Capita has been fined £14 million following a major data breach in 2023 that compromised the personal data of approximately 6.6 million individuals. The breach was attributed to the Black Basta ransomware group.

Chinese APT group Flax Typhoon exploited ArcGIS Server's Server Object Extension (SOE) to maintain undetected access in a target network for over a year. The attackers used valid admin credentials to deploy a malicious Java SOE.

A high-severity vulnerability, CVE-2025-6264, was spotted in Rapid7's Velociraptor tool. This flaw stems from incorrect default permissions that allow users with specific roles to execute arbitrary commands and potentially take over endpoints.

North Korean state-sponsored actors launched a large-scale supply chain attack campaign, Contagious Interview, targeting blockchain and cryptocurrency developers. The attackers distributed 338 malicious npm packages, downloaded over 50,000 times.

CISA has released a new Industrial Control Systems (ICS) advisory, ICSA-25-287-01, addressing a vulnerability in Rockwell Automation's 1715 EtherNet/IP Comms Module. This is part of a regular release of Industrial Control Systems (ICS) advisories.

A critical vulnerability identified as CVE-2025-24990 affects the Agere Modem Driver in Microsoft Windows. This untrusted pointer dereference flaw enables local attackers to escalate privileges and gain administrator access.

VMware released a security advisory addressing critical vulnerabilities in VMware Tanzu for MySQL on Kubernetes. These bugs affect versions prior to 2.0.0. The vulnerabilities could expose organizations to significant security risk.

A new SEO poisoning campaign is targeting users searching for Ivanti Pulse Secure VPN software, redirecting them to attacker-controlled sites hosting a trojanized installer. The malware steals VPN credentials and exfiltrates them to a C2 server.

A coordinated botnet campaign involving over 100,000 IP addresses from more than 100 countries has been targeting Microsoft Remote Desktop Protocol (RDP) services in the United States. The campaign began on October 8, 2025.

In October 2025, researchers discovered an unprotected Amazon S3 bucket linked to Invoicely, a Vienna-based SaaS invoicing platform. The misconfigured bucket exposed 178,519 sensitive documents.