A critical data breach at The Washington Post has compromised sensitive personal and financial information of 9,720 employees and contractors. The breach was facilitated through a zero-day vulnerability in Oracle E-Business Suite (CVE-2025-61884).

DoorDash has disclosed a data breach, involving unauthorized access to user data through a social engineering attack. Notification emails began reaching affected users the evening before the public disclosure, primarily targeting users in Canada.

Two critical bugs in Cisco ASA and FTD firewalls—CVE-2025-20362 and CVE-2025-20333—are being actively exploited in the wild. Initially used for remote code execution and unauthorized access, these flaws are now also being leveraged in DoS attacks.

The U.S. Congressional Budget Office (CBO) has confirmed a cybersecurity incident involving unauthorized access to its network, suspected to be the work of a foreign threat actor.

A malicious Visual Studio Code extension named susvsex, published by suspublisher18, was discovered on the official VS Code marketplace. The extension exhibited ransomware-like behavior.

The University of Pennsylvania has confirmed a significant data breach involving the compromise of internal systems related to development and alumni activities. The breach resulted in the theft of sensitive donor data and internal documents.

Gootloader, a JavaScript-based malware loader, has resumed operations after a 7-month hiatus. The malware is being distributed through SEO poisoning campaigns that promote fake websites offering free legal document templates.

Hyundai AutoEver America (HAEA) has disclosed a data breach involving unauthorized access to its IT environment. The breach affected HAEA’s internal systems, potentially compromising the personal data of individuals associated with the company.

A recent data breach at Japanese media conglomerate Nikkei has compromised the personal information of 17,368 individuals, including employees and business partners, following unauthorized access to its Slack messaging platform.

A significant data breach at Swedish IT systems supplier Miljödata has compromised the personal data of approximately 1.5 million individuals. The breach is attributed to the threat actor Datacarry.