A significant data breach at Dublin and Cork Airports has potentially exposed millions of passengers' travel information. The breach is linked to a third-party supplier, Collins Aerospace, and has raised concerns about the security of sensitive data in the aviation sector.

A sophisticated text message phishing campaign, attributed to the Smishing Triad, is targeting users globally, affecting over 121 countries. The operation utilizes advanced social engineering tactics and operates through a Phishing-as-a-Service ecosystem.

Salt Typhoon, a China-linked APT group, is leveraging zero-day exploits and DLL sideloading techniques to conduct sophisticated cyber espionage campaigns against critical infrastructure worldwide. Recent activities include targeting telecommunications and energy sectors, demonstrating advanced capabilities to compromise lawful intercept systems.

Google has removed over 3,000 YouTube videos that were spreading password-stealing malware disguised as cracked software and game cheats. The operation, dubbed the 'YouTube Ghost Network,' exploited legitimate accounts to lure viewers into downloading infostealers.

Atlassian has disclosed a critical path traversal vulnerability in Jira Software Data Center and Server, allowing authenticated attackers to write files to any path accessible by the JVM. The flaw, tracked as CVE-2025-22167, affects versions from 9.12.0 through 11.0.1 and poses significant risks if unpatched.

GlassWorm malware is exploiting the OpenVSX marketplace to target developers, highlighting the risks associated with third-party software repositories. Developers are urged to exercise caution when downloading extensions.

Researchers have uncovered a large-scale phishing operation known as Smishing Triad, which utilizes text messages to deceive victims. The campaign involves thousands of malicious actors and has registered approximately 195,000 domains since January 2024, primarily targeting sensitive personal information.

As AI becomes integral to various sectors, the need for robust governance frameworks is critical. California's SB 53 is a pioneering step towards regulating AI, but organizations must proactively implement oversight and accountability measures to manage risks effectively.

The Bitter APT group is leveraging an old vulnerability in WinRAR to deploy new backdoor attacks. This highlights the ongoing threat posed by advanced persistent threats (APTs) that exploit outdated software vulnerabilities.

Jewett-Cameron Company, an Oregon-based provider of fencing and pet solutions, experienced a cyberattack that led to the theft of sensitive information and disruption of business operations. The company reported that hackers deployed encryption software and threatened to release stolen data unless a ransom is paid.

Amazon's recent AWS outage has highlighted significant vulnerabilities in the automotive manufacturing sector's reliance on cloud infrastructure. The incident, which lasted 15 hours, raised urgent questions about digital resilience and the potential economic impact on production systems that depend heavily on cloud services.

Researchers at Koi Security have identified a new cyber threat named GlassWorm that spreads through infected Visual Studio Code extensions. Utilizing invisible Unicode characters, this worm evades detection and employs the Solana blockchain for command-and-control operations.

Recent incidents in Australia highlight how poor oversight of AI tools can lead to costly errors and privacy violations. These failures in AI governance reveal significant risks for organizations, particularly in the tech and consultancy sectors.

Major airlines Qantas, Air India, Air France, and KLM have suffered significant data breaches, exposing millions of customer records. The breaches, linked to third-party service providers, have raised serious security concerns across the airline and hospitality sectors.

Threat actors are increasingly using Discord webhooks as covert command-and-control channels within open-source packages, allowing for the stealthy exfiltration of sensitive data. This tactic leverages hard-coded webhook URLs to bypass security measures and exfiltrate secrets from developer environments.

Recent bank deregulation efforts are expected to significantly increase lending capacity on Wall Street, potentially unlocking $2.6 trillion. This move has sparked discussions about the implications for the financial sector and the economy at large.

Huntress warns users of Gladinet's CentreStack and Triofox file-sharing tools to apply an urgent mitigation for a zero-day vulnerability (CVE-2025-11371) that is actively being exploited. With no patch available, the vulnerability could allow attackers to execute remote code.