Apple now offers $2 million for zero-click RCE vulnerabilities
Apple is announcing a major expansion and redesign of its bug bounty program, doubling maximum payouts, adding new research categories, and introducing a more transparent reward structure.
Since the program launched in 2020, Apple has awarded $35 million to 800 security researchers, the company paying $500,000 for some of the submitted reports.
The highest reward has been doubled to $2 million, for reporting vulnerabilities that can lead to zero-click (no user interaction) remote compromise, similar to mercenary spyware attacks. However, payouts can go as high as $5 million through the bonus system.
The tech giant expects that the increased awards will have an additional impact on the development of sophisticated attack chains from spyware vendors, as researchers will be more incentivized to find and report security issues.
Over 266,000 F5 BIG-IP instances exposed to remote attacks
Internet security nonprofit Shadowserver Foundation has found more than 266,000 F5 BIG-IP instances exposed online after the security breach disclosed by cybersecurity company F5 this week.
The company revealed on Wednesday that nation-state hackers breached its network and stole source code and information on undisclosed BIG-IP security flaws, but found no evidence that the attackers had leaked or exploited the undisclosed vulnerabilities in attacks.
The same day, F5 also issued patches to address 44 vulnerabilities (including the ones stolen in the cyberattack) and urged customers to update their devices as soon as possible.
Compromised F5 BIG-IP appliances can also allow threat actors to steal credentials and Application Programming Interface (API) keys, move laterally within targets’ networks, and establish persistence.
F5 is a Fortune 500 tech giant that provides cybersecurity, application delivery networking (ADN), and services to over 23,000 customers worldwide, including 48 of the Fortune 50 companies.
Auction giant Sotheby’s says data breach exposed financial information
Major international auction house Sotheby’s is notifying individuals of a data breach incident on its systems where threat actors stole sensitive information, including financial details.
The hack was detected on July 24 and the investigtion took two months to determine they type of data stolen and the individuals impacted as a result.
Sotheby’s is a leading global auction house for fine art and high-value items, as well as an asset-backed lending services provider.
“Sotheby’s discovered a cybersecurity incident that may have involved certain employee information. Upon discovery of the incident, we immediately launched an investigation in cooperation with leading data protection and response experts and law enforcement. The company is notifying all impacted individuals appropriately in line with our requirements. We take the security of company and individual information very seriously and continue to work diligently to protect our systems and data.” – Said by a Sotheby’s spokesperson
American Airlines Subsidiary Envoy Compromised in Oracle Hacking Campaign
A new campaign has emerged that weaponizes Microsoft’s familiar branding to lure unsuspecting users into a sophisticated tech support scam.
Victims receive a seemingly legitimate email, complete with Microsoft’s official logo, claiming there is an important financial transaction or security alert requiring immediate attention.
The message prompts recipients to click a link under the guise of confirming identity or resolving an urgent issue.
Cofense analysts noted that the threat actors have refined their social engineering tactics by combining payment lures with deceptive UI overlays to maximize impact.
Upon clicking the link, users are redirected through a faux CAPTCHA challenge designed to mimic a trusted verification process.
EY Data Leak – Massive 4TB SQL Server Backup Exposed Publicly on Microsoft Azure
Cybersecurity firm Neo Security discovered a 4TB SQL Server backup belonging to accounting giant Ernst & Young (EY) publicly accessible on Microsoft Azure during a routine scan.
Neo Security’s lead researcher identified a 4TB publicly exposed file during passive network analysis. The file’s .BAK extension indicated a full SQL Server database backup, likely containing sensitive data such as schemas, user information, API keys, credentials, and authentication tokens.
“Neo Security’s lead researcher discovered the file while examining passive network traffic with low-level tools. A simple HEAD request designed to retrieve metadata without downloading content revealed a massive size: 4 terabytes of data, which is equivalent to millions of documents or the contents of an entire library.”
Advertising giant Dentsu reports data breach at subsidiary Merkle
A sophisticated rootkit targeting GNU/Linux systems has emerged, leveraging advanced eBPF (extended Berkeley Packet Filter) technology to conceal malicious activities and evade traditional monitoring tools.
The threat, known as LinkPro, was discovered during a digital forensic investigation of a compromised AWS-hosted infrastructure, where it functioned as a stealthy backdoor with capabilities ranging from process hiding to remote activation via magic packets.
