A data breach at Pajemploi, a French public social service facilitating payroll for parents employing in-home caregivers, has compromised the private data of approximately 1.2 million registered childcare workers.

The Congressional Budget Office (CBO) has confirmed the successful expulsion of threat actors from its email systems following a previously disclosed cyberattack that targeted the agency’s internal communications.

British lawmakers have been warned of a growing espionage campaign spearheaded by China’s Ministry of State Security (MSS), which leverages LinkedIn as a vector to target members of Parliament and policy influencers.

A sophisticated cyberattack employing the emerging modular post-exploitation framework Tuoni targeted a major US real estate firm. The attack began with a well-executed social engineering campaign leveraging Microsoft Teams impersonation.

In a coordinated attack on Kenyan government digital infrastructure, multiple ministry websites—including those of Interior, Health, Education, Energy, Labor, and Water—were defaced with hate-based white supremacist messages.

Princeton University has disclosed a data breach involving its advancement database that houses personal information of donors, alumni, students, faculty, and parents. The breach occurred on November 10 and lasted less than 24 hours.

Multiple critical vulnerabilities have been identified in IBM AIX 7.2, 7.3 and IBM VIOS 3.1, 4.1. These flaws, affecting the Network Installation Manager (NIM) services and credential handling mechanisms, pose major security risks.

The Pennsylvania Office of the Attorney General (OAG) experienced a significant ransomware attack on August 9, 2025, attributed to the INC Ransom gang, a Ransomware-as-a-Service (RaaS) operation.

Under Armour has allegedly been targeted by the Everest ransomware group, which claims to have stolen 343GB of data containing sensitive customer and internal records. The attackers have made sample records available

The EchoGram attack exploits LLM guardrails designed to detect and block malicious prompts. By leveraging carefully selected “flip tokens,” it can silently override guardrail verdicts, enabling prompt injections and false positives.