This daily summary highlights significant cybersecurity developments, including an expanded AssuranceAmerica data breach now impacting approximately 6.9 million individuals with exposed personal information. Microsoft's July Patch Tuesday addressed over 600 vulnerabilities, including two zero-days, with updated guidance on remediation and hardening. A sophisticated AsyncAPI supply chain attack on NPM, leveraging compromised GitHub tokens, deployed the Miasma RAT, with new indicators of compromise released.
SonicWall has issued urgent patches for two zero-day vulnerabilities in its SMA 1000 series, actively exploited in the wild and now on CISA's Known Exploited Vulnerabilities catalog. A Sophos report indicates identity compromise has surpassed vulnerability exploitation as the leading ransomware vector. The White House launched 'Gold Eagle,' an AI-powered hub for vulnerability management. Deutsche Bank confirmed a vendor breach, and Aphena Pharma Solutions and Cedar Crest College were targeted by Chaos and Nightspire ransomware, respectively.
New macOS malware 'CrashStealer' bypasses security to steal passwords and cryptocurrency data. Unpatched flaws in the 'Claude for Chrome' extension pose a risk to Google Workspace data. The INC_RANSOM group claimed an attack on law firm Golden Glasko Haddy. Finally, a new Windows zero-day exploit, 'LegacyHive,' was published post-Patch Tuesday, allowing low-privileged users to access sensitive registry data.
Help others stay informed about cybersecurity threats
Curated and deduplicated every day from dozens of trusted sources — giving you one clean, consolidated view of what matters in cybersecurity.
Related stories are merged into a single evolving article rather than repeated as separate entries — cutting through noise so you only read what's new.
Every entry links to its full enriched article — complete with MITRE ATT&CK mappings, extracted IOCs, and actionable detection and mitigation guidance.