US Court System Hacked – Witness Information Compromised

A targeted attack on the electronic case management system PACER of the US federal court system has led to a potential data leak. Particularly critical: Alongside internal documents, information about protected witnesses may also have become public. Initial analyses suggest a state-sponsored hacking group.
🔗 Politico: Federal court filing system hit in sweeping hack

Data Leak at Air France & KLM via Third-Party Tool

Attackers were able to access frequent flyer data such as names, email addresses, and bonus numbers through a compromised customer service tool. While credit card or travel data were not affected, the incident underscores the importance of secure third-party management.
🔗 SecurityWeek: Hackers Accessed Air France-KLM Customer Data

New Exchange Vulnerability (CVE-2025-53786) Poses Risk to Hybrid Environments

Microsoft warns of a critical vulnerability in on-premise Exchange servers that allows privilege escalation when used with hybrid configurations. Administrators should check whether their systems are properly secured and patched.
🔗 SecurityWeek: Exchange flaw in hybrid setups

PXA Stealer: New Linux Malware Targets Passwords and Payment Data

A new Python-based infostealer threatens Linux systems and systematically extracts browser data, logins, and wallet information. The malware is currently being traded in underground forums and being actively tested in campaigns.
🔗 Cybersecurity Review: PXA Stealer for Linux

AI Outperforms Humans in Red Teaming: Claude from Anthropic Impresses in CTFs

In recent Capture-the-Flag simulations, the AI model "Claude" from Anthropic demonstrated that it can surpass human red teams in analysis speed and pattern recognition. Concurrently, Microsoft announced "Project Ire", an autonomous AI tool for malware detection.
🔗 Axios: Anthropic's Claude outperforms humans in hacking challenges

Safe is Who is Prepared

This week’s events show: Threats are becoming increasingly interconnected, multifaceted, and technologically sophisticated. Particularly noticeable are the attack surfaces through third parties, cloud platforms, and hybrid IT infrastructures – often underestimated but highly critical.

With penetration tests, risk analyses, and awareness measures (e.g., phishing & ransomware simulations), we support companies in identifying and effectively securing such vulnerabilities early.

Do you want to put your security strategy to the test?
Book your free initial consultation now – you can find the link in the first comment.