Parspec has secured $20 million in Series A funding to scale its AI-powered platform that automates quoting, submittals, and product selection for construction distributors. Already adopted by industry giants, Parspec is transforming one of the sector’s most outdated workflows.
UK teens arrested over £300M retail cyberattacks. CISA confirms CitrixBleed 2 is being exploited and demands urgent patching. McDonald’s exposed 64M job applications through its AI hiring tool using default login credentials.
Chamath Palihapitiya is launching 8090, an AI-powered “Software Factory” enabling solo founders to build billion-dollar products without engineering teams. He claims coding roles will soon shift to supervision only, as AI handles full software development from input to deployment.
UK teens arrested over £300M retail cyberattacks. CISA confirms CitrixBleed 2 is being exploited and demands urgent patching. McDonald’s exposed 64M job applications through its AI hiring tool using default login credentials.
Cyber News Centre’s cyber update for 14th July 2025: UK authorities have arrested four suspects, including three teenagers, connected to cyberattacks on major retailers such as M&S and Harrods that caused over £300 million in damages. CISA has confirmed active exploitation of the CitrixBleed 2 vulnerability and issued a 24-hour directive for federal agencies to patch affected Citrix NetScaler systems. Meanwhile in the US, McDonald’s AI-powered hiring platform exposed personal data from 64 million job applications due to the use of default login credentials.
The UK's National Crime Agency (NCA) is the country's lead law enforcement agency for serious and organized crime, including cybercrime investigations. The agency works with international partners to combat threats to national security and economic interests.
Update: The NCA arrested four individuals on Thursday in connection with devastating cyberattacks that hit major UK retailers M&S, Co-op, and Harrods in April and May 2025. The suspects include a 20-year-old woman detained in Staffordshire and three males aged 17-19 arrested in London and the West Midlands, with one being a Latvian national.
Authorities seized electronic devices and are holding the suspects on charges under the Computer Misuse Act, plus blackmail, money laundering, and organized crime group involvement. The attacks, suspected to be linked to the notorious Scattered Spider cybercrime collective, caused extensive disruption with M&S alone facing £300 million in lost profits and some systems remaining offline until October.
Why it Matters: These arrests represent a significant breakthrough in combating sophisticated cybercrime groups that target critical retail infrastructure. The connection to Scattered Spider, known for advanced social engineering tactics and attacks on major organizations like MGM Resorts and Caesars Entertainment, highlights the international scope of modern cyber threats.
The massive financial impact on M&S demonstrates how cyberattacks can threaten business continuity and economic stability. The involvement of teenagers in such sophisticated operations underscores the evolving threat landscape where young individuals can cause hundreds of millions in damages, emphasizing the need for enhanced cybersecurity education and international cooperation in law enforcement.
The Cybersecurity and Infrastructure Security Agency (CISA) is the operational lead for federal cybersecurity and the national coordinator for critical infrastructure security and resilience. CISA works to understand, manage, and reduce risk to the cyber and physical infrastructure Americans rely on every hour of every day.
Update: CISA has confirmed active exploitation of CVE-2025-5777, dubbed "CitrixBleed 2," affecting Citrix NetScaler ADC and Gateway systems. The agency added this critical vulnerability to its Known Exploited Vulnerabilities (KEV) catalog and issued a binding operational directive requiring federal agencies to patch within 24 hours.
The flaw, with a CVSS v4.0 score indicating high severity, allows attackers to bypass multi-factor authentication and hijack user sessions without requiring authentication. Proof-of-concept exploits became publicly available shortly after technical details were disclosed, leading to rapid weaponization by threat actors. The vulnerability affects widely deployed enterprise networking infrastructure used by organizations globally.
Why it Matters: The rapid exploitation of CitrixBleed 2 demonstrates how quickly attackers can weaponize newly disclosed vulnerabilities, particularly those affecting critical network infrastructure. The ability to bypass MFA and hijack sessions makes this vulnerability extremely dangerous for enterprise environments where Citrix systems often serve as gateways to sensitive internal networks.
CISA's emergency directive reflects the severity of the threat to federal systems and critical infrastructure. Organizations using Citrix NetScaler systems face immediate risks of unauthorized access, data theft, and lateral movement within their networks. The 24-hour patching deadline underscores the urgency of addressing this actively exploited vulnerability.
McDonald's Corporation operates over 40,000 restaurants worldwide and processes millions of job applications annually through its AI-powered McHire platform, which uses automated screening and chatbot technology to streamline recruitment.
Update: Cybersecurity researchers discovered that McDonald's McHire AI hiring platform exposed personal data from over 64 million job applications across the United States due to a critical security flaw. The breach occurred because the system used a default administrator username and password combination of "123456," allowing researchers to access live applicant dashboards and extract personally identifiable information through a vulnerable API. The exposure affected job seekers' names, contact information, and application details stored in the AI-powered recruitment system. McDonald's has since secured the platform, but the incident highlights fundamental security failures in AI-driven hiring tools that process sensitive personal data at scale.
Why it Matters: This breach demonstrates how AI systems can amplify security risks when basic protections are overlooked during deployment. The use of default credentials in a system processing millions of applications reveals dangerous gaps in AI security governance, particularly for platforms handling sensitive personal information. The incident affects job seekers who trusted McDonald's with their personal data, potentially exposing them to identity theft and fraud. This case illustrates the broader challenge of securing AI-powered business tools, where rapid deployment often outpaces security considerations, creating massive exposure risks for both companies and individuals.
Get the stories that matter to you.
Subscribe to Cyber News Centre and update your preferences to follow our Daily 4min Cyber Update, Innovative AI Startups, The AI Diplomat series, or the main Cyber News Centre newsletter — featuring in-depth analysis on major cyber incidents, tech breakthroughs, global policy, and AI developments.
Czech Republic issues government warning against DeepSeek AI products citing national security concerns. Critical mcp-remote vulnerability affects 437,000+ downloads enabling remote code execution. ZuRu malware targets macOS developers via trojanized Termius app.
Microsoft patches 137 vulnerabilities including critical SPNEGO flaw, SAP addresses record 27 security notes with maximum CVSS 10.0 vulnerability, while 2.3 million users fall victim to sophisticated browser extension hijacking campaign.
Samsung rolled out a critical Galaxy update fixing 38 flaws, including a serious chip vulnerability, while Google issued no Android patches for July. Ingram Micro recovered from a ransomware attack, and Nippon Steel Solutions disclosed a March breach involving stolen corporate data.
Where cybersecurity meets innovation, the CNC team delivers AI and tech breakthroughs for our digital future. We analyze incidents, data, and insights to keep you informed, secure, and ahead. Sign up for free!
