs, IDs, contracts, and correspondence), prompting the staffing firm to notify nearly 145,000 people

Source: Bleeping Computer 

August 13, 2025

Italian Hotels

Tens of thousands of Italian hotel guests may be hit by cyber heist

An anonymous hacker using name; “mydocs”

A cyber criminal using the alias “mydocs” infiltrated the booking systems of around ten Italian hotels between June and July 2025, then posted over 90,000 high-resolution scans of guest identity documents—such as passports and ID cards—for sale on darknet forums, compromising the privacy of tens of thousands of guests and exposing them to identity theft, bank fraud, and social engineering attacks.

Source: Record Media 

August 18, 2025

Workday

Workday hit by social engineering data breach targeting its CRM platform

ShinyHunters

Workday fell victim to a sophisticated social engineering campaign in early August 2025—where attackers impersonated HR or IT staff to infiltrate a third-party CRM platform and steal business contact details (names, email addresses, phone numbers) but did not access customer tenants or internal systems; the breach is suspected to be part of the broader ShinyHunters-linked Salesforce-targeted attack wave.

Source: Record Media

August 18, 2025

Bragg Gaming Group

Casino gaming company Bragg says hackers accessed ‘internal computer environment’

Unknown

Bragg Gaming Group suffered a cyber attack discovered on August 16, 2025, in which hackers accessed its internal computer environment—though there was no evidence that personal data was affected or that business operations were disrupted.

Source: Record Media 

August 18, 2025

Allianz Life Insurance Company

Massive Allianz Life data breach impacts 1.1 million people

ShinyHunters

Allianz Life Insurance Company of North America endured a major data breach when attackers exploited a third-party, cloud-based CRM platform—via a social engineering-led Salesforce authentication exploit—to steal personally identifiable information for approximately 1.1 million U.S. customers, financial advisors, and select employees (including names, email and physical addresses, dates of birth, phone numbers, and Social Security numbers).

Allianz Life Data Breach 

August 20, 2025

Business Council of New York State

Business Council of New York State says nearly 50,000 had data leaked in February cyber attack

Unknown

The Business Council of New York State had suffered a cyber attack in late February 2025 that resulted in the exposure of highly sensitive personal, financial, and medical information for approximately 47,329 individuals—including names, Social Security and state ID numbers, banking details, payment card data, PINs, tax identifiers, e-signatures, health diagnoses, treatments, prescriptions, and insurance records.

Source: Record Media 

August 20, 2025

Orange Belgium

Major Belgian telecom firm says cyber attack compromised data on 850,000 accounts

Unknown

Orange Belgium suffered a cyber attack that compromised personal data—including full names, telephone numbers, SIM card numbers, PUK codes, and tariff plan details—for approximately 850,000 customers, though sensitive data like passwords, emails, and financial information remained secure.

Source: Record Media 

August 25, 2025

Farmers Insurance

Farmers Insurance data breach impacts 1.1M people after Salesforce attack

ShinyHunters

Farmers Insurance suffered a data breach in May 2025 after the Salesforce-related supply chain attack, exposing personal data—including names, addresses, driver’s license numbers, birth dates, and partial Social Security numbers—of approximately 11 million people.

Source: Bleeping Computer  

August 25, 2025

French retail giant Auchan

Auchan retailer data breach impacts hundreds of thousands of customers

Unknown

French retail giant Auchan had disclosed a cyber attack in late August 2025 that compromised personal data from loyalty accounts of several hundred thousand customers—including full names, titles, mailing addresses, email and phone contact details, and loyalty card numbers—while stressing that banking information, passwords, and PINs were unaffected, and that the French data protection authority (CNIL) had been notified.

Source: Bleeping Computer  

August 25, 2025

Nissan

Nissan confirms design studio data breach claimed by Qilin ransomware

Qilin Ransomware

Nissan confirmed that hackers from the Qilin ransomware group had breached its subsidiary Creative Box Inc. in mid-August 2025—exfiltrating four terabytes of proprietary assets such as 3D vehicle design models, internal reports, financial documents, VR workflows, and photos

Source: Bleeping Computer 

August 25, 2025

Maryland’s Transit Administration

Maryland investigating cyber attack impacting transit service for disabled people

Unknown

Maryland’s Transit Administration had faced a cyber attack that disabled its Mobility paratransit scheduling and real-time information systems—hampering new ride bookings and call-centre operations—while core services like buses and subways remained operational.

Source: Record Media 

August 26, 2026

Nevada's state government

Nevada closes state offices as cyber attack disrupts IT systems

Unknown

Nevada's state government had suffered a network security incident that forced the closure of state offices for two days and knocked multiple government websites and phone lines offline—while emergency services stayed operational and officials noted that no personal data had been compromised.

