PBS confirms data breach after employee info leaked on Discord servers
PBS confirmed a data breach after a file containing contact info for nearly 4,000 employees and affiliates was leaked on Discord servers tied to “PBS Kids” fan communities. The data included names, job titles, emails, departments, and supervisors. PBS says the breach came from its internal MyPBS.org platform and that no other systems were affected.
TSMC fires engineers over suspected semiconductor secrets theft
TSMC fired two engineers suspected of stealing 2nm chip trade secrets in the first-ever case under Taiwan’s National Security Act. A third suspect was also arrested. The company detected the breach via internal monitoring and alerted prosecutors. TSMC makes more than 90% of the world’s sub-5nm chips and says its advanced tech is too complex for any small group to fully steal.
Cloudflare on Perplexity web scraping techniques to avoid robot.txt and network blocks
Cloudflare alleges that Perplexity has been bypassing website restrictions by using stealth crawlers that ignore or evade robots.txt files and declared IPs. Tests show Perplexity accesses restricted content using user agents that mimic Chrome browsers and rotate IP addresses, making it difficult for site owners to block them. Cloudflare has de-listed Perplexity as a verified bot and updated its managed rules to block this type of behavior going forward.
Flaw in Broadcom chip used in Dell laptop security firmware
Cisco Talos researchers say a security flaw in Broadcom chips used in more than 100 Dell laptop models could have let attackers steal sensitive data and maintain access even after a clean OS install. The vulnerability is tied to Dell’s ControlVault firmware and affected machines common in cybersecurity and government environments. Dell patched the issue earlier this year and published an advisory in June..
(Reuters)
Huge thanks to our sponsor, ThreatLocker
ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO.
IANS study finds lowest cybersecurity budget growth in 5 years
According to a new IANS and Artico report, cybersecurity budgets grew 4% in 2025, down from 8% in 2024, Only 47% of CISOs saw budget increases, and team growth dropped to a four-year low of 7%. Nearly 90% of CISOs said their teams are understaffed due to hiring and budget constraints. Budget slowdowns were sharpest in healthcare and retail sects.
Google’s Big Sleep finds 20 flaws in open source projects
Google’s AI bug hunter called Big Sleep was developed by DeepMind and Project Zero, and identified 20 security flaws in popular open source software including FFmpeg and ImageMagick. Details on the vulnerabilities are still undisclosed pending fixes, but Google says each bug was autonomously discovered and reproduced by the AI, with human review before reporting..
Cisco.com user accounts breached
Cisco disclosed a data breach after a voice phishing attack tricked an employee, letting a threat actor access a third-party CRM system and steal user data from Cisco.com accounts. Exposed information includes names, email addresses, phone numbers, and account metadata, but no passwords, confidential customer data, or product systems appear to be affected. The breach may be linked to the ShinyHunters group behind recent Salesforce-related attacks on major brands like Adidas, Chanel, and LVMH.
Dutch Caribbean islands respond to cyberattacks on courts, tax departments
Multiple Dutch Caribbean islands—including Curaçao, Aruba, and Sint Maarten—are recovering from a wave of cyberattacks targeting government services. Curaçao’s Tax Office suffered a ransomware attack on July 24th, disrupting operations for weeks. The Joint Court of Justice serving multiple islands was also hit, losing email access and facing shutdowns. Aruba’s parliament confirmed a separate email breach tied to phishing. Experts warn these incidents may be linked to a Citrix vulnerability flagged by Dutch authorities.
SonicWall urges admins to disable SSLVPN amid rising attacks
SonicWall is urging customers to disable SSLVPN services on Gen 7 firewalls amid reports that ransomware gangs like Akira are exploiting a likely zero-day vulnerability. Researchers from Arctic Wolf and Huntress say attackers are bypassing MFA and gaining domain controller access within hours of intrusion. SonicWall hasn’t officially confirmed the flaw, but this follows a separate recent warning to patch SMA 100 appliances against a critical RCE vulnerability. (Bleeping Computer)
