KLM Royal Dutch Airlines has confirmed a data breach involving a third-party system that exposed customer data from previous interactions with its customer service team. Affected users, including frequent flyers, were notified via email.

Security researchers have demonstrated a groundbreaking indirect prompt injection attack against Google’s Gemini AI, showing how malicious calendar invites can trigger real-world actions in smart homes.

Researchers have disclosed multiple vulnerabilities across WWBN AVideo, MedDream PACS Premium, and Eclipse ThreadX FileX. These include cross-site scripting (XSS), race conditions, privilege escalation, and buffer overflow issues.

UAC-0099, a threat actor group, is actively targeting Ukrainian defense and government entities using a sophisticated malware delivery chain. The campaign leverages phishing emails with double-archived HTA files to deploy the MATCHBOIL loader.

Ridgefield Public Schools (RPS) in Connecticut was targeted by the ransomware group SafePay on July 24, 2025. SafePay demanded a ransom and threatened to leak 90 GB of stolen data if unpaid.

A new wave of sophisticated EDR killer tools, often packed with HeartCrypt, is being deployed by multiple ransomware groups to disable endpoint defenses and facilitate ransomware execution.

Researchers identified eight operational infrastructure clusters associated with Candiru’s DevilsTongue spyware, a Windows-based surveillance tool. Five of these clusters are currently active, with confirmed links to Hungary and Saudi Arabia.

PBS has confirmed a data breach involving the exposure of sensitive corporate contact information for nearly 4,000 employees and affiliates. The leaked data has been circulating on Discord servers frequented by fans of PBS Kids.

A critical vulnerability in the AI-powered code editor Cursor, identified as “MCPoison,” allows persistent remote code execution through manipulation of the Model Context Protocol (MCP) configuration.