In a coordinated attack on Kenyan government digital infrastructure, multiple ministry websites—including those of Interior, Health, Education, Energy, Labor, and Water—were defaced with hate-based white supremacist messages.

Princeton University has disclosed a data breach involving its advancement database that houses personal information of donors, alumni, students, faculty, and parents. The breach occurred on November 10 and lasted less than 24 hours.

Multiple critical vulnerabilities have been identified in IBM AIX 7.2, 7.3 and IBM VIOS 3.1, 4.1. These flaws, affecting the Network Installation Manager (NIM) services and credential handling mechanisms, pose major security risks.

The Pennsylvania Office of the Attorney General (OAG) experienced a significant ransomware attack on August 9, 2025, attributed to the INC Ransom gang, a Ransomware-as-a-Service (RaaS) operation.

Under Armour has allegedly been targeted by the Everest ransomware group, which claims to have stolen 343GB of data containing sensitive customer and internal records. The attackers have made sample records available

The EchoGram attack exploits LLM guardrails designed to detect and block malicious prompts. By leveraging carefully selected “flip tokens,” it can silently override guardrail verdicts, enabling prompt injections and false positives.

A critical email spoofing vulnerability discovered in DoorDash’s Business platform enabled unauthorized actors to send branded phishing emails directly from DoorDash's official servers through the free Business account interface.

A major data breach at Chinese cybersecurity firm Knownsec has reportedly exposed over 12,000 files revealing its alleged involvement in developing and deploying state-linked cyber-espionage tools.

Akira ransomware has generated over $244 million in illicit proceeds since late September 2025, showcasing a significant evolution in its tactics and capabilities. The group has expanded its targeting scope to include Nutanix AHV environments.

A medium-severity bug (CVE-2025-10259) has been identified in Mitsubishi Electric's MELSEC iQ-F Series programmable logic controllers (PLCs). The flaw, stemming from improper validation of specified quantity in input, can be exploited remotely.