Multiple critical vulnerabilities have been identified in the FreePBX platform, including SQL injection, arbitrary file upload, and an authentication bypass flaw. These vulnerabilities can lead to remote code execution (RCE) if exploited.

Rockrose Development, a prominent real estate developer, has notified 47,392 individuals of a data breach that occurred in July 2025. The breach, attributed to the Play ransomware group, compromised sensitive personal information.

A Chrome extension, Urban VPN Proxy, with over six million users, has been found intercepting and exfiltrating user data from AI chatbots like OpenAI ChatGPT and Microsoft Copilot.

PornHub has been targeted by the ShinyHunters extortion gang following a data breach at Mixpanel, a third-party analytics provider. The breach exposed the search and watch history of PornHub Premium members.

Askul Corporation, a major Japanese e-commerce company, suffered a ransomware attack by the RansomHouse group, resulting in the theft of approximately 740,000 customer records.

SoundCloud has confirmed a security breach affecting approximately 28 million accounts, which is 20% of its user base. The breach involved unauthorized access to a database containing user information.

A sophisticated adversary-in-the-middle (AiTM) phishing campaign has been identified, targeting Microsoft 365 and Okta users. The campaign bypasses multi-factor authentication (MFA) by hijacking legitimate single sign-on (SSO) authentication flows.

A critical out of bounds memory access vulnerability has been identified in Google Chromium, tracked as CVE-2025-14174. This vulnerability could allow remote attackers to perform unauthorized memory access via a crafted HTML page.

Fieldtex, a New York-based manufacturer, has notified 247,363 individuals of a data breach that occurred in August 2025. The breach, claimed by the ransomware group Akira, involved the theft of personal information.

PyStoreRAT is a newly identified malware targeting OSINT researchers and IT professionals through GitHub. It is distributed via fake OSINT tools and other software, leveraging AI to build trust and evade detection.