🚨Major Breaches & Incidents – Municipal ransomware, alleged IP theft, and criminals getting a taste of their own medicine

🔓 Emerging Threats & Vulnerabilities – Zero-days, access control flaws, and KEV reminders you can’t ignore

🔐 Privacy Watch – Social media data exposure and insiders for hire

🕵️ APTs & State Sponsored Attacks – From espionage to outright sabotage

🤖 AI in Cyber – AI finding bugs, speeding up attacks, and sneaking into dev tools

🧑‍💻 New Britain Ransomware Disrupts City Systems
A ransomware attack knocked city phone and network services offline in New Britain, Connecticut, forcing officials to shut down multiple systems as a precaution. City leaders said emergency services remained operational while outside incident response teams and federal investigators were brought in. Officials have not confirmed whether data was exfiltrated or if a ransom demand was made.
👉 Municipal governments remain high-impact ransomware targets with very little margin for downtime.

🏭 Nike Investigating Claimed 1.4TB Data Theft
Nike is investigating claims from a threat actor who alleges they stole 1.4TB of internal company data and published samples online. While Nike has not confirmed the breach, the leaked materials reportedly include proprietary design and manufacturing information rather than customer payment data. Even without PII, the exposure could create competitive and legal headaches.
👉 Intellectual property theft can be just as damaging as customer data loss.

🕵️ BreachForums Breached, Exposing 324K Users
The BreachForums cybercrime marketplace was itself compromised, exposing data tied to roughly 324,000 user accounts. The leak may reveal threat actor identities, relationships, and operational patterns typically hidden behind aliases. It’s a rare moment where attackers become the ones scrambling.
👉 Even criminal platforms accumulate security debt — and it eventually comes due.

⚠️ Ivanti EPMM Zero-Days Actively Exploited
Two zero-day remote code execution vulnerabilities in Ivanti’s Endpoint Manager Mobile platform are being actively exploited in the wild. The flaws could allow attackers to gain control over mobile device management infrastructure, which often holds privileged credentials. Ivanti has released patches and urged customers to update immediately.
👉 Management platforms are high-value targets because they sit at the center of everything.

🔐 Dormakaba Access Control Flaws Could Unlock Doors
Researchers disclosed more than 20 vulnerabilities in Dormakaba access control systems used by major enterprises across Europe. Some flaws could allow attackers to remotely unlock doors or manipulate physical security controls. Patches are available, but the findings highlight growing cyber-physical risk.
👉 When cyber fails, physical security can fail with it.

📌 CISA Adds Five Actively Exploited Vulnerabilities to KEV Catalog
CISA added five new vulnerabilities to its Known Exploited Vulnerabilities catalog, confirming they are being abused in real-world attacks. The update reinforces patching priorities for already overextended security teams. Ignoring KEV entries continues to be a popular but risky strategy.
👉 KEV isn’t theoretical — it’s a list of what attackers are using right now.

⚙️ n8n Automation Platform Hit With High-Severity Flaws
Two high-severity vulnerabilities were disclosed in the n8n workflow automation platform, including an authenticated remote code execution flaw. Organizations often use n8n to automate business-critical processes, increasing potential blast radius. Patches are available, but exposure may linger in self-hosted environments.
👉 Automation saves time — until it automates compromise.

📸 17.5M Instagram Accounts Exposed in Data Leak
A dataset allegedly tied to 17.5 million Instagram accounts surfaced online, renewing concerns around data scraping and aggregation. While not necessarily tied to a direct breach, the exposure highlights how publicly accessible data can still be weaponized at scale. Meta has not confirmed the dataset’s origin.
👉 Scraping may be legal gray-area, but the privacy fallout is very real.

👤 Hackers Recruiting Insiders to Bypass Security Controls
Threat actors are increasingly recruiting disgruntled or financially stressed employees to gain internal access to corporate systems. Outreach often happens via social media or underground forums, blurring the line between insider threat and organized cybercrime. This trend makes traditional perimeter defenses even less reliable.
👉 The hardest vulnerability to patch is still human.

🇵🇱 Poland Attributes Destructive Attacks to Russia’s FSB
Polish officials publicly blamed Russia’s Federal Security Service for destructive cyberattacks targeting infrastructure in late 2025. Unlike traditional espionage campaigns, the attacks focused on disruption rather than intelligence gathering. The attribution signals growing willingness by governments to name and shame.
👉 State-backed cyber operations are shifting from spying to breaking things.

🤖 AI-Assisted Team Discovers 12 OpenSSL Vulnerabilities
An AI-assisted security research team uncovered 12 previously unknown vulnerabilities in OpenSSL, some of which had existed unnoticed for decades. All identified issues have since been patched. The findings highlight both the scale of legacy code risk and AI’s growing role in defense.
👉 AI is becoming a force multiplier for defenders — not just attackers.

📈 AI Accelerating Attack Speed and Automation
Security leaders warn that attackers are using AI to accelerate reconnaissance, phishing, and exploit development. Faster attack cycles are shrinking the window defenders have to detect and respond. Traditional security tooling is struggling to keep pace.
👉 If your response time hasn’t improved, attackers already have the advantage.

🛠️ Fake “AI” VS Code Extensions Steal Source Code
Researchers uncovered malicious Visual Studio Code extensions posing as AI productivity tools that secretly exfiltrate developers’ source code. The extensions abused trust in popular development marketplaces. Microsoft has removed the extensions, but the tactic is unlikely to disappear.
👉 Developer trust is becoming a high-value attack surface.