183 million credentials, including confirmed Gmail login details, has been added to the Have I Been Pwned database. The data, sourced from infostealer malware logs, highlights the persistent threat of credential-stealing software and the critical need for multi-factor authentication and passkeys.
Australian data centre leader AirTrunk, backed by Blackstone, has struck a US$3 billion deal with Saudi Arabia’s HUMAIN, aligning with the Trump administration’s push for Western AI dominance. The partnership cements the Gulf as the new frontier for AI infrastructure and geopolitical tech power.
US pharmacy benefit manager MedImpact Healthcare Systems has confirmed a ransomware attack by the prolific Qilin gang. The group claims to have exfiltrated 160GB of data, including financial operation details and claims reports, raising significant concerns for the healthcare sector.
Heart Research Australia responds