28th July – Threat Intelligence Report - Check Point Research For the latest discoveries in cyber research for the week of 28th July, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES The US Energy Department, including its National Nucl...

28th July – Threat Intelligence Report research.checkpoint.com/2025/28th-ju...

MOVEit Transfer Faces Increased Threats as Scanning Surges and CVE Flaws Are Targeted Surge in scanning activity targets MOVEit Transfer systems, raising concerns over possible exploitation.

MOVEit Transfer Faces Increased Threats as Scanning Surges and CVE Flaws Are Targeted thehackernews.com/2025/06/move...

BeyondTrust warns of pre-auth RCE in Remote Support software BeyondTrust has released security updates to fix a high-severity flaw in its Remote Support (RS) and Privileged Remote Access (PRA) solutions that can let unauthenticated attackers gain remote code ex...

BeyondTrust warns of pre-auth RCE in Remote Support software www.bleepingcomputer.com/news/securit...

Asana warns MCP AI feature exposed customer data to other orgs Work management platform Asana is warning users of its new Model Context Protocol (MCP) feature that a flaw in its implementation potentially led to data exposure from their instances to other users a...

Asana warns MCP AI feature exposed customer data to other orgs www.bleepingcomputer.com/news/securit...

Is b For Backdoor? Pre-Auth RCE Chain In Sitecore Experience Platform Welcome to June! We’re back—this time, we're exploring Sitecore’s Experience Platform (XP), demonstrating a pre-auth RCE chain that we reported to Sitecore in February 2025. We’ve spent a bit of time...

Is b For Backdoor? Pre-Auth RCE Chain In Sitecore Experience Platform labs.watchtowr.com/is-b-for-bac...

Google’s $32 Billion Wiz Deal Draws DOJ Antitrust Scrutiny: Report According to reports, the US Department of Justice will assess whether the deal would harm competition in the cybersecurity market.

Google’s $32 Billion Wiz Deal Draws DOJ Antitrust Scrutiny: Report www.securityweek.com/googles-32-b...

Washington Post's email system hacked, journalists' accounts compromised Email accounts of several Washington Post journalists were compromised in a cyberattack believed to have been carried out by a foreign government.

Washington Post's email system hacked, journalists' accounts compromised www.bleepingcomputer.com/news/securit...

High-Severity Vulnerabilities Patched in Tenable Nessus Agent Three high-severity Tenable Agent vulnerabilities could allow users to overwrite and delete files, or execute arbitrary code.

High-Severity Vulnerabilities Patched in Tenable Nessus Agent www.securityweek.com/high-severit...

CISA Releases Ten Industrial Control Systems Advisories www.cisa.gov/news-events/...

GitLab patches high severity account takeover, missing auth issues GitLab has released security updates to address multiple vulnerabilities in the company's DevSecOps platform, including ones enabling attackers to take over accounts and inject malicious jobs in futur...

GitLab patches high severity account takeover, missing auth issues www.bleepingcomputer.com/news/securit...

'Major compromise' at NHS temping arm never disclosed Exclusive: Incident responders suggested sweeping improvements following Active Directory database heist

'Major compromise' at NHS temping arm exposed gaping security holes go.theregister.com/feed/www.the...

Ivanti Workspace Control hardcoded key flaws expose SQL credentials Ivanti has released security updates to fix three high-severity hardcoded key vulnerabilities in the company's Workspace Control (IWC) solution.

Ivanti Workspace Control hardcoded key flaws expose SQL credentials www.bleepingcomputer.com/news/securit...

OpenAI working to fix ChatGPT outage affecting users worldwide OpenAI is working to fix an ongoing outage impacting ChatGPT users worldwide and preventing them from accessing the chatbot on the web or via mobile and desktop apps.

OpenAI working to fix ChatGPT outage affecting users worldwide www.bleepingcomputer.com/news/technol...

Update: Dumping Entra Connect Sync Credentials Recently, Microsoft changed the way the Entra Connect Connect Sync agent authenticates to Entra ID. These changes affect attacker tradecraft, as we can no longer export the sync account credentials…

Update: Dumping Entra Connect Sync Credentials posts.specterops.io/update-dumpi...

Supply chain attack hits Gluestack NPM packages with 960K weekly downloads A significant supply chain attack hit NPM after 15 popular Gluestack packages with over 950,000 weekly downloads were compromised to include malicious code that acts as a remote access trojan (RAT).