The infection chain began with a vulnerable Jenkins server (CVE-2024-23897) exposed to the internet.
Threat actors deployed a malicious Docker image named kvlnt/vv across several Amazon EKS Kubernetes clusters, containing a VPN proxy tool, a downloader malware called vGet, and the LinkPro rootkit.
The Docker configuration allowed full filesystem access with root privileges, enabling container escape and credential harvesting from other pods.
Beer Maker Asahi Shuts Down Production Due to Cyberattack
Japanese beer and beverage giant Asahi Group Holdings has been forced to halt production at its domestic factories as a result of a cyberattack that struck on Monday.
Asahi, known for its popular brands such as Asahi Super Dry Beer, Nikka Whisky, and Mitsuya Cider, has yet to resume operations across its network of 30 plants in Japan.
The company revealed it is still assessing whether all factories have completely stopped production.
A company spokesperson explained on Tuesday that production remains offline, and there is currently no clear estimate for when operations will be restored.
This interruption follows a system outage caused by the cyberattack, which impacted not only production but also critical business functions including order processing, shipping, and call center operations within Asahi’s group companies in Japan.
Despite the extensive disruption, Asahi confirmed that so far there has been no evidence that personal information was leaked as a result of the incident.
The company is continuing to investigate the full scope of the attack and the level of damage to its operations.
Volkswagen Allegedly Hacked in Ransomware Attack as 8Base Claims Data Leak
Volkswagen Group is investigating claims from the 8Base ransomware group, which asserts it has stolen sensitive company data.
While the German automaker has stated that its core IT systems are secure, its response leaves open the possibility of a breach through a third-party supplier, raising concerns about the full extent of the incident.
In response to the allegations, a spokesperson for Volkswagen confirmed the company was aware of the “incident.” However, they emphasized that there was no impact on Volkswagen’s primary IT infrastructure.
This statement suggests that the point of entry may have been a connected entity, such as a supplier, partner, or subsidiary.
With 153 production plants globally and renowned brands including Audi, Porsche, and Lamborghini under its umbrella, any data exposure represents a significant risk. The company has not confirmed if any customer data was compromised during the incident.
Under the EU’s General Data Protection Regulation (GDPR), a substantiated breach could lead to substantial fines.
Capita Fined £14 Million After Data Breach Exposes 6.6 Million Users
The UK’s Information Commissioner’s Office has imposed a £14 million penalty on Capita following a major cyber attack in March 2023 that exposed the personal information of 6.6 million people.
The fine was split between Capita plc, which received £8 million, and its subsidiary Capita Pension Solutions Limited, which was fined £6 million.
The breach compromised sensitive data belonging to millions of people, including pension records, staff information, and customer details from over 600 organisations that Capita supports.
For many victims, the stolen information included financial data, criminal records, and other sensitive personal details.
The attack particularly affected pension scheme providers, with 325 organisations experiencing data exposure through Capita Pension Solutions Limited.
KFC Venezuela Suffers Alleged Data Breach Exposing 1 Million Customer Records
A threat actor is claiming responsibility for a data breach at KFC’s Venezuela operations, offering for sale a database containing the personal and order information of more than one million customers.
The sale was advertised on a dark web forum on October 8, 2025, where the seller posted a 405 MB CSV file containing exactly 1,067,291 rows of data.
If genuine, this large-scale compromise could put affected customers at serious risk of fraud and identity theft.
According to the threat actor’s forum post, the breached database includes personally identifiable information such as full names, phone numbers, and email addresses.
Complete delivery addresses are also part of the leak. In addition to contact details, the file contains payment method data, exchange rate information used in transactions, and full records of ordered items with quantities and unit prices.
The combination of personal and financial details could enable highly targeted phishing campaigns and sophisticated scams that leverage order history and genuine customer information to convince victims to share even more sensitive data.
Discord Data Breach Exposes 1.5 TB of Data and 2 Million Government ID Photos
The popular communication platform Discord is confronting a major extortion attempt after cybercriminals breached one of its third-party customer service providers, compromising sensitive user data including government identification photos used for age verification.
Threat actors claim to have exfiltrated 1.5 terabytes of sensitive information, including over 2.1 million government-issued identification photos.
However, Discord disputes these figures, stating that approximately 70,000 users had their ID photos exposed during the September 20, 2025 incident.
