Massive Data Breaches Expose Billions, as Critical Zero-Days in Apple and Google Products See Active Exploitation

Fintech Firm 700Credit Reports Data Breach Impacting 5.6 Million, Exposing Social Security Numbers

The U.S. fintech company 700Credit, a major provider of credit reports and data services to the automotive industry, has disclosed a data breach affecting at least 5.6 million individuals. The incident, which occurred in October 2025, resulted in an unauthorized actor gaining access to and stealing a significant amount of personally identifiable information (PII). The compromised data includes names, addresses, dates of birth, and Social Security numbers. 700Credit serves approximately 18,000 auto dealerships, and the breach involved data collected between May and October 2025. The company is providing credit monitoring services to affected individuals, and authorities are urging victims to consider credit freezes to prevent identity theft and fraud.

700CreditData BreachFintechAutomotivePII +1 more

Data Breach

Phishing

Regulatory

New 'Gentlemen' Ransomware Group Deploys Advanced GPO and BYOVD Attacks

Emerging Threat: "Gentlemen" Ransomware Group Utilizes Double Extortion, GPO Manipulation, and BYOVD Techniques

A new ransomware operation, identifying itself as the "Gentlemen" group, has been observed conducting double-extortion attacks against corporate networks. The group employs sophisticated techniques to achieve its objectives, including the manipulation of Group Policy Objects (GPOs) for wide-scale ransomware deployment across victim networks. Additionally, the threat actor leverages the 'Bring Your Own Vulnerable Driver' (BYOVD) technique to escalate privileges and disable or bypass endpoint security solutions. The emergence of the Gentlemen group highlights the continued evolution in ransomware tactics, combining data theft with advanced defense evasion and lateral movement strategies.

GentlemenRansomwareThreat ActorDouble ExtortionBYOVD +1 more

Ransomware

Threat Actor

Malware

CVSS 10.0: Atlassian Patches Critical RCE Flaw in Apache Tika Dependency

CRITICAL

Atlassian Patches Critical Flaw (CVE-2025-66516) in Apache Tika with CVSS Score of 10.0

Atlassian has issued security updates for a critical vulnerability, CVE-2025-66516, in the Apache Tika parser library, a third-party dependency used in many of its products. The flaw, which carries a perfect CVSS score of 10.0, is an XML External Entity (XXE) injection vulnerability. It can be exploited by uploading a specially crafted file, such as a PDF containing a malicious XFA, potentially leading to information disclosure, server-side request forgery (SSRF), or even remote code execution (RCE). The vulnerability affects a wide range of Atlassian's server and data center products, including Jira, Confluence, and Bamboo. Customers are urged to apply the patches immediately.

CVE-2025-66516AtlassianApache TikaXXERCE +2 more

CVSS 10.0: Atlassian Patches Critical RCE Flaw in Apache Tika Dependency

Vulnerability

Patch Management

xHunt Espionage Group Returns, Targeting Kuwait with New PowerShell Backdoors

Cyber-Espionage Group xHunt Resurfaces with Campaign Targeting Kuwaiti Government and Shipping Sectors

The cyber-espionage threat actor known as xHunt has resumed operations with a new campaign targeting organizations in Kuwait. Active since at least 2018, the group is focusing its latest attacks on the shipping, transportation, and government sectors. Researchers have observed xHunt infiltrating networks by targeting Microsoft Exchange and IIS web servers. Once inside, the group deploys a family of custom PowerShell-based backdoors, with tool names like 'Hisoka' and 'Netero' derived from the anime 'Hunter x Hunter'. The campaign's objective appears to be long-term intelligence collection and espionage, leveraging stealthy techniques to maintain persistence.

xHuntCyber EspionageThreat ActorKuwaitMicrosoft Exchange +2 more

xHunt Espionage Group Returns, Targeting Kuwait with New PowerShell Backdoors

Threat Actor

Cyberattack

Malware

New '01flip' Ransomware, Written in Rust, Targets Critical Infrastructure in APAC

Cross-Platform "01flip" Ransomware Written in Rust Targets Critical Infrastructure with Sliver C2

A new and stealthy cross-platform ransomware strain named "01flip" has been discovered targeting critical infrastructure organizations in the Asia-Pacific region. The malware is written in the Rust programming language, enabling it to be compiled for both Windows and Linux systems and enhancing its ability to evade detection. Attackers have been observed exploiting exposed services for initial access, then deploying the open-source Sliver command-and-control (C2) framework for reconnaissance and lateral movement before executing the 01flip ransomware. The campaign highlights a growing trend of threat actors using modern, memory-safe languages like Rust to develop more sophisticated and evasive malware.

01flipRansomwareRustSliver C2Cross-Platform +2 more

Ransomware

Malware

Industrial Control Systems

LastPass Fined £1.2M by UK Regulator Over 2022 Security Failures

MEDIUM

UK's ICO Fines LastPass £1.2 Million for Security Failures Leading to 2022 Data Breach

The UK's Information Commissioner's Office (ICO) has fined password manager provider LastPass £1.2 million (approximately $1.6 million) for significant security failures that led to a major data breach in 2022. The regulator found that LastPass failed to implement adequate technical and security measures to protect its users' data. The 2022 incident resulted in a threat actor gaining unauthorized access to a backup database, which contained the data of 1.6 million UK users, including encrypted password vaults. The fine highlights the serious regulatory consequences for security companies that do not meet their data protection obligations.

LastPassICOData BreachFineRegulatory +1 more

4 min read

LastPass Fined £1.2M by UK Regulator Over 2022 Security Failures

Regulatory

Data Breach

Policy and Compliance

India Confirms GPS Spoofing Attacks Targeted Seven Major Airports

Indian Government Acknowledges GPS Spoofing Incidents at Seven Major Airports, Including Delhi and Mumbai

The Indian government has officially confirmed that a series of cyber incidents involving GPS spoofing have occurred at seven of the nation's major airports. The attacks, which targeted airports in Delhi, Mumbai, Kolkata, and Bengaluru among others, disrupted navigation data for aircraft utilizing GPS-based landing procedures. Despite the signal manipulation, government officials reported that no flights were canceled or diverted. The successful handling of the incidents was attributed to the implementation of contingency measures and robust safeguards by Air Traffic Control, which allowed for safe operations using alternative navigation aids. The events underscore the growing vulnerability of critical transportation infrastructure to cyberattacks.