Kearney Public Schools (KPS) is fighting with a cybersecurity incident that has disrupted its entire technology network, affecting phones, computers, and other digital systems across the district.

A threat actor group identifying as Scattered Lapsus$ Hunters claimed responsibility for a massive data breach involving Australian telecom giant Telstra. The group claims to have exfiltrated over 100GB of PII.

Western Sydney University has been targeted in a widespread phishing scam involving fraudulent emails sent to students and alumni. These emails falsely claimed that recipients’ degrees had been revoked.

A critical vulnerability, tracked as CVE-2025-27237, has been identified in Zabbix Agent and Agent2 for Windows. This flaw allows local users to escalate privileges to SYSTEM level by exploiting insecure OpenSSL configuration file handling.

Researchers have uncovered a novel technique to bypass Address Space Layout Randomization (ASLR) in Apple devices by exploiting deterministic behaviors in the NSKeyedArchiver and NSKeyedUnarchiver serialization frameworks.

Researchers have identified 22 vulnerabilities currently under active exploitation, with 12 detected via honeypot sensors and 10 exploited by ransomware groups. Notably, nine of these vulnerabilities are not listed in CISA’s KEV catalog.

The ransomware group Qilin emerged as the most dominant threat actor in August, claiming responsibility for 104 attacks during the month alone. Since April, Qilin has amassed a total of 398 victims, placing it more than 70% ahead of Akira.

APT28 (aka Fancy Bear, Sofacy, Sednit) has launched a sophisticated cyber-espionage campaign dubbed "Phantom Net Voxel," combining steganography, cloud-based command-and-control (C2), and modular implants.

A sophisticated cyberattack campaign attributed to APT28 (Fancy Bear), a Russian GRU-linked threat actor, has targeted Ukrainian government systems. The campaign deployed two novel malware strains—BEARDSHELL and SLIMAGENT.

Hewlett Packard Enterprise (HPE) has disclosed eight vulnerabilities in its StoreOnce data backup and deduplication platform, with the most critical being CVE-2025-37093. This authentication bypass flaw carries a CVSS score of 9.8.