The Shinhan Card data breach has exposed the personal information of approximately 192,000 card merchants. This incident highlights the risks associated with internal misconduct within financial institutions.

A critical security flaw in Somalia's e-visa system has been identified, exposing sensitive personal data of travelers. This vulnerability allows unauthorized access to passport details, full names, and birth dates.

Coupang, a leading South Korean e-commerce platform, has experienced a massive data breach affecting nearly 34 million customers. This incident is one of the largest cybersecurity breaches in South Korea in recent years.

A data breach at Mixpanel—a third-party analytics vendor used by OpenAI—has led to the exposure of limited identifiable information belonging to some OpenAI API users. The breach was exclusively attributed to Mixpanel.

A threat actor known as Dark Storm, a pro-Russian hacktivist collective, has escalated its cyber disruption campaigns across Europe and Russia, increasingly targeting government institutions and critical infrastructure.

Multiple critical vulnerabilities have been identified in IBM AIX 7.2, 7.3 and IBM VIOS 3.1, 4.1. These flaws, affecting the Network Installation Manager (NIM) services and credential handling mechanisms, pose major security risks.

A significant rise in cyberattacks is impacting the Asia-Pacific (APAC) region, particularly in Australia and neighboring nations. Threat actors are exploiting vulnerabilities in SonicWall VPNs (CVE-2024-40766), targeting Microsoft 365 accounts.

Following the public disclosure of its LOSTKEYS malware in May 2025, the Russian state-sponsored threat group known as COLDRIVER, also tracked under aliases such as UNC4057, Star Blizzard, and Callisto, has rapidly evolved its cyber operations.

A new Android malware campaign, GhostBat RAT, is actively targeting Indian users by impersonating the legitimate mParivahan app. This malware is designed to steal financial data, mine cryptocurrency, and exfiltrate SMS messages.

A critical vulnerability (CVE-2025-4389) in the Crawlomatic Multisite Scraper Post Generator WordPress plugin allows unauthenticated attackers to upload arbitrary files, leading to remote code execution.