Rockrose Development, a prominent real estate developer, has notified 47,392 individuals of a data breach that occurred in July 2025. The breach, attributed to the Play ransomware group, compromised sensitive personal information.

A Chrome extension, Urban VPN Proxy, with over six million users, has been found intercepting and exfiltrating user data from AI chatbots like OpenAI ChatGPT and Microsoft Copilot.

PornHub has been targeted by the ShinyHunters extortion gang following a data breach at Mixpanel, a third-party analytics provider. The breach exposed the search and watch history of PornHub Premium members.

Askul Corporation, a major Japanese e-commerce company, suffered a ransomware attack by the RansomHouse group, resulting in the theft of approximately 740,000 customer records.

SoundCloud has confirmed a security breach affecting approximately 28 million accounts, which is 20% of its user base. The breach involved unauthorized access to a database containing user information.

A sophisticated adversary-in-the-middle (AiTM) phishing campaign has been identified, targeting Microsoft 365 and Okta users. The campaign bypasses multi-factor authentication (MFA) by hijacking legitimate single sign-on (SSO) authentication flows.

A critical out of bounds memory access vulnerability has been identified in Google Chromium, tracked as CVE-2025-14174. This vulnerability could allow remote attackers to perform unauthorized memory access via a crafted HTML page.

Fieldtex, a New York-based manufacturer, has notified 247,363 individuals of a data breach that occurred in August 2025. The breach, claimed by the ransomware group Akira, involved the theft of personal information.

PyStoreRAT is a newly identified malware targeting OSINT researchers and IT professionals through GitHub. It is distributed via fake OSINT tools and other software, leveraging AI to build trust and evade detection.

A cyberattack on the Pierce County Library System in Washington has exposed the personal information of over 340,000 individuals. The breach, attributed to the INC ransomware gang, forced the library system to shut down all its systems.