Between late 2024 and early 2025, the percentage of customers affected by security incidents nearly tripled, rising from 6% to 17%. Over half of these incidents began at the initial access stage.

The Royal and BlackSuit ransomware gangs, believed to be successors of the Conti syndicate, have compromised over 450 U.S. organizations since 2022, collecting more than $370 million in ransom payments.

The Australian Information Commissioner (AIC) has initiated civil proceedings against telecommunications provider Optus over a 2022 data breach that compromised the personal information of 9.5 million Australians.

Findings indicate that Siri and related services may transmit sensitive user data to Apple servers beyond what is disclosed in Apple’s privacy policies, raising questions about user consent, data handling transparency, and more.

Columbia University has disclosed a significant data breach that compromised the sensitive information of 868,969 individuals, including current and former students, employees, applicants, and their family members.

A new malware campaign involving the Efimer Trojan has been observed targeting cryptocurrency users and WordPress site administrators. Efimer is a ClipBanker-type Trojan that steals and replaces cryptocurrency wallet addresses.

On August 8, 2025, Juniper Networks issued Security Advisory AV25-491 to address multiple vulnerabilities in Juniper Secure Analytics (JSA). These vulnerabilities affect versions 7.5.0 up to but not including 7.5.0 UP12 IF03.

ScarCruft, a North Korean state-sponsored cyber-espionage group, has taken the unusual step of deploying a new ransomware named VCD in its latest campaign. ScarCruft used phishing emails with malicious archive attachments to gain initial access.

The US federal judiciary issued a statement confirming that its electronic case management system had been compromised in a cyberattack. The judiciary is implementing enhanced cybersecurity measures to protect sensitive legal documents and case data.

Bouygues Telecom, France’s third-largest mobile operator, has confirmed a significant cyberattack that compromised the personal data of approximately 6.4 million customer accounts.