Source: Bleeping Computer 

August 26, 2026

Healthcare Services Group

Healthcare Services Group data breach impacts 624,000 people

Unknown

Healthcare Services Group detected a network intrusion in late 2024 (between September 27 and October 3), which exfiltrated sensitive personal data—such as names, Social Security numbers, driver’s license numbers, state IDs, financial account information, and login credentials—for approximately 624,000 individuals, prompting breach notifications and credit monitoring offers; as of their August 2025 disclosure, no ransomware group or hacker had claimed responsibility. 

Source: Bleeping Computer 

August 28, 2025

TransUnion

TransUnion suffers data breach impacting over 4.4 million people

ShinyHunters

TransUnion experienced a Salesforce-based data theft attack in late July 2025 which exposed personal data such as names, billing addresses, phone numbers, email addresses, dates of birth, and unredacted Social Security numbers of over 4.4 million U.S. individuals.

Source: Bleeping Computer

Date

Victim

Summary

Threat Actor

Business Impact

Source Link 

August 05, 2025

Multiple Dutch Caribbean governments—including the Curaçao Tax and Customs Administration, Joint Court of Justice, and Aruba’s Parliament

Dutch Caribbean islands respond to cyber attacks on courts, tax departments

Unknown

Multiple Dutch Caribbean governments—including the Curaçao Tax and Customs Administration, Joint Court of Justice, and Aruba’s Parliament—were hit by coordinated cyber attacks in late July 2025 that caused widespread outages in tax, judicial, and email services, forced reliance on Dutch cybersecurity experts, and prompted regional alerts to strengthen cyber defences, though the specific attackers remained unidentified.

Source: Record Media

August 20, 2025

Investment Projects

Russian investment platform confirms cyber attack by pro-Ukraine hackers

Cyber Anarchy Squad

Russian investment and analytics platform Investment Projects suffered a cyber attack by the pro-Ukraine hacktivist group Cyber Anarchy Squad, which disrupted its infrastructure, exposed internal databases and employee files, and led to public data leaks aimed at pressuring regulators, causing downtime, reputational harm, and financial impact.

Source: Record Media

New Ransomware

Summary

Plague malware

A newly discovered Linux malware, which has evaded detection for over a year, allows attackers to gain persistent SSH access and bypass authentication on compromised systems.

Charon ransomware

Trend Micro discovered that a newly identified ransomware—dubbed Charon—targeted public sector and aviation organisations across the Middle East using advanced APT-style techniques like DLL sideloading, process injection, and disabling of security controls, delivering bespoke ransom notes naming each victim; while the tactics echoed those of the China-linked Earth Baxia group, researchers could not definitively attribute the campaign to them.

Android.Backdoor.916.origin

Researchers at Dr. Web had uncovered a new Android backdoor—named Android.Backdoor.916.origin that masqueraded as antivirus software allegedly from Russia’s FSB (using names like “GuardCB,” “SECURITY_FSB,” and “ФСБ”), and had been spying on Russian business executives since January 2025 by capturing keystrokes, audio/video feeds, conversations, and message data. 

Curly COMrades

A newly identified threat group, Curly COMrades, had deployed custom three-stage malware called MucorAgent—leveraging components like curl.exe, COM hijacking, Resocks proxies, and CurlCat tunneling—to maintain stealthy, persistent access to government and judicial bodies in Georgia and energy firms in Moldova by executing encrypted PowerShell scripts and exfiltrating data. 

Date

New Flaws/Fixes

Summary

August 04, 2025

CVE-2025-21479, CVE-2025-27038

Google’s August 2025 Android security updates patch two critical Qualcomm-related vulnerabilities—both of which were under active, limited, targeted exploitation.

August 05, 2025

CVE-2025-24311, CVE-2025-25050, CVE-2025-25215, CVE-2025-24922, and CVE-2025-24919

Researchers at Cisco Talos discovered, and Dell later patched, five critical firmware flaws in the ControlVault3 module affecting over 100 business laptop models—which had allowed attackers to bypass Windows login, implant persistent malware surviving system reinstalls, and even tamper with biometric authentication.

August 08, 2025

CVE-2025-53786

CISA issued an emergency mandate in early August 2025 requiring all U.S. Federal Civilian Executive Branch agencies to urgently patch a critical hybrid Microsoft Exchange flaw because attackers with admin access to on-premises servers could forge trusted tokens to laterally infiltrate Exchange Online and potentially compromise entire Active Directory environments.

