MITRE has published the results of this year's ATT&CK Evaluations, which assessed how enterprise cybersecurity solutions fare against attacks by the Scattered Spider hacking group and Chinese state-backed threat operation Mustang Panda, with the former being the organization's first scenario involving cloud-based intrusions, SecurityWeek reports.

The UK's Information Commissioner's Office issued a 1.2 million penalty to password management company LastPass' British subsidiary following a 2022 security breach, reports The Record, a news site by cybersecurity firm Recorded Future.

President Donald Trump has inked an executive order that would prohibit state and local governments from enacting AI regulations amid concerns surrounding its legality, according to NPR.

Alleged Salt Typhoon hackers Yu Yang and Qiu Daibing were claimed by SentinelLabs researcher Dakota Cary to have been part of Cisco's Networking Academy Cup over a decade ago, The Register reports.

Updates have been released by Google to fix three flaws impacting its Chrome browser, one of which has already been used in attacks, according to Security Affairs.

Freedom Chat, a private social messaging app, has patched two security flaws discovered by security researcher Eric Daigle to expose users' phone numbers and PIN codes, TechCrunch reports.

Nearly 1,000 internet-exposed Model Context Protocol servers lacked any authorization controls, with the absence of required OAuth 2.1 implementation driving the proliferation of unprotected MCP deployments, reports SiliconANGLE.

Cybersecurity Dive reports that cybersecurity threats against utility-scale battery energy storage systems have been escalating amid increasing adoption.

Threat actors could stealthily compromise Microsoft accounts through the exploitation of the Azure CLI OAuth app as part of the new ConsentFix attack, which is yet another twist to the ClickFix social engineering technique, according to BleepingComputer.

BleepingComputer reports that at least nine organizations across various sectors have already been targeted by intrusions harnessing a new cryptographic algorithm vulnerability in Gladinet's CentreStack and Triofox offerings, alongside the older local file inclusion bug, tracked as CVE-2025-30406.