SparTech Software

SAP has addressed two significant vulnerabilities in its Graphical User Interface (SAP GUI) input history feature, affecting both the Windows and Java versions of the client. These flaws, tracked as CVE-2025-0055 and CVE-2025-0056, posed a risk of sensitive data exposure due to insecure local storage of user input history.

Mainline Health Systems, a nonprofit healthcare provider based in Arkansas, disclosed a major data breach affecting 101,104 individuals. The incident occurred on or about April 10, 2024, but was only confirmed after a detailed investigation concluded on May 21, 2025. The breach involved unauthorized access to the organization’s network, resulting in the exposure and potential theft of sensitive personal and health information.

As of June 2025, the U.S. Department of State has introduced a new rule requiring all applicants for F, M, and J nonimmigrant visas to set the privacy settings of their personal social media accounts to “public” before submitting their visa applications. This policy is now in effect globally and impacts students, vocational trainees, and exchange visitors seeking to travel to the United States.

Microsoft has announced it will extend Windows 10 Extended Security Updates (ESU) for an additional year, offering new and more flexible enrollment options for users who wish to keep their devices secure after the official end-of-support date on October 14, 2025.

French authorities have arrested five individuals believed to be operators of the notorious BreachForums hacking forum, a major online marketplace for trading and leaking stolen data. The arrests were carried out by the cybercrime unit (BL2C) of the Paris police department on June 23, 2025, with simultaneous raids conducted in the regions of Hauts-de-Seine (Paris), Seine-Maritime (Normandy), and Réunion (overseas).

A significant gap in Microsoft Entra’s subscription handling allows guest users to create and transfer Azure subscriptions into external tenants they’re invited to while retaining full ownership. This design oversight enables privilege escalation and unauthorized persistence, bypassing standard access controls.

A significant data breach involving thousands of personal records from the Saudi Games, one of the largest national sporting events in Saudi Arabia, was recently disclosed. The breach is attributed to a pro-Iranian hacktivist group known as Cyber Fattah, which announced the leak on June 22, 2025, via its official Telegram channel. The stolen data was published as SQL dumps after unauthorized access to the phpMyAdmin backend of the Saudi Games 2024 registration platform.