Over 29,000 Exchange servers unpatched against high‑severity flaw

Source: BleepingComputer

Over 29 000 Microsoft Exchange servers remain unpatched for CVE‑2025‑53786. This high‑severity flaw enables lateral movement from on‑premises Exchange to Microsoft 365. Shadowserver found more than 7 200 vulnerable U.S. servers; CISA urged organizations to patch immediately.

Link to article 

Initial Access Brokers Selling Bundles, Privileges and More

Source: Data Breach Today

The illicit market for “initial access” to networks is booming. Rapid7 notes an average price of $2 700 per listing, with about 40 % going for $500–$1 000. Group‑IB reports a 15 % year‑over‑year rise in access sales and that North American organizations account for 43 % of stolen‑credential listings.

Link to article

Pediatric Practice, IT Vendor Settle $5.15M Breach Suit

Source: InfoRisk Today

Boston Children’s Health Physicians and vendor ATSG will pay $5.15 million to resolve a class‑action lawsuit over a Sept 2024 data‑theft incident affecting 918 000+ patients and staff. The settlement offers two years of identity‑theft monitoring and up to $5 000 for documented losses.

Link to article

Connex Credit Union Breach Exposes 172,000 Members’ Data

Source: Infosecurity Magazine

A cyber‑attack on Connex Credit Union compromised names, account numbers, debit‑card details and Social Security numbers of about 172 000 members. No fraudulent transactions have surfaced; the credit union offers a year of credit monitoring and warns of imposter scams.

Link to article

Fortinet SSL VPNs Hit by Global Brute‑Force Wave

Source: The Hacker News

GreyNoise detected a surge of brute‑force attacks on Fortinet SSL VPN devices, with more than 780 malicious IPs targeting FortiOS on Aug 3 before shifting to FortiManager on Aug 5. Researchers warn these waves often precede disclosure of new vulnerabilities and stress prompt patching.

Link to article