August 08, 2025

CVE-2025-8088

A zero-day directory traversal vulnerability in WinRAR was actively exploited in phishing campaigns by the Russia-aligned RomCom hacking group to deploy backdoors like SnipBot, Mythic Agent, and RustyClaw via malicious archives that silently wrote executable files into Windows autorun locations. 

August 11, 2025

CVE-2025-6543

The Dutch National Cyber Security Centre (NCSC-NL) revealed that a critical Citrix NetScaler memory-overflow flaw was exploited in zero-day attacks against multiple Dutch critical infrastructures beginning in early May 2025, enabling remote code execution and subsequent deployment of stealthy web shells while erasing traces to conceal the breaches.

August 15, 2025

CVE-2025-20265

Cisco disclosed a critical remote code execution vulnerability in the Secure Firewall Management Center’s RADIUS component, which exposed systems with RADIUS enabled for web or SSH access to unauthenticated attackers who could execute arbitrary root-level commands, forcing the company to release urgent security patches and mitigation guidance.

August 21, 2025

CVE-2018-0171

The FBI warned that a Russian state-sponsored group (FSB’s Center 16, also known as Static Tundra/Berserk Bear) was actively exploiting a seven-year-old Cisco Smart Install vulnerability to remotely execute code on unpatched or end-of-life Cisco networking devices, enabling them to harvest and alter configuration files for long-term espionage against critical infrastructure.

August 22, 2025

CVE-2025-43300

CISA mandated federal agencies to urgently patch a critical zero-day out-of-bounds write flaw in Apple’s Image I/O framework—already exploited in highly sophisticated, targeted attacks—to avert arbitrary code execution across iPhones, iPads, and Macs. 

August 26, 2025

CVE-2025-48384

CISA warned that hackers were actively exploiting a critical Git vulnerability stemming from improper handling of carriage return characters in configuration files, which allowed attackers to craft malicious submodules and execute arbitrary code on systems when cloned.

August 27, 2025

CVE-2025-7775

Citrix was forced to address a critical remote code execution vulnerability—CVE-2025-7775—in NetScaler ADC and NetScaler Gateway, which had already been exploited in the wild across more than 28,200 vulnerable instances worldwide.

News Type

Summary

Warning

The U.S. Treasury’s Financial Crimes Enforcement Network (FinCEN) warned that the rapid rise of crypto ATMs—from 4,250 in early 2020 to over 30,600 by August 2025—was accompanied by surging scams and money laundering incidents (with nearly 11,000 complaints and about $246.7 million in losses reported), largely because many operators had failed to register as money services businesses and lacked anti-laundering controls.

Report

The world’s largest chipmaker, TSMC, fired two engineers and facilitated the arrest of a third suspect after internal monitoring revealed unauthorised access to sensitive 2-nanometer chip trade secrets—a case that became the first invoked under Taiwan’s National Security Act, underscoring the risks of high-stakes industrial espionage and prompting swift legal action.

Report

The National Bank of Canada experienced a widespread outage of its online and mobile banking services due to a technical issue, which disrupted access for its 2.4 million+ customers for approximately three and a half hours before normal operations were restored—though officials confirmed that no cybersecurity breach was involved.

Report

Vietnamese-speaking cyber criminals deployed a Python-based malware called PXA Stealer to infect over 4,000 systems across 62 countries—harvesting and selling more than 200,000 passwords, hundreds of credit card records, and over 4 million browser cookies via Telegram bot networks and Cloudflare infrastructure.

Warning

Turkish cryptocurrency exchange BTCTurk had temporarily suspended deposits and withdrawals after security firms detected approximately $49 million worth of digital assets leaving its hot wallets—while assuring customers that the majority of funds held in cold storage were secure and notifying law enforcement.

Report

A North Korea-linked hacking group, believed to be Kimsuky (APT43), had conducted a months-long espionage operation from March to mid-2025 targeting at least 19 foreign embassies and ministries in Seoul—disguising spear-phishing emails as diplomatic correspondence and deploying XenoRAT via password-protected ZIP attachments

Report

Researchers at Trail of Bits had crafted a stealthy AI prompt-injection attack where hidden instructions embedded in high-resolution images became visible only after downscaling—tricking AI systems like Google Gemini CLI, Vertex AI Studio, and others into exfiltrating data (e.g., sending Google Calendar entries via Zapier) without user awareness.

Analysis

Salesloft was breached in August 2025 when threat actors from Google’s Threat Intelligence Group–tracked UNC6395 stole OAuth and refresh tokens for its Salesforce-Drift integration, which they used to infiltrate customer Salesforce environments and exfiltrate credentials like AWS keys, passwords, and Snowflake access tokens—though ShinyHunters initially said they were responsible, no conclusive link was established.