The Children's Council of San Francisco has notified 12,655 individuals of a data breach that compromised names and Social Security numbers. The breach, claimed by the ransomware group SafePay, occurred on August 3, 2025.

LastPass users are being targeted by a sophisticated phishing campaign that uses spoofed security alerts to steal master passwords. The campaign involves fake email threads and display name spoofing to deceive users into revealing their credentials.

The "BadPaw" malware campaign targets Ukraine, leveraging a Ukrainian email service to enhance credibility. The attack involves a decoy document referencing a Ukrainian government border crossing appeal.

A threat actor has launched an extortion campaign targeting patrons of restaurants using the HungerRush POS platform. The attacker claims to have access to sensitive customer data and demands a response from HungerRush to prevent data exposure.

Security researchers from Huntress, Jai Minton, and Ryan Dowd, identified malicious GitHub repositories exploiting Bing AI search results to distribute information stealers and GhostSocks malware.

LexisNexis Legal & Professional confirmed a data breach where hackers accessed its AWS infrastructure via the React2Shell vulnerability. The breach resulted in the exposure of legacy data, including information related to U.S. government employees.

A sophisticated campaign has been identified where threat actors impersonate IT support to deploy the Havoc C2 framework, leading to potential data exfiltration or ransomware attacks.

CISA has added two vulnerabilities, CVE-2026-21385 and CVE-2026-22719, to its Known Exploited Vulnerabilities (KEV) Catalog. These vulnerabilities are actively exploited and pose significant risks to federal enterprises.

A critical command injection vulnerability, CVE-2026-22719, in VMware Aria Operations has been exploited in the wild. This flaw allows unauthenticated attackers to execute arbitrary commands, potentially leading to remote code execution.

AkzoNobel, a leading paint and coatings company, has confirmed a cyberattack on one of its U.S. sites by the Anubis ransomware gang. The intrusion has been contained, and the impact is limited.