📰 Headlines
Unpatched Vulnerability Lets Hackers Remotely Brake US Trains
A vulnerability in 1980s-era train devices allows attackers to “send their own brake control commands to the end-of-train device, causing a sudden stoppage of the train,” CISA has warned. The flaw, which can be executed using sub-$500 hardware, was discovered in 2012, but was dismissed as theoretical, security researcher Neil Smith wrote in a recent post on X. 🔗
Researchers Reveal ‘”McHire’” Recruitment Platform Vulnerabilities
Vulnerabilities found in the McDonald’s chatbot recruitment platform “McHire” allowed security researchers to “retrieve the personal data of more than 64 million applicants”. Ian Carroll and Sam Curry identified two issues: the admin interface accepted default credentials, and an insecure direct object reference (IDOR). The issues were disclosed and have now been resolved. 🔗
Iran-Linked Hackers Escalate Cyber Assaults On US Critical Infrastructure
Iran-affiliated ATPs have intensified attacks against US infrastructure since the Israel-Iran conflict began, targeting at least 10 US firms primarily in transportation and manufacturing, according to Nozomi Networks research. 🔗
🎣Threats & APTs
CISA Warns Critical Wing FTP Server Vulnerability As Actively Exploited, Urges Immediate Patching
CISA has added CVE-2025-47812, —a critical remote code execution flaw in Wing FTP Server’s web interfaces—to its catalog, scoring it 10/10 for severity and mandating federal agencies patch by August 4th. 🔗
Google Gemini Tricked Into Showing Phishing Messages
Security researchers have discovered a prompt-injection method that tricks Google Gemini’s email summary feature into displaying a warning message hidden in the email that looks like it’s come from Google itself. This could be used to direct users to follow malicious instructions. 🔗
eSIM Flaw In Billions Of Devices Enables Spying And Remote Takeover
A bug in eSIM technology could allow attackers to breach eSIMs, spy on users, and manipulate services. The vulnerability, discovered by Adam Gowdiak, enables the installation of malicious applets without security alerts. While ordinary cybercriminals may struggle to exploit this flaw, nation states could use it for espionage and data theft. 🔗
🚨 Industry News
$300m USD Liquidity Fund Launched For Cybersecurity Startups
Cyberstarts, a cybersecurity focused early-stage venture capital firm, has launched a new $300m USD liquidity fund to support employee retention for its portfolio companies, which include industry leaders such as Wiz, Fireblocks, Island, and Cyera. 🔗
Accenture And Microsoft Partnering On GenAI Cybersecurity
Accenture and Microsoft have announced a new co-investment in advanced generative AI cybersecurity solutions to help organizations defend against cyberthreats. Investments include SOC modernization, automated data protection, security mitigation and consolidation, and IAM. 🔗
Zip Security Raises $13.5m In Series A
Zip Security, a security, compliance, and IT automation platform, has raised $13.5 million USD in Series A funding, in a round led by Ballistic Ventures. Zip’s total funding raised is $21 million. 🔗
🏛️ Government & Law
UK Government Launches Vulnerability Research Initiative
The UK’s National Cyber Security Center (NCSC) has announced a new program to work with external partners from the cybersecurity industry, including on vulnerability research. 🔗
14 Arrested In UK Tax Agency Phishing Attack Investigations
Thirteen Romanian nationals were arrested in a joint investigation between the Romanian Police and HMRC for a phishing scam targeting the tax agency’s customers. 🔗
🔐 Cybersecurity Trends
MITRE Introduces New Framework For Preventing Crypto Threats
Non-for-profit security research and development organization MITRE has launched AADAPT (Adversarial Actions in Digital Asset Payment Technologies)—a new framework designed to address vulnerabilities in digital financial systems, including cryptocurrency. 🔗
Cybersecurity Investments Rise In 2025
Investors poured $4.2 billion into cybersecurity firms in Q2 2025 across 100 funding rounds, a 25% jump from $3.4 billion in Q2 2024, according to a new report from Pinpoint Search Group. 🔗
Mobile Phishing Scams On The Rise
Mobile-based phishing scams are impacting nearly 6 in 10 companies, with 77% of organizations facing at least one attack in the last six months, according to a new report from Lookout. 🔗
