As the attack surface expands and the threat landscape grows more complex, it’s time to consider whether your data protection strategy is fit for purpose

VirusTotal has discovered a phishing campaign hidden in SVG files that create convincing portals impersonating Colombia's judicial system that deliver malware. [...]

Investigations into the Nx "s1ngularity" NPM supply chain attack have unveiled a massive fallout, with thousands of account tokens and repository secrets leaked. [...]

Microsoft says it has been enforcing multifactor authentication (MFA) for Azure Portal sign-ins across all tenants since March 2025. [...]

Wealthsimple, a leading Canadian online investment management service, has disclosed a data breach after attackers stole the personal data of an undisclosed number of customers in a recent incident. [...]

An Argo CD vulnerability allows API tokens with even low project-level get permissions to access API endpoints and retrieve all repository credentials associated with the project. [...]

Identity Governance & Administration (IGA) is critical to keeping data secure, ensuring only the right people have access to the right resources. But legacy IGA is slow, costly, and code-heavy. Learn from tenfold why Modern IGA solutions deliver faster out-of-the-box integrations, streamlined governance, and built-in compliance. [...]

A critical SAP S/4HANA code injection vulnerability is being leveraged in attacks in the wild to breach exposed servers, researchers warn. [...]

Threat actors have been exploiting a zero-day vulnerability in legacy Sitecore deployments to deploy WeepSteel reconnaissance malware. [...]

Texas Attorney General Ken Paxton has filed a lawsuit against education software company PowerSchool, which suffered a massive data breach in December that exposed the personal information of 62 million students, including over 880,000 Texans. [...]

Chess.com has disclosed a data breach after threat actors gained unauthorized access to a third-party file transfer application used by the platform. [...]

TP-Link has confirmed the existence of an unpatched zero-day vulnerability impacting multiple router models, as CISA warns that other router flaws have been exploited in attacks. [...]

The French data protection authority has fined Google €325 million ($378 million) for violating cookie regulations and displaying ads between Gmail users' emails without their consent. [...]

The browser is now the frontline for cyberattacks. From phishing kits and ClickFix lures to malicious OAuth apps and extensions, attackers are targeting the very place your employees access business-critical apps. Push Security explains how to defend where breaches begin. [...]

Car tire giant Bridgestone confirms it is investigating a cyberattack that impacts the operation of some manufacturing facilities in North America. [...]

Microsoft says the August 2025 security updates are triggering unexpected User Account Control (UAC) prompts and app installation issues for non-admin users across all supported Windows versions. [...]

Threat actors are using Grok, X's built-in AI assistant, to bypass link posting restrictions that the platform introduced to reduce malicious advertising. [...]

The U.S. Department of State is offering a reward of up to $10 million for information on three Russian Federal Security Service (FSB) officers involved in cyberattacks targeting U.S. critical infrastructure organizations on behalf of the Russian government. [...]

Hackers are increasingly using a new AI-powered offensive security framework called HexStrike-AI in real attacks to exploit newly disclosed n-day flaws. [...]