Latest Intelligence
Wormable AirPlay Flaws Enable Zero-Click RCE on Apple Devices via Public Wi-Fi
Cybersecurity researchers have revealed a set of vulnerabilities in Apple's AirPlay protocol, collectively known as AirBorne, which could allow attackers to take control of affected devices via public Wi-Fi without user interaction. These vulnerabilities have been patched, highlighting the importance of securing wireless communication technologies.
Commvault CVE-2025-34028 Added to CISA KEV After Active Exploitation Confirmed
CISA has added CVE-2025-34028, a critical path traversal vulnerability affecting Commvault Command Center, to its KEV catalog following confirmed active exploitation. With a CVSS score of 10.0, this vulnerability poses significant risks to affected systems.
White House Proposal Slashes Half-Billion from CISA Budget
The White House has proposed a $491 million budget cut for the Cybersecurity and Infrastructure Security Agency (CISA), framing it as a necessary refocusing on core missions while eliminating perceived waste. This significant reduction raises concerns about the agency's capacity to effectively manage cybersecurity threats.
How to Prevent AI Agents From Becoming the Bad Guys
The article emphasizes the importance of strong governance principles in the design of AI systems to ensure they drive innovation while safeguarding public trust and security. It highlights the potential risks associated with AI agents if not properly managed, underscoring the need for proactive measures.
Doppel Banks $35M for AI-Based Digital Risk Protection
Doppel has secured $35 million in funding, bringing its valuation to $205 million, to enhance its AI-powered digital risk protection offerings. This investment aims to address the increasing enterprise demand for advanced threat detection tools.
Kelly Benefits Data Breach Impact Grows to 400,000 Individuals
Kelly Benefits has revealed that the impact of its recent data breach affects approximately 400,000 individuals, a significant increase from earlier estimates. This escalation highlights the growing concern over data security and the potential risks associated with breaches.
Critical Commvault Vulnerability in Attacker Crosshairs
CISA has identified a critical-severity vulnerability in Commvault that is currently being exploited in the wild, just one week after its technical details were made public. This highlights the urgency for organizations to address the issue promptly to mitigate potential attacks.
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added CVE-2025-3248, a Langflow Missing Authentication Vulnerability, to its Known Exploited Vulnerabilities Catalog due to evidence of active exploitation. This vulnerability underscores significant risks to federal networks, prompting CISA to urge all organizations to prioritize remediation to mitigate cyber threats.
Man Admits Hacking Disney and Leaking Data Disguised as Hacktivist
A 25-year-old individual has confessed to hacking into Disney's systems and leaking sensitive data while pretending to be part of a hacktivist group called NullBulge. This incident highlights ongoing concerns regarding cybersecurity and the integrity of corporate data protection.
⚡ Weekly Recap: Nation-State Hacks, Spyware Alerts, Deepfake Malware, Supply Chain Backdoors
This week's cybersecurity landscape has highlighted an alarming increase in stealth tactics employed by attackers, emphasizing the importance of understanding that threats may already be embedded within trusted software. The use of AI for manipulation and the resurgence of old threats under new guises further complicate the security landscape, underscoring the necessity for vigilance in identifying lurking dangers.
Ransomware Group Claims Attacks on UK Retailers
The DragonForce ransomware group has taken responsibility for cyberattacks targeting prominent UK retailers including Co-op, Harrods, and M&S. This incident highlights the escalating threat of ransomware attacks in the retail sector, raising concerns over data security and operational disruptions.
Perfection is a Myth. Leverage Isn't: How Small Teams Can Secure Their Google Workspace
The article highlights the challenges faced by security professionals in small to midsize businesses, where one individual often assumes multiple roles, including that of the CISO. It emphasizes the importance of leveraging available resources and strategies rather than striving for unattainable perfection in cybersecurity efforts.
PoC Published for Exploited SonicWall Vulnerabilities
Proof of Concept (PoC) code has been published for two vulnerabilities in SonicWall products, which have recently been added to the Cybersecurity and Infrastructure Security Agency (CISA) Known Exploited Vulnerabilities (KEV) catalog. This highlights the urgency for organizations to address these vulnerabilities to prevent potential exploitation.
Cybersecurity M&A Roundup: 31 Deals Announced in April 2025
In April 2025, a total of 31 merger and acquisition deals in the cybersecurity sector were announced, highlighting the ongoing consolidation and growth within the industry. This trend signifies increased investment and interest in cybersecurity solutions as threats continue to evolve.
TikTok Fined $600 Million for China Data Transfers That Broke EU Privacy Rules
TikTok has been fined $600 million by the EU privacy watchdog after a four-year investigation revealed that the platform's data transfers to China jeopardized user privacy and violated strict EU data protection regulations. This significant penalty underscores the ongoing scrutiny of tech companies regarding their handling of user data and compliance with privacy laws.