A zero-day vulnerability in the Zimbra Collaboration Suite (ZCS), identified as CVE-2025-27915, has been exploited in targeted attacks using weaponized iCalendar files. This stored cross-site scripting (XSS) flaw allows attackers to steal sensitive data from victims' email accounts.

Automaker Stellantis has confirmed a data breach that compromised customer contact details through a third-party platform. The breach is linked to the ShinyHunters group, which has targeted multiple Salesforce clients this year.

A recent Yubico survey highlights that nearly half of respondents interacted with phishing emails in the past year, with Gen Z being the most vulnerable demographic. Despite recognizing the insecurity of passwords, many users and organizations still lack adequate protective measures.

Discord has reported a data breach affecting a limited number of users after a third-party customer service provider was compromised. Exposed data includes real names, email addresses, and limited billing details, though full credit card numbers and passwords were not accessed.

The cybersecurity landscape is shifting from endless vulnerability management to proactive, automated remediation. This change aims to alleviate alert fatigue and enhance security resilience through innovative approaches in software development.

WestJet has disclosed a data breach affecting 1.2 million customers due to a cyber-attack in June 2025. Personal information, including names and contact details, was accessed, although sensitive data such as credit card numbers and passwords remain secure.

ParkMobile has concluded a class action lawsuit related to its 2021 data breach that compromised the data of 22 million users. Affected individuals will receive a $1 in-app credit, which must be claimed manually and has an expiration date.

A recent government survey reveals that six out of ten UK secondary schools have experienced a cyber-attack or breach in the past year, with further education colleges and universities facing even higher rates. Analysts attribute the vulnerability of state schools to funding pressures and a lack of specialist cybersecurity expertise.

Joe Tidy, a BBC cybersecurity journalist, was approached by the Medusa ransomware gang, who offered him a cut of ransom payments in exchange for insider access to the BBC's systems. This incident highlights the growing trend of bribery-based attacks targeting employees within organizations.

Jaguar Land Rover was targeted in a cyber-attack that forced the company to shut down computers and factories, raising concerns about the preparedness of British businesses against such threats. The attack has had a devastating impact on JLR's supply chain, leading to layoffs and financial strain on smaller suppliers.