Saint Paul City Council Extends Local State of Emergency to Respond to Digital Security Incident

Article Link: https://www.stpaul.gov/news/saint-paul-city-council-extends-local-state-emergency-respond-digital-security-incident

• The Saint Paul City Council voted unanimously on August 1 to extend Mayor Melvin Carter’s local state of emergency for 90 days in response to an ongoing digital security incident. This state of emergency enables rapid mobilization of local, state, and federal resources.
• The extension enables a thorough forensic investigation and continuity of essential city services. The incident was detected as suspicious activity on the internal network Friday, July 25.
• At the request of Mayor Carter, Governor Tim Walz issued an executive order activating the Minnesota National Guard’s cyber protection teams. Saint Paul has maintained public safety, ensured on-time employee payments, and restored many customer service lines.
• This event highlights the importance of swift municipal response to digital incidents for continuity of public services. Other municipalities must establish clear intergovernmental collaboration plans.

The Healthcare Industry Is at a Cybersecurity Crossroads

Article Link: https://www.csoonline.com/article/4026877/the-healthcare-industry-is-at-a-cybersecurity-crossroads.html  

• The healthcare industry faces a crossroads, becoming an accessible target due to evolving models, rapid technology integration, and staff shortages. Despite vast US healthcare spending, hospital operating margins remain narrow (less than 5% in 2024), creating a complex security landscape.
• Technology transformations, including extensive digital processes, widespread AI adoption, and massive data generation on the order of exabytes of data per year, 90% of which is considered sensitive, are reshaping the sector. This transformation expands the attack surface, introducing new vulnerabilities.
• Existing security issues are severe; 2024 saw 276.7 million patient records compromised, affecting over 80% of the US population. The Change Healthcare ransomware attack alone impacted 190 million individuals. New technologies like IoMT (Internet of Medical Things) devices, with inherent flaws, could worsen these risks.
• CISOs must lead AI governance, gauge staffing and budget needs, and address attack surface management. Data security, including discovery, classification, and AI model integrity, is paramount. Adopting a “threat-informed defense” to understand adversary tactics provides guidance.

Third of Exploited Vulnerabilities Weaponized Within a Day of Disclosure

Article Link: https://www.infosecurity-magazine.com/news/third-kev-exploited/  

• A VulnCheck report for the first half of 2025 indicates nearly one-third (32.1%) of known exploited vulnerabilities were weaponized before or within 24 hours of disclosure. This represents an 8.5% increase from 2024 figures. VulnCheck added 432 new entries to its Known Exploited Vulnerabilities catalog during this period.
• Threat actors are accelerating their exploitation efforts, showing a growing reliance on zero-day attacks. Prominent categories for these rapidly exploited flaws include Content Management Systems (86 entries), network edge devices (77 entries), and server software (61 entries). This quick weaponization compresses the available defense window for organizations.
• Microsoft, with 32 CVEs, ranked as the most targeted vendor, closely followed by Cisco with 10 CVEs. Hardware vulnerabilities also experienced a noticeable rise. While Chinese and North Korean state-linked groups showed decreased activity, Russian and Iranian actors notably increased their exploitation endeavors.
• Organizations must swiftly address emerging threats. It becomes paramount to rapidly apply available patches and remain informed on evolving adversary tactics, particularly regarding shifts in state-linked group activities. Prompt intelligence consumption assists organizations in lessening exposure to newly weaponized vulnerabilities.
• VulnCheck report: https://www.vulncheck.com/blog/state-of-exploitation-1h-2025

Microsoft’s Recall Feature Under Scrutiny as Brave and AdGuard Join Signal in Blocking Screenshot Access

Article Link: https://www.ainvest.com/news/microsoft-recall-feature-scrutiny-brave-adguard-join-signal-blocking-screenshot-access-2507/  

• Brave and AdGuard now block Microsoft’s Recall screenshot-capturing feature by default due to privacy concerns. Brave will block it on Windows 11 and newer systems.
• Recall captures full-screen screenshots on Copilot Plus PCs every few seconds, storing them in a plaintext database. This raises concerns about sensitive data, including private chats and Browse history. Brave’s method extends private Browse protections to all tabs.
• Introduced in May 2024, Recall faced immediate criticism for exploitation potential. Brave’s solution allows regular screenshots while specifically blocking Recall, unlike Signal’s approach.
• This move establishes new standards for browser-level protection against operating system surveillance. It demonstrates a principled commitment to user privacy, offering a template for safeguarding users while preserving functionality.

Critical Flaw in Vibe-Coding Platform Base44 Exposes Apps

Article Link: https://www.darkreading.com/application-security/critical-flaw-vibe-coding-base44-exposed-apps

• Researchers at Wiz discovered a now-patched authentication flaw in Base44, an AI-powered vibe-coding platform. This vulnerability granted unauthorized users open access to any private application. Wix, Base44’s acquirer, addressed the issue updated its authentication controls.
• The flaw stemmed from Base44 inadvertently exposing user registration and one-time password verification system parts. Easily discoverable app IDs allowed attackers to register accounts for unowned apps, bypassing single sign-on.
• This put potentially thousands of enterprise applications at risk, including chatbots and those with sensitive user data. While no evidence of prior exploitation exists, the low barrier to entry allowed systematic compromise.
• “Vibe coding” platforms democratize software development but introduce new security risks that expand and introduce new attack surfaces. Organizations must prioritize fundamental controls like proper authentication and secure API design.

Apple Patches Safari Vulnerability Also Exploited as Zero-Day in Google Chrome

Article Link: https://thehackernews.com/2025/07/apple-patches-safari-vulnerability-also.html  

• Apple issued security updates fixing CVE-2025-6558, a vulnerability also exploited as a zero-day in Google Chrome. This flaw involves incorrect input validation in browser ANGLE and GPU components. Updates were released Tuesday for Apple software.
• The vulnerability enables a sandbox escape via a crafted HTML page. Google confirms an exploit exists, discovered by its Threat Analysis Group. It affects Apple’s WebKit engine, potentially causing Safari to crash from malicious web content.
• This open-source vulnerability impacts numerous Apple devices. Patches cover iOS 18.6, iPadOS 18.6/17.7.9, macOS Sequoia 15.6, tvOS 18.6, watchOS 11.6, and visionOS 2.6. These updates span iPhones, iPads, Macs, and other Apple hardware.
• No evidence shows this flaw specifically targeted Apple device users. However, updating to the latest software versions is a good practice. This action assists in maintaining optimal device protection from potential exploitation.

Hundreds of Registered Data Brokers Ignore User Requests Around Personal Data

Article Link: https://cyberscoop.com/data-brokers-california-ccpa-non-compliance-privacy/  

• A UC Irvine study reveals widespread non-compliance by California data brokers regarding user data requests. Researchers contacted 543 registered companies under the California Privacy Protection Act by making a Verifiable Consumer Request; 43 percent of these companies failed to respond.
• The brokers who did respond often created hurdles, lacking standardized request processes and imposing inconsistent identity verification, and deliberately making the request process more difficult. This created a “privacy paradox,” requiring users to provide more personal data to limit its exposure.
• Experts argue regulators ought to strengthen enforcement of current privacy laws. Critics note the irony: brokers selling data broadly become strict when users attempt to opt out, creating friction to deter requests.
• Consumers ought to be aware of these challenges when seeking data control. Regulators ought to standardize request processes and increase enforcement to promote greater accountability and improved consumer data protection.
• UC Irvine study: https://arxiv.org/pdf/2506.21914

Research Shows Data Breach Costs Have Reached an All-Time High

Article Link: https://cyberscoop.com/ibm-cost-data-breach-2025/

• IBM’s 20th annual Cost of a Data Breach Report, released Wednesday, shows U.S. companies facing an all-time high average cost of $10.22 million per breach in 2025. Conversely, the global average cost declined 9% to $4.44 million, the first global drop in five years.
• In the U.S., higher regulatory fines and detection and escalation costs drive up prices. Globally, shorter breach identification and containment times, at a nine-year low of 241 days, help reduce overall costs. Faster detection correlates with reduced breach impact.
• Healthcare remained the most impacted industry for the 14th consecutive year at $7.42 million. Malicious activities caused 51% of breaches, with phishing as the most common initial access vector. 13% of organizations experienced breaches involving AI models.
• Nearly two-thirds of organizations are still recovering from breaches. Organizations increasingly refuse ransom demands. Many lack AI governance policies; developing these and prioritizing rapid detection become essential for mitigating emerging AI security attacks.
• IBM report: https://www.ibm.com/reports/data-breach