A recent phishing campaign leveraged compromised AWS keys to weaponize Amazon Simple Email Service (SES), demonstrating novel techniques to bypass default restrictions and achieve industrial-scale email delivery. * Attackers abused the `PutAccountDetails` API across all AWS regions to push SES accounts into production mode, escalating sending limits from 200 to 50,000 emails daily. * The campaign utilized programmatic API calls (e.g., `CreateCase`) and attempted privilege escalation, indicating sophisticated, automated tradecraft. * Phishing emails, themed around 2024 tax forms, used verified domains and concealed credential theft sites behind redirect services for evasion. * SES abuse signals pre-existing AWS credential compromise, posing risks of deeper cloud compromise, brand damage, and operational disruption for victims.

A recent breach involving Salesforce and Salesloft's Drift integration has impacted multiple security firms. Notable aspects include the exploitation of third-party integrations, highlighting the risks associated with supply chain vulnerabilities. The breach underscores the need for enhanced security measures in third-party services and the importance of continuous monitoring for unauthorized access. Practical implications include the potential for widespread data exposure and the necessity for robust incident response plans.

A cyberattack severely disrupted Jaguar Land Rover's global IT systems, forcing production halts and staff stand-downs. - The company proactively took systems offline to mitigate impact, while English-speaking cybercriminals claimed responsibility and alleged data exfiltration via Telegram. - This incident aligns with a trend of similar attacks on other high-profile British entities by English-speaking hackers, some of whom were previously arrested and bailed. - The Information Commissioner’s Office confirmed a data breach report, suggesting potential data compromise despite initial company statements.

Bridgestone Americas confirmed a cyber incident impacting manufacturing operations across multiple North American facilities. * The incident caused operational disruptions at production facilities in the US (South Carolina) and Canada (Quebec). * The company claims rapid containment prevented customer data theft or deep network infiltration. * Mitigation efforts are underway to address potential supply chain disruption and product shortages. * The specific attack type is unconfirmed, but a 2022 LockBit ransomware incident is mentioned for context.

A global enforcement operation successfully dismantled Streameast, identified as the world's largest illicit live sports streaming network, culminating in arrests and asset seizures. * The network amassed over 1.6 billion visits across 80 domains within a year, offering a vast array of premium sports content. * Investigators linked the operation to a UAE-based shell company that laundered over $6 million in advertising revenue. * The takedown highlights the effectiveness of international collaboration in combating large-scale digital piracy and its financial infrastructure. * Experts warn of the persistent threat of piracy re-emergence due to sustained demand for free content.

A lawsuit against an education software provider underscores the severe repercussions of a massive data breach, revealing multiple security failures, persistent data exploitation, and legal accountability. * The incident involved three separate breaches of a customer support portal (August, September, December 2024), all exploiting the same compromised subcontractor credentials. * Over 62 million students' and 9.5 million teachers' sensitive personal and medical data was exposed, leading to an initial ransom payment. * Subsequent re-extortion attempts by an affiliate, impersonating a known threat group, targeted school districts using data from an earlier breach, highlighting persistent data monetization. * The primary attacker for the December breach pleaded guilty, with the lawsuit emphasizing legal accountability for inadequate data protection.

A critical vulnerability (CVE-2025-55190) in Argo CD allows low-privileged API tokens to retrieve all associated repository credentials, bypassing isolation mechanisms. This flaw, rated CVSS 10.0, enables tokens with even basic 'get' permissions to access sensitive usernames and passwords. Exploitation can lead to cloning private codebases, injecting malicious manifests, and supply chain attacks. The vulnerability affects all Argo CD versions up to 2.13.0, impacting numerous large enterprises using it for mission-critical deployments. Administrators are urged to upgrade to patched versions (e.g., 3.1.2, 3.0.14, 2.14.16, 2.13.9) immediately.

CISA has issued an urgent alert regarding an actively exploited zero-day use-after-free vulnerability (CVE-2025-48543) in Android Runtime. * This critical flaw enables attackers to escape the Chrome sandbox and achieve local privilege escalation on affected devices. * Active exploitation presents a significant risk, potentially leading to full device control, data theft, or malicious software installation. * Organizations and users must apply vendor patches and mitigations by September 25, 2025, to prevent unauthorized access and mitigate severe impact.

CISA has issued an urgent warning regarding the active exploitation of two critical vulnerabilities in popular TP-Link router models, posing significant risks to home and small business networks. * The flaws, CVE-2025-9377 (OS command injection) and CVE-2023-50224 (authentication bypass), allow arbitrary command execution and credential access, respectively. * Both vulnerabilities are added to CISA's KEV catalog, with a mandatory remediation deadline for federal agencies. * Many affected devices are End-of-Life, complicating patching and increasing long-term security risks for users. * CISA strongly recommends immediate discontinuation of unsupported devices and applying vendor mitigations for others.

The Czech National Cyber and Information Security Agency (NÚKIB) issued a formal warning regarding products and services transferring user and system data to China, citing legal frameworks that compel data sharing with the state. * This data transfer enables remote administration and potential misuse by state interests, impacting national resilience beyond privacy concerns. * Chinese legal regulations, including National Security and Intelligence Laws, eliminate meaningful separation between private entities and state cyber operations. * Threat intelligence indicates a significant increase in intrusion activity and cloud targeting by Chinese operations. * The advisory highlights supply chain risks, as third-party dependencies can expose organizations to data theft and espionage.