In today’s cybersecurity news…
Breach notification letters set to flood North America’s mailboxes
Three companies reported data breaches affecting about 3.7 million North Americans to the Maine Attorney General’s Office. Allianz Life disclosed 1,497,036 customers’ records, including names, addresses, DOBs, and Social Security numbers, were accessed via a third-party CRM. WestJet confirmed 1.2 million Americans’ information was exposed in a June cyberattack, while Ohio-based Motility Software Solutions reported 766,670 individuals’ personal and ID data may have been compromised by ransomware. All three are providing identity protection and credit monitoring to those affected. (The Register)
New bug in classic Outlook only fixed via Microsoft support
Microsoft is investigating a bug causing the classic Outlook client on Windows to crash at launch. The issue affects Microsoft 365 users and can only be resolved by opening a support case through the Microsoft 365 Admin portal, prompting Exchange Online support to apply a service change. Affected users are seeing errors related to authentication concurrency limits. Temporary workarounds include using Outlook Web Access or the new Outlook for Windows. Microsoft is also tracking the problem via Fiddler traces and continues to investigate a permanent fix. (Bleeping Computer)
Air Force admits SharePoint privacy issue over breach
The US Air Force is investigating a “privacy-related issue” tied to Microsoft SharePoint after reports of a breach and a possible service-wide shutdown. An alleged Air Force notice warned that SharePoint systems would be blocked for up to two weeks, though the Air Force has not confirmed services are offline. The incident follows recent SharePoint flaws exploited by Chinese and Russian hackers and ongoing scrutiny of Microsoft’s security lapses in US government systems. (The Register)
New WireTap Attack Extracts Intel Key
Researchers at Georgia Tech and Purdue universities demonstrated WireTap, which can extract Intel SGX attestation keys by intercepting DDR4 memory traffic with a $1,000 interposer device. It undermines SGX’s confidentiality and integrity protections, allowing attackers to impersonate genuine SGX hardware and access sensitive data. Intel said the exploit falls outside its threat model since it requires physical access, advising operators to secure servers physically. (The Hacker News)
Huge thanks to our sponsor, Nudge Security
Nudge Security can help. Within minutes of starting a free trial, you’ll see every AI app, account, and integration, even those created in the past. And, smart automation helps you clean up unwanted accounts and guide users towards approved alternatives.
See how you can regain control today at nudgesecurity.com/stopotter
Android malware uses VNC to give attackers hands-on access
We know a bit more about the Android banking and RAT trojan called Klopatra, disguised as an IPTV and VPN app, which has infected more than 3,000 devices in Europe. It uses a hidden VNC mode to perform remote actions on infected devices while appearing idle, capturing banking credentials, keystrokes, and cryptocurrency wallet info. Klopatra also abuses Accessibility services for permissions, evades antivirus software, and is actively developed with 40 builds since March 2025. Some researchers link it to a Turkish-speaking cybercrime group. (Bleeping Computer)
OpenSSL Vulnerabilities Allow Private Key Recovery, Execution, Attacks
OpenSSL released updates patching three vulnerabilities, including one that could let attackers recover private keys on 64-bit ARM systems using the SM2 algorithm. Another flaw could allow code execution or DoS but is considered low-likelihood. A third, lower-severity bug can cause crashes. The OpenSSL Project rated the key-recovery and code execution issues as “moderate” and noted such attacks are rare in TLS contexts, though custom configurations remain at risk. (SecurityWeek)
Seniors targeted in Facebook scam spreading Android malware
ThreatFabric researchers uncovered a global scam campaign using fake Facebook groups for seniors to spread a new Android malware called Datzbro. Posing as dance events and community gatherings, it lures victims into downloading a fake “community app” that installs the malware, often via the Zombinder dropper. Seen active in Australia, Singapore, Malaysia, Canada, South Africa and the U.K., Datzbro combines spyware and banking trojan features, enabling device takeover, credential theft, and financial fraud. Its leaked code and Chinese-language strings suggest origins in China. (The Record)
Google Drive for desktop gets AI-powered ransomware detection
Google is rolling out AI-powered ransomware detection in Google Drive for desktop on Windows and macOS. The system pauses file syncing if it detects signs of ransomware, preventing widespread corruption and letting users restore files through Drive’s web interface. The AI engine is trained on millions of ransomware samples, updated via VirusTotal, and adapts to new strains. The feature is enabled by default for most Google Workspace tiers and personal accounts, with restoration tools available to all Drive users. (Bleeping Computer)