Australian car rental insurer Prosura has suffered a major data breach, exposing the personal and policy information of an estimated 300,000 customers. Attackers are now selling the stolen data identity data on a public forum after the company reportedly failed to meet their demands.
Spangle AI, a startup founded by former Amazon and Bolt executives, has raised $15 million in a Series A round to build an agentic infrastructure for ecommerce. The platform connects AI-driven product discovery with real-time conversion.
Instagram is denying a system breach after data from 17.5 million accounts was leaked online and users were hit with a wave of password reset emails. Meta says it fixed a bug causing the email spam, but the leaked data, though likely old, still poses a significant phishing risk to users.
A sophisticated ransomware attack by the INC Ransom group has crippled the OnSolve CodeRED emergency notification platform, impacting hundreds of US municipalities. The incident has forced the permanent decommissioning of the legacy system and exposed the personal data of millions of residents.
Cyber News Centre's cyber update for 25th November 2025: OnSolve, the operator of the widely used CodeRED emergency notification system, has been crippled by a ransomware attack, forcing the platform to be permanently decommissioned.
OnSolve provides the CodeRED mass notification system used by hundreds of municipalities across the United States to send emergency alerts, such as tornado warnings and evacuation notices, directly to residents' phones. The platform is a critical piece of public safety infrastructure for communities nationwide.
The Update: A sophisticated cyberattack has crippled the OnSolve CodeRED emergency notification platform, impacting hundreds of municipalities across the United States and potentially exposing personal information of millions of residents. The incident, which began in early November 2025, has forced OnSolve to permanently decommission its legacy CodeRED infrastructure and migrate customers to a new platform. The INC Ransom group has claimed responsibility for the attack, which they say resulted in the theft of user data including names, addresses, phone numbers, and passwords. In a statement, OnSolve's parent company, Crisis24, confirmed that data was removed from their systems and that it may be leaked.
The company stated, "Our forensic analysis continues to indicate that this is an incident strictly contained within the OnSolve CodeRED environment with no contagion beyond."
The attack has left many communities without a critical emergency communication tool while they transition to the new system.
Why it Matters: The successful attack on a nationwide emergency alert system highlights a significant and growing threat to critical public safety infrastructure. The compromise of CodeRED demonstrates that even systems designed to protect citizens in moments of crisis are vulnerable to sophisticated ransomware attacks. The potential leak of personal data for millions of people who signed up for these alerts erodes public trust in government-provided services. This incident forces a difficult conversation about the security of third-party vendors that provide critical services to government agencies and the cascading impact these breaches can have on public safety and personal privacy.
Get the stories that matter to you.
Subscribe to Cyber News Centre and update your preferences to follow our Daily 4min Cyber Update, Innovative AI Startups, The AI Diplomat series, or the main Cyber News Centre newsletter — featuring in-depth analysis on major cyber incidents, tech breakthroughs, global policy, and AI developments.
Australian car rental insurer Prosura has suffered a major data breach, exposing the personal and policy information of an estimated 300,000 customers. Attackers are now selling the stolen data identity data on a public forum after the company reportedly failed to meet their demands.
Instagram is denying a system breach after data from 17.5 million accounts was leaked online and users were hit with a wave of password reset emails. Meta says it fixed a bug causing the email spam, but the leaked data, though likely old, still poses a significant phishing risk to users.
A sophisticated Chinese-speaking threat actor has been caught exploiting a trio of VMware ESXi zero-day vulnerabilities, allowing them to escape virtual machines and gain full control of the underlying hypervisor.
Gulshan Management Services, a Texas-based operator of ~150 gas stations, has disclosed a major data breach affecting over 377,000 individuals. The breach, resulting from a phishing attack that led to a ransomware infection, exposed highly sensitive personal and financial information.
Where cybersecurity meets innovation, the CNC team delivers AI and tech breakthroughs for our digital future. We analyze incidents, data, and insights to keep you informed, secure, and ahead. Sign up for free!