The breach did not directly target Discord’s infrastructure but instead compromised customer support systems managed by Zendesk, a third-party vendor.
Attackers gained unauthorized access for 58 hours by compromising the account of a support agent employed by an outsourced business process provider.
The notorious cybercrime group Scattered Lapsus$ Hunters (SLH) has claimed responsibility for the attack, publicly taunting Discord while demanding ransom payment.
The stolen information primarily affects users who previously contacted Discord’s Customer Support or Trust & Safety teams.
Compromised data includes user names, Discord usernames, email addresses, and limited billing information such as payment methods and the last four digits of credit card numbers. Additionally, customer service message exchanges and user IP addresses were exposed.
The most concerning aspect involves the theft of government identification images, including driver’s licenses and passports, submitted by users appealing age-related account restrictions.
While attackers claim to possess 2,185,151 ID photos affecting 5.5 million users across 8.4 million support tickets, Discord maintains these figures are inflated as part of the extortion scheme.
Discord has refused to pay the demanded ransom and immediately terminated its partnership with the compromised vendor upon discovering the breach.
BK Technologies Data Breach, IT Systems Compromised, Data Stolen
BK Technologies Corporation, a Florida-based communications equipment manufacturer, disclosed a significant cybersecurity incident that compromised its IT systems and potentially exposed employee data.
The company filed an SEC Form 8-K on October 6, 2025, revealing that attackers gained unauthorized access to sensitive information in late September.
The cyberattack was first detected on September 20, 2025, when BK Technologies identified suspicious activity within its information technology infrastructure.
Upon discovery, the company immediately launched containment procedures, isolating affected systems and engaging external cybersecurity experts to investigate the incident.
The Nevada-based corporation, which trades on NYSE American under ticker symbol BKTI, acted swiftly to prevent further unauthorized access and began comprehensive remediation efforts.
The investigation revealed that an unauthorized third party successfully infiltrated the company’s network and acquired access to non-public information.
Massive Tata Motors Data Leak Exposes 70+ TB of Sensitive Information
Tata Motors, India’s largest automaker and a major player in the global automotive industry, suffered a catastrophic data exposure that revealed over 70 terabytes of sensitive information through multiple security failures.
The breaches, discovered in 2023, involved exposed AWS credentials on public-facing websites, encrypted keys that were easily decrypted, a Tableau backdoor with zero authentication requirements, and an unprotected API key from fleet management systems.
Each vulnerability independently posed serious risks, but together they created a perfect storm that could have allowed attackers to access customer databases, financial records, invoice data, fleet information spanning decades, and critical administrative systems.
The first critical vulnerability emerged from E-Dukaan, Tata Motors’ spare parts e-commerce platform. Security researchers discovered plaintext AWS access keys hardcoded directly in the website’s source code.
The security issues were reported to Tata Motors through India’s Computer Emergency Response Team (CERT-IN) on August 8, 2023, but remediation proved frustratingly slow.
While Tata Motors acknowledged receipt and claimed remediation by September 1, follow-up verification revealed that only 2 out of 4 issues had been addressed and AWS keys remained active on both websites.
It took until January 2024 for the company to fully revoke the exposed credentials after months of back-and-forth communication clarifying specific remediation steps.
These vulnerabilities demonstrated that even major international corporations can succumb to fundamental security mistakes like hardcoding credentials, using pointless client-side encryption, and implementing authentication systems with serious logical flaws.
For customers purchasing vehicles from Tata Motors, these breaches raised serious questions about data protection standards at major automotive organizations.
Hyundai AutoEver Confirms Data Breach Exposing Personal Data, Including SSNs and License Info
The UK’s Information Commissioner’s Office has imposed a £14 million penalty on Capita following a major cyber attack in March 2023 that exposed the personal information of 6.6 million people.
The fine was split between Capita plc, which received £8 million, and its subsidiary Capita Pension Solutions Limited, which was fined £6 million.
The breach compromised sensitive data belonging to millions of people, including pension records, staff information, and customer details from over 600 organisations that Capita supports.
For many victims, the stolen information included financial data, criminal records, and other sensitive personal details.
The attack particularly affected pension scheme providers, with 325 organisations experiencing data exposure through Capita Pension Solutions Limited.
Discover more from Information Security Blogs
Subscribe to get the latest posts sent to your email.