Supply chain attack hits Gluestack NPM packages with 960K weekly downloads www.bleepingcomputer.com/news/securit...

Crims breached 100k UK tax accounts to steal £43M from HMRC : It’s definitely not a cyberattack though! Really!

HMRC: Crooks broke into 100k accounts, stole £43M from British taxpayer in late 2024 go.theregister.com/feed/www.the...

US offers $10M for tips on state hackers tied to RedLine malware The U.S. Department of State has announced a reward of up to $10 million for any information on government-sponsored hackers with ties to the RedLine infostealer malware operation and its suspected cr...

US offers $10M for tips on state hackers tied to RedLine malware www.bleepingcomputer.com/news/securit...

Vodafone Germany Fined $51 Million Over Privacy, Security Failures Germany fined Vodafone $51 million for failing to protect user data from partners and unauthorized third-parties.

Vodafone Germany Fined $51 Million Over Privacy, Security Failures www.securityweek.com/vodafone-ger...

Exclusive: Hackers Leak 86 Million AT&T Records with Decrypted SSNs Follow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread

Exclusive: Hackers Leak 86 Million AT&T Records with Decrypted SSNs hackread.com/hackers-leak...

Sleeper Sound: LayerX Uncovers Malicious “Sleeper” Sound Management Extensions with Nearly 1.5 Million Users Worldwide - LayerX LayerX has unearthed network of malicious “sleeper agent” extensions that appear to serve as infrastructure for future malicious activity, currently installed on nearly 1.5 million users worldwide.   ...

Sleeper Sound: LayerX Uncovers Malicious “Sleeper” Sound Management Extensions with Nearly 1.5 Million Users Worldwide layerxsecurity.com/blog/sleeper...

Vulnerability leaks Vanta customer info TechCrunch reports that leading trust management platform Vanta had private information from less than 4% of its over 10,000 clients inadvertently exposed to other customers due to a product code chan...

Vulnerability leaks Vanta customer info www.scworld.com/brief/vulner...

Police takes down AVCheck site used by cybercriminals to scan malware An international law enforcement operation has taken down AVCheck, a service used by cybercriminals to test whether their malware is detected by commercial antivirus software before deploying it in th...

Police takes down AVCheck site used by cybercriminals to scan malware www.bleepingcomputer.com/news/securit...

Threat Actor Claims TikTok Breach, Puts 428 Million Records Up for Sale Follow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread

Threat Actor Claims TikTok Breach, Puts 428 Million Records Up for Sale hackread.com/threat-actor...

Adidas confirms data swiped from customer service provider : Hackers take personal data bytes from the brand with three stripes

Adidas confirms criminals stole data from customer service provider go.theregister.com/feed/www.the...

Alleged AT&T breach compromises 31M records AT&T had a database purportedly including 31 million sensitive user records exposed on a popular hacking forum, reports Cybernews.

Alleged AT&T breach compromises 31M records www.scworld.com/brief/allege...

M&S warns of £300M dent in profits from cyberattack : Downtime stings retailer, with technical recovery costs coming at a later date

M&S warns of £300M dent in profits from cyberattack go.theregister.com/feed/www.the...

SK Telecom says malware breach lasted 3 years, impacted 27 million numbers SK Telecom says that a recently disclosed cybersecurity incident in April, first occurred all the way back in 2022, ultimately exposing the USIM data of 27 million subscribers.

SK Telecom says malware breach lasted 3 years, impacted 27 million numbers www.bleepingcomputer.com/news/securit...

Coinbase Extorted, Offers $20M for Info on Its Hackers Coinbase is going Liam Neeson on its attackers, potentially setting a new precedent for incident response in the wake of crypto- and blockchain-targeting cyberattacks.

Coinbase Extorted, Offers $20M for Info on Its Hackers www.darkreading.com/cyberattacks...

The Epoch Times purportedly hacked, 32M records exposed International far-right media outlet The Epoch Times was reported by SafetyDetectives cybersecurity experts to have a database of 32 million records allegedly stolen from its systems leaked online, ac...

The Epoch Times purportedly hacked, 32M records exposed www.scworld.com/brief/the-ep...

Broadcom data stolen in payroll provider ransomware raid EXCLUSIVE: The tech biz was in the process of dropping the payroll company as it learned of the breach

Broadcom employee data stolen by ransomware crooks following hit on payroll provider go.theregister.com/feed/www.the...