A zero-day vulnerability in the Zimbra Collaboration Suite (ZCS), identified as CVE-2025-27915, has been exploited in targeted attacks using weaponized iCalendar files. This stored cross-site scripting (XSS) flaw allows attackers to steal sensitive data from victims' email accounts.
Collins Aerospace has been targeted by a ransomware attack involving HardBit, causing significant disruptions at major airports across Europe. The attack has led to delays and cancellations, with over a thousand computers reportedly impacted.
Automaker Stellantis has confirmed a data breach that compromised customer contact details through a third-party platform. The breach is linked to the ShinyHunters group, which has targeted multiple Salesforce clients this year.
A recent Yubico survey highlights that nearly half of respondents interacted with phishing emails in the past year, with Gen Z being the most vulnerable demographic. Despite recognizing the insecurity of passwords, many users and organizations still lack adequate protective measures.
The Trinity of Chaos ransomware collective has launched a Data Leak Site on the TOR network, exposing data from 39 companies, including major firms like Google and Cisco. This incident highlights vulnerabilities in Salesforce and the ongoing threat posed by this group, which is linked to Lapsus$ and ShinyHunters.
Discord has reported a data breach affecting a limited number of users after a third-party customer service provider was compromised. Exposed data includes real names, email addresses, and limited billing details, though full credit card numbers and passwords were not accessed.
The cybersecurity landscape is shifting from endless vulnerability management to proactive, automated remediation. This change aims to alleviate alert fatigue and enhance security resilience through innovative approaches in software development.
Japanese beer giant Asahi has confirmed a ransomware attack that has led to significant IT disruptions, forcing the company to shut down factories in Japan. The attack has also resulted in evidence of data theft from compromised devices.
WestJet has disclosed a data breach affecting 1.2 million customers due to a cyber-attack in June 2025. Personal information, including names and contact details, was accessed, although sensitive data such as credit card numbers and passwords remain secure.
Microsoft is updating Outlook to stop displaying inline SVG images in an effort to mitigate security risks associated with phishing and malware. While SVG attachments will still be supported, the change aims to reduce the potential for cross-site scripting (XSS) attacks.
A newly patched VMware vulnerability, tracked as CVE-2025-41244, has been exploited as a zero-day for code execution with elevated privileges. The flaw affects VMware Aria Operations and VMware Tools, allowing attackers to escalate privileges to root on managed VMs.
Unity has revealed a significant security vulnerability affecting games built with its development tool since 2017, urging developers to update immediately. While there is no evidence of exploitation, fixes are available, and platform partners like Valve and Microsoft have implemented mitigations.
ParkMobile has concluded a class action lawsuit related to its 2021 data breach that compromised the data of 22 million users. Affected individuals will receive a $1 in-app credit, which must be claimed manually and has an expiration date.
A recent government survey reveals that six out of ten UK secondary schools have experienced a cyber-attack or breach in the past year, with further education colleges and universities facing even higher rates. Analysts attribute the vulnerability of state schools to funding pressures and a lack of specialist cybersecurity expertise.
A zero-day vulnerability in Zimbra Collaboration Suite (ZCS) has been exploited by hackers using malicious iCalendar files. The flaw, identified as CVE-2025-27915, allows attackers to execute arbitrary JavaScript and steal sensitive data from Zimbra Webmail.
