A threat actor group identifying as Scattered Lapsus$ Hunters claimed responsibility for a massive data breach involving Australian telecom giant Telstra. The group claims to have exfiltrated over 100GB of PII.

Salesforce has confirmed it will not comply with extortion demands following a series of cyberattacks attributed to a threat group linked to Scattered Spider, Lapsus$, and ShinyHunters.

GitLab issued a security advisory (AV25-650) addressing multiple vulnerabilities in GitLab Community Edition (CE) and Enterprise Edition (EE). The vulnerabilities affect versions prior to 18.4.2, 18.3.4, and 18.2.8.

Western Sydney University has been targeted in a widespread phishing scam involving fraudulent emails sent to students and alumni. These emails falsely claimed that recipients’ degrees had been revoked.

ABB has disclosed a high-severity vulnerability (CVE-2021-22291) affecting its EIBPORT V3 KNX and EIBPORT V3 KNX GSM products. The vulnerability, rated with a CVSS score of 8.5, involves improper input neutralization during web page generation.

A critical vulnerability, tracked as CVE-2025-27237, has been identified in Zabbix Agent and Agent2 for Windows. This flaw allows local users to escalate privileges to SYSTEM level by exploiting insecure OpenSSL configuration file handling.

A widespread extortion campaign is targeting Oracle customers with emails claiming data theft from Oracle’s E-Business Suite. The emails are allegedly linked to the Clop ransomware group.

Researchers have uncovered a novel technique to bypass Address Space Layout Randomization (ASLR) in Apple devices by exploiting deterministic behaviors in the NSKeyedArchiver and NSKeyedUnarchiver serialization frameworks.

Flaws have been identified in GitLab Community Edition (CE) and Enterprise Edition (EE), affecting versions prior to 18.4.1, 18.3.3, and 18.2.7. GitLab has released a security advisory and corresponding patch updates to address these issues.

The report focuses on DOGE’s activities at the General Services Administration (GSA), Office of Personnel Management (OPM), and Social Security Administration (SSA), revealing multiple instances of potential cybersecurity violations.