What happened. In mid-July 2025, attackers chained two SharePoint zero-days (CVE-2025-53770/53771), rapidly compromising hundreds of orgs across government, healthcare, and finance. CISA added them to KEV and issued analysis, and Microsoft confirmed active...
What happened. In 2025, stolen data linked to the 2024 Snowflake compromises resurfaced in leak-site posts (e.g., Ticketmaster, Santander). Analyses point to weak or missing MFA and stolen credentials rather than a Snowflake platform exploit—reminding teams that...
What’s new. After the 2024 ALPHV/BlackCat attack, 2025 notices show continued remediation and consumer support windows (including deadlines for credit monitoring enrollment). HHS’s FAQ and Change Healthcare’s updates outline impacts and assistance programs as the...
