Risk
-
Breach of RemoteCOM surveillance service exposes records of nearly 14,000 monitored people
A breach of RemoteCOM’s SCOUT monitoring system exposed nearly 14,000 records of people under court supervision and contact details for thousands of officers, with leaked files showing device monitoring data, activity alerts and fees for monitored individuals.
-
Researchers disclose three now-patched vulnerabilities in Google’s Gemini AI
Researchers disclosed three patched vulnerabilities in Google’s Gemini AI that could have exposed users to privacy risks, affecting Cloud Assist, the Search Personalization model and the Browsing Tool, Tenable said; Google has applied mitigations.
-
CISA to end cooperative agreement and federal funding for Center for Internet Security
CISA said it will end its cooperative agreement with the Center for Internet Security on Sept. 30, 2025, ceasing federal funding for programs such as the MS-ISAC. CIS said it will shift MS-ISAC to a fee-based model after federal cuts, and officials warned the move could affect threat-sharing and election security.
-
Asahi suspends Japan operations after cyberattack
Asahi Group Holdings said a cyberattack has forced a halt to ordering, shipping and customer service operations in Japan; the company is investigating and said there is no confirmed data leakage so far but gave no recovery timeline.
-
Phishing campaign impersonates Ukrainian police to deliver data stealer and cryptominer
FortiGuard Labs reported a fileless phishing campaign impersonating Ukraine’s National Police that uses malicious SVG attachments to deliver Amatera Stealer and PureMiner, harvesting credentials and installing a cryptominer on Windows systems.
-
Chinese state-sponsored group RedNovember exploited enterprise network gear in global campaign, researchers say
Recorded Future says a Chinese state-sponsored group called RedNovember ran a global espionage campaign from June 2024 to July 2025, exploiting vulnerabilities in enterprise network appliances to breach defense contractors, government agencies and other organizations and using publicly available tools to maintain persistent access.
-
Researchers find malicious ‘postmark-mcp’ npm package that forwarded emails to attacker
Researchers say a malicious npm package named “postmark-mcp” copied an official library and, beginning with version 1.0.16, BCC’d every email to an external address, exposing potentially sensitive communications; the package has been removed from npm and users are urged to revoke credentials and check logs.
-
Akira campaign bypasses OTP MFA on SonicWall VPNs, researchers say
Researchers report the Akira ransomware group has successfully logged into SonicWall SSL VPN accounts protected by OTP MFA, possibly using previously stolen OTP seeds. Vendors including SonicWall and Arctic Wolf advise installing updates and resetting VPN credentials while investigations continue.
-
Fake Microsoft Teams installers promoted in search ads deliver Oyster backdoor, researchers say
Search ads and SEO poisoning have been used to promote fake Microsoft Teams installers that deliver the Oyster backdoor to Windows machines, researchers said; the trojanized installer drops a DLL and creates a scheduled task for persistence.
-
Volvo North America confirms employee data exposure after Miljödata ransomware attack
Volvo North America confirmed that attackers accessed employee data after its HR-system provider Miljödata was hit by a ransomware attack, exposing names and Social Security numbers and affecting a wide network of Swedish municipalities and institutions.
