Flaws Expose 100 Dell Laptop Models to Implants, Windows Login Bypass
Five vulnerabilities in the ControlVault3 firmware and the associated Windows APIs expose millions of Dell laptops to persistent implants and Windows login bypasses via physical access, Cisco Talos reports. The issues, tracked as CVE-2025-24311, CVE-2025-25215, CVE-2025-24922, CVE-2025-25050, and CVE-2025-24919, were initially disclosed on June 13, when Dell announced that patches for them were rolled out for over 100 Dell Pro, Latitude, and Precision models. READ MORE...
Google suffers data breach in ongoing Salesforce data theft attacks
Google is the latest company to suffer a data breach in an ongoing wave of Salesforce CRM data theft attacks conducted by the ShinyHunters extortion group. In June, Google warned that a threat actor they classify as 'UNC6040' is targeting companies' employees in voice phishing (vishing) social engineering attacks to breach Salesforce instances and download customer data. This data is then used to extort companies into paying a ransom to prevent the data from being leaked. READ MORE...
Over 1 Million Impacted by DaVita Data Breach
Kidney dialysis services provider DaVita is notifying over one million individuals that their personal, financial, and health information was compromised in a ransomware attack in April 2025. DaVita disclosed the incident in a filing with the Securities and Exchange Commission (SEC) shortly after it occurred, saying it immediately activated response protocols and containment measures. On August 1, DaVita updated its security notice, revealing that the ransomware attack did result in a data breach. READ MORE...
PBS confirms data breach after employee info leaked on Discord servers
PBS has suffered a data breach exposing the corporate contact information of its employees and those of its affiliates, BleepingComputer has learned. Earlier this month, BleepingComputer was alerted to a file circulated on Discord servers that allegedly contained this information. This data was not distributed on dark web sites, hacking forums, or other mediums frequented by threat actors. Instead, it was being shared on Discord servers for fans of "PBS Kids." READ MORE...
Pandora Confirms Third-Party Data Breach, Warns of Phishing Attempts
Pandora, the Danish jewelry company, has confirmed that it fell victim to a cyberattack, exposing its customer data to unauthorized users. The company sent out emails to potentially impacted customers this morning confirming the cyberattack, while also noting that "some customer information was accessed through a third-party platform that we use" and not through infiltration of its core internal systems, without naming what the platform was. READ MORE...
Ukraine claims to have hacked secrets from Russia's newest nuclear submarine
Ukraine's Defence Intelligence agency (HUR) claims that its hackers have successfully stolen secret files and classified data on a state-of-the-art Russian nuclear submarine, the "Knyaz Pozharsky." The "Knyaz Pozharsky" is nuclear-powered ballistic missile submarine, that was commissioned into the Russian Navy's Northern Fleet at a shipyard in Severodvinsk during a ceremony overseen by Russian President Vladimir Putin on 24 July 2025. READ MORE...
Who Got Arrested in the Raid on the XSS Crime Forum?
On July 22, 2025, the European police agency Europol said a long-running investigation led by the French Police resulted in the arrest of a 38-year-old administrator of XSS, a Russian-language cybercrime forum with more than 50,000 members. The action has triggered an ongoing frenzy of speculation and panic among XSS denizens about the identity of the unnamed suspect, but the consensus is that he is a pivotal figure in the crime forum scene who goes by the hacker handle "Toha." READ MORE...
Critical Android vulnerabilities patched-update as soon as you can
Google has patched six vulnerabilities in Android, including two critical vulnerabilities in its August 2025 Android Security Bulletin. It also covers a critical vulnerability which could have allowed an attacker to execute code on a victim's device without the victim needing to do anything at all. Last month, Google skipped its monthly security update for the first time in almost ten years. READ MORE...
Study finds humans not completely useless at malware detection
Researchers from the Universities of Guelph and Waterloo have discovered exactly how users decide whether an application is legitimate or malware before installing it - and the good news is they're better than you might expect, at least when primed to expect malware. "Most existing malware research analyzes 'after action' reports," co-author and Waterloo professor of science Daniel Vogel explained in the paper's announcement. "That is, investigations into what went wrong after a successful attack. READ MORE...
Meta illegally collected data from Flo period and pregnancy app, jury finds
A federal jury found on Friday that Meta violated the California Invasion of Privacy Act, the state's wiretap law, by collecting data from a period-tracker app without user consent. Plaintiffs in a class-action case proved by a preponderance of evidence that Meta intentionally eavesdropped on and/or recorded conversations using an electronic device, said a verdict form released yesterday in US District Court for the Northern District of California. READ MORE...
SonicWall investigating possible zero-day related to firewall attacks
SonicWall said Monday that it is investigating whether a recent surge in attacks targeting its Gen 7 firewalls is related to a possible zero-day vulnerability or exploitation of an existing flaw. The warnings follow an Aug. 1 Arctic Wolf report about hackers deploying the Akira ransomware variant in attacks that began on July 15. Researchers saw an uptick in hands-on-keyboard activity last week and warned that the attacks were targeting fully patched devices. READ MORE...
- ...in 1911, actress and television producer Lucille Ball is born in Jamestown, NY.
- ...in 1965, President Lyndon B. Johnson signs the Voting Rights Act of 1965, extending the enforcement of the 14th and 15th Amendments for all Americans.
- ...in 1996, the influential punk rock group The Ramones play their farewell concert at The Palace in Los Angeles.
- ...in 2012, Cadre moves to its current headquarters in the PNC Center in Cincinnati.
