Uzbekistan's nationwide license plate surveillance system has been exposed to the internet without a password. This lapse reveals the real-time locations of surveillance cameras and millions of photos and videos of vehicles.

A sophisticated adversary-in-the-middle (AiTM) phishing campaign has been identified, targeting Microsoft 365 and Okta users. The campaign bypasses multi-factor authentication (MFA) by hijacking legitimate single sign-on (SSO) authentication flows.

Petco's Vetco Clinics website experienced a significant data breach, exposing sensitive customer and pet information. This breach marks the third data breach for Petco in 2025.

Three London borough councils—Kensington and Chelsea, Westminster, and Hammersmith & Fulham—have been targeted in a coordinated cyberattack, leading to widespread disruption of core public services and operational systems.

The accused allegedly acted as affiliates of the ALPHV ransomware group, targeting at least 5 US-based companies - a Florida-based medical device manufacturer, a Virginia-based drone maker, and a Maryland-headquartered pharmaceutical company.

The FTC has been urged to investigate Flock Safety for failing to enforce adequate cybersecurity measures. Lawmakers raised concerns that stolen police credentials are enabling unauthorized access to Flock’s surveillance camera network.

Security researchers have discovered that as many as half of all geostationary satellites in Earth’s orbit are carrying unencrypted sensitive consumer, corporate, and military information, making this data wide open to eavesdropping.

A critical privacy vulnerability was discovered in the Partiful event planning app, where GPS metadata embedded in user-uploaded images—including public profile photos—was not stripped upon upload.

The call-recording app Neon has been taken offline after a severe security flaw exposed users’ phone numbers, call recordings, transcripts, and metadata. The app failed to secure backend server responses.

A data exposure incident compromised over 273,000 bank transfer documents in India. The breach stemmed from an unsecured Amazon-hosted cloud server, revealing personal and financial information linked to at least 38 banks and financial institutions.