A major security lapse in TeleMessage, a Signal clone used by U.S. government officials, has led to the exposure of 410GB of sensitive communications. Over 780 CBP officer emails were compromised.

Researchers revealed critical vulnerabilities in satellite and ground station software that could allow attackers to hijack or disable space assets. Exploitation of these bugs could allow attackers to take full control of satellite systems and more.

Google has confirmed a data breach involving one of its Salesforce instances, attributed to the threat actor group UNC6040, linked to the notorious ShinyHunters. The attackers accessed contact information and related notes of SMB customers.

A critical vulnerability in the AI-powered code editor Cursor, identified as “MCPoison,” allows persistent remote code execution through manipulation of the Model Context Protocol (MCP) configuration.

Microsoft Recall continues to capture sensitive data such as credit card numbers and passwords despite built-in filters. Although Microsoft labels Recall as a "preview" app, it is actively pushed during the Windows Out-of-Box Experience (OOBE).

A data breach at a Florida prison has exposed the personal contact information of prison visitors to all inmates, raising significant concerns about potential extortion, harassment, and physical threats to both inmates and their families.

Microsoft has confirmed that the Russian state-sponsored threat group Secret Blizzard (aka Turla, VENOMOUS BEAR) is conducting cyber-espionage operations against foreign embassies in Moscow by exploiting local ISPs.

The SafePay ransomware group posted Ingram Micro to its leak blog on July 29, saying it intends to release 3.5 TB of company data on August 1. Ingram Micro experienced a multi-day outage due to the ransomware attack.

Russia’s largest airline, Aeroflot, experienced a major IT disruption on July 28, 2025, resulting in the cancellation of 49 flights (42 initially, with 7 more added later) and delays ranging from 25 minutes to nearly three hours.

Qdos, a UK-based business insurance and employment status specialist serving tech contractors, has confirmed a data breach involving unauthorized access to one of its web applications, mygoqdos.com.