A significant data breach at Dublin and Cork Airports has potentially exposed millions of passengers' travel information. The breach is linked to a third-party supplier, Collins Aerospace, and has raised concerns about the security of sensitive data in the aviation sector.

A new hacking group, Storm-2657, is targeting U.S. universities with sophisticated phishing attacks aimed at hijacking payroll payments. These 'pirate payroll' attacks exploit social engineering tactics to manipulate staff into providing sensitive login information.

The rise of AI-powered ransomware marks a significant shift in the cybersecurity landscape, with 80% of ransomware attacks now utilizing artificial intelligence. This new category of ransomware not only encrypts files but also learns and adapts to maximize damage, posing unprecedented challenges for organizations worldwide.

A sophisticated text message phishing campaign, attributed to the Smishing Triad, is targeting users globally, affecting over 121 countries. The operation utilizes advanced social engineering tactics and operates through a Phishing-as-a-Service ecosystem.

The SideWinder advanced persistent threat group has developed a sophisticated attack methodology utilizing ClickOnce applications to deploy StealerBot malware against diplomatic and governmental targets in South Asia. This campaign marks a significant evolution in their tactics, employing spear-phishing emails and advanced evasion techniques.

The UK government has introduced new anti-ransomware guidance aimed at addressing supply chain vulnerabilities that have led to significant cyber incidents. Developed in collaboration with Singapore, the guidance outlines practical steps for organizations to enhance their supply chain security and prevent exploitation by cyber criminals.

Researchers have identified a new wave of cybersecurity attacks against European drone makers by the Lazarus Group, a North Korean government-affiliated threat actor. This campaign, part of 'Operation DreamJob,' uses social engineering tactics to exfiltrate proprietary information.

Salt Typhoon, a China-linked APT group, is leveraging zero-day exploits and DLL sideloading techniques to conduct sophisticated cyber espionage campaigns against critical infrastructure worldwide. Recent activities include targeting telecommunications and energy sectors, demonstrating advanced capabilities to compromise lawful intercept systems.

Mimecast's latest report reveals a staggering 500% increase in AI-driven phishing and ClickFix schemes as cybercriminals exploit trusted services to bypass email security. The report highlights that phishing now accounts for 77% of all attacks, marking a significant evolution in attacker behavior.

Caminho, a Brazilian Loader-as-a-Service (LaaS), uses Least Significant Bit (LSB) steganography to hide .NET payloads in images, allowing malware to bypass defenses. This threat targets businesses across South America, Africa, and Eastern Europe, utilizing spear-phishing tactics to deliver its payloads.

The Russian state-sponsored APT known as Star Blizzard has transitioned to using a new backdoor, MaybeRobot, following the public disclosure of its LostKeys malware. This change comes as the group continues to employ sophisticated infection techniques to target civil society members in Russia.

GlassWorm malware is exploiting the OpenVSX marketplace to target developers, highlighting the risks associated with third-party software repositories. Developers are urged to exercise caution when downloading extensions.

Researchers have uncovered a large-scale phishing operation known as Smishing Triad, which utilizes text messages to deceive victims. The campaign involves thousands of malicious actors and has registered approximately 195,000 domains since January 2024, primarily targeting sensitive personal information.

As AI becomes integral to various sectors, the need for robust governance frameworks is critical. California's SB 53 is a pioneering step towards regulating AI, but organizations must proactively implement oversight and accountability measures to manage risks effectively.

A phishing campaign is impersonating well-known brands like KFC, Red Bull, and Ferrari to compromise Facebook login details. Malicious emails lead targets to a fake job posting site where they are prompted to enter their credentials.

Russian state-backed hacking group Coldriver has introduced three new malware strains, NOROBOT, YESROBOT, and MAYBEROBOT, following the exposure of their previous tool, LostKeys. These new tools are designed to evade detection and target high-value data.

Amazon's recent AWS outage has highlighted significant vulnerabilities in the automotive manufacturing sector's reliance on cloud infrastructure. The incident, which lasted 15 hours, raised urgent questions about digital resilience and the potential economic impact on production systems that depend heavily on cloud services.

CISA has identified a critical SSRF vulnerability in Oracle E-Business Suite, urging US government organizations to apply patches by November 10. Despite the urgency, Oracle has not confirmed active exploitation of the vulnerability, CVE-2025-61884.

Recent incidents in Australia highlight how poor oversight of AI tools can lead to costly errors and privacy violations. These failures in AI governance reveal significant risks for organizations, particularly in the tech and consultancy sectors.

Major airlines Qantas, Air India, Air France, and KLM have suffered significant data breaches, exposing millions of customer records. The breaches, linked to third-party service providers, have raised serious security concerns across the airline and hospitality sectors.