Booking.com confirms hackers accessed customer names, emails, addresses, and booking details via third-party compromise. Stolen data is already fuelling targeted WhatsApp phishing attacks, exposing deep supply chain vulnerabilities in global travel platforms.
RISC-V pioneer SiFive has raised $400M in an oversubscribed Series G led by Atreides Management with Nvidia backing. Valued at $3.65B, the company is expanding into AI data centre CPUs via Nvidia's NVLink Fusion ecosystem.
Anthropic’s rise is no longer about models, but control. As it embeds across enterprise, leaked code reveals deep telemetry, remote overrides and emerging autonomy. Industry leaders warn the same systems reshaping business may amplify cyber risk beyond current defences.
A sophisticated ransomware attack by the INC Ransom group has crippled the OnSolve CodeRED emergency notification platform, impacting hundreds of US municipalities. The incident has forced the permanent decommissioning of the legacy system and exposed the personal data of millions of residents.
Cyber News Centre's cyber update for 25th November 2025: OnSolve, the operator of the widely used CodeRED emergency notification system, has been crippled by a ransomware attack, forcing the platform to be permanently decommissioned.
OnSolve provides the CodeRED mass notification system used by hundreds of municipalities across the United States to send emergency alerts, such as tornado warnings and evacuation notices, directly to residents' phones. The platform is a critical piece of public safety infrastructure for communities nationwide.
The Update: A sophisticated cyberattack has crippled the OnSolve CodeRED emergency notification platform, impacting hundreds of municipalities across the United States and potentially exposing personal information of millions of residents. The incident, which began in early November 2025, has forced OnSolve to permanently decommission its legacy CodeRED infrastructure and migrate customers to a new platform. The INC Ransom group has claimed responsibility for the attack, which they say resulted in the theft of user data including names, addresses, phone numbers, and passwords. In a statement, OnSolve's parent company, Crisis24, confirmed that data was removed from their systems and that it may be leaked.
The company stated, "Our forensic analysis continues to indicate that this is an incident strictly contained within the OnSolve CodeRED environment with no contagion beyond."
The attack has left many communities without a critical emergency communication tool while they transition to the new system.
Why it Matters: The successful attack on a nationwide emergency alert system highlights a significant and growing threat to critical public safety infrastructure. The compromise of CodeRED demonstrates that even systems designed to protect citizens in moments of crisis are vulnerable to sophisticated ransomware attacks. The potential leak of personal data for millions of people who signed up for these alerts erodes public trust in government-provided services. This incident forces a difficult conversation about the security of third-party vendors that provide critical services to government agencies and the cascading impact these breaches can have on public safety and personal privacy.
Get the stories that matter to you.
Subscribe to Cyber News Centre and update your preferences to follow our Daily 4min Cyber Update, Innovative AI Startups, The AI Diplomat series, or the main Cyber News Centre newsletter — featuring in-depth analysis on major cyber incidents, tech breakthroughs, global policy, and AI developments.
Booking.com confirms hackers accessed customer names, emails, addresses, and booking details via third-party compromise. Stolen data is already fuelling targeted WhatsApp phishing attacks, exposing deep supply chain vulnerabilities in global travel platforms.
Anthropic’s rapid push into enterprise AI and its $30B raise signal a new phase where autonomous systems drive both productivity and cyber risk. As AI executes tasks at machine speed, markets, governments and workers face a sharper question: who controls the systems now shaping outcomes.
Zero‑day bugs in high‑privilege edge and security tools are being weaponised faster than organisations can patch, compressing response windows for Asia–Pacific defenders and turning shared enterprise stacks into a regional blast radius for attack.
Iran’s confrontation with the US and Israel is playing out as a rolling cyber campaign, with Iran aligned and proxy groups running noisy DDoS, defacement and hack and leak attacks on banks, telecoms and government targets, while active Chrome zero days give attackers fresh options.
Where cybersecurity meets innovation, the CNC team delivers AI and tech breakthroughs for our digital future. We analyze incidents, data, and insights to keep you informed, secure, and ahead. Sign up for free!
