A new supply chain attack called GhostAction has compromised 817 GitHub repositories, stealing at least 3,325 secrets including npm, PyPI, and DockerHub tokens. Researchers at GitGuardian linked the incident to malicious commits designed to harvest CI/CD credentials from open-source projects. How the Attack Started On September 2, 2025, a GitHub…
Google has released its September 2025 Android security update, patching 120 vulnerabilities, including two zero-day flaws already exploited in targeted attacks. The update addresses weaknesses across multiple Android components, with fixes available for devices running supported versions. The Two Zero-Days Under Attack Google confirmed active exploitation of two privilege escalation…
Cloudflare has confirmed a data breach affecting customer support case data, following the exploitation of its Salesforce environment through the Salesloft Drift supply chain attack. The company stressed that its core systems and infrastructure were not impacted, but sensitive case information tied to customer support was exposed. How the Breach…
Thousands of ChatGPT conversations leaked online in August 2025, revealing how users treat AI as therapists, lawyers, and confidants. The leak highlighted not just a product flaw, but the risks of oversharing sensitive information with AI chatbots. The exposed data included resumes, personal identifiers, health discussions, and private advice requests.…
WhatsApp has patched a critical 0-day vulnerability actively exploited against iOS and macOS users. The flaw, tracked as CVE-2025-55177, enabled attackers to deploy zero-click spyware capable of stealing sensitive data without any user interaction. Meta, WhatsApp’s parent company, confirmed that the bug was exploited in targeted attacks against “specific users”…
TransUnion confirmed a major data breach affecting 4.4 million U.S. consumers, after attackers exploited a Salesforce environment to exfiltrate sensitive records. The breach exposed Social Security numbers (SSNs), personal identifiers, and other data tied to consumer credit files. Google’s Threat Analysis Group (TAG) linked the attack to UNC6395, the same…
Security researchers uncovered a supply chain attack targeting macOS developers that compromised thousands of credentials. The campaign, dubbed “s1ngularity,” exploited versions 20.9.0 to 21.8.0 of Nx, a popular open-source build framework, according to analysis from GitGuardian. The breach highlights the growing overlap between macOS attacks and the broader ecosystem of…
On July 26, 2025, Allianz Life’s 1.4M customers hit by a vendor CRM breach via social engineering. PII stolen, raising cyber insurance concerns.
The AI researchers identified a surge on July 26, 2025 in malicious applications impersonating prominent financial institutions, launching a wave of phishing apps aimed at stealing customer login information. Victims across multiple countries reported unauthorized transactions within hours of installing the fake software, calling attention to a spike in banking…
On July 22, 2025, Dell confirmed that its product demonstration platform was targeted by the World Leaks extortion gang, who claimed a Dell data breach occurred and threatened to release sensitive data. Dell swiftly responded, stating that no genuine customer or sensitive information was compromised and that the purported “stolen…
