Electronic components distributor Avnet confirmed in a statement for BleepingComputer that it suffered a data breach but noted that the stolen data is unreadable without proprietary tools. [...]

Security teams are drowning in threat intel — but AI is changing that. AI-powered Breach and Attack Simulation turns new threats into real, testable scenarios in minutes — delivering proof that your defenses work, not just assumptions. Join the BAS Summit 2025 to see how AI redefines security validation. [...]

This week, Google has launched an AI Vulnerability Reward Program dedicated to security researchers who find and report flaws in the company's AI systems. [...]

Enterprise software giant Red Hat is now being extorted by the ShinyHunters gang, with samples of stolen customer engagement reports (CERs) leaked on their data leak site. [...]

A cybercrime group, tracked as Storm-1175, has been actively exploiting a maximum severity GoAnywhere MFT vulnerability in Medusa ransomware attacks for nearly a month. [...]

A new hacking competition called Zeroday Cloud, focused on open-source cloud and AI tools, announced a total prize pool of $4.5 million in bug bounties for researchers that submit exploits for various targets. [...]

The Redis security team has released patches for a maximum severity vulnerability that could allow attackers to gain remote code execution on thousands of vulnerable instances. [...]

AI is transforming cybersecurity—from detecting phishing and insider threats to accelerating response. See how Waziuh, the open-source XDR and SIEM, integrates AI to turn raw security data into actionable insights and smarter threat hunting. [...]

A code execution vulnerability in the Unity game engine could be exploited to achieve code execution on Android and privilege escalation on Windows. [...]

New versions of the XWorm backdoor are being distributed in phishing campaigns after the original developer, XCoder, abandoned the project last year. [...]

Oracle is warning about a critical E-Business Suite zero-day vulnerability tracked as CVE-2025-61882 that allows attackers to perform unauthenticated remote code execution, with the flaw actively exploited in Clop data theft attacks. [...]

Researchers monitoring for larger.ICS calendar attachments found that a flaw in Zimbra Collaboration Suite (ZCS) was used in zero-day attacks at the beginning of the year. [...]

ParkMobile has finally wrapped up a class action lawsuit over the platform's 2021 data breach that hit 22 million users. But there's a catch: victims are receiving compensation in the form of a $1 in-app credit, which they must claim manually. And, it comes with an expiration date. [...]

Signal announced the introduction of Sparse Post-Quantum Ratchet (SPQR), a new cryptographic component designed to withstand quantum computing threats. [...]

Customers of Renault and Dacia in the United Kingdom have been notified that sensitive information they shared with the car maker was compromised following a data breach at a third-party provider. [...]

Japanese beer-making giant Asahi has disclosed today that a ransomware attack caused the IT disruptions that forced it to shut down factories this week. [...]

An extortion group has launched a new data leak site to publicly extort dozens of companies impacted by a wave of Salesforce breaches, leaking samples of data stolen in the attacks. [...]

A new attack called 'CometJacking' exploits URL parameters to pass to Perplexity's Comet AI browser hidden instructions that allow access to sensitive data from connected services, like email and calendar. [...]

Boards want answers on AI: Where is it used? What risks does it create? How is it governed? Keep Aware released a free template to help CISOs present GenAI adoption, risk, exposure & controls clearly to leadership. [...]

Oracle has linked an ongoing extortion campaign claimed by the Clop ransomware gang to E-Business Suite (EBS) vulnerabilities that were patched in July 2025. [...]

Google says that Gmail enterprise users can now send end-to-end encrypted emails to people who use any email service or platform. [...]

Microsoft says Outlook for Web and the new Outlook for Windows will no longer display risky inline SVG images that are being used in attacks. [...]

Networking hardware maker DrayTek released an advisory to warn about a security vulnerability in several Vigor router models that could allow remote, unauthenticated actors to execute perform arbitrary code. [...]

Bug bounty platform HackerOne announced that it paid out $81 million in rewards to white-hat hackers worldwide over the past 12 months. [...]

A ransomware attack at Motility Software Solutions, a provider of dealer management software (DMS), has exposed the sensitive data of 766,000 customers. [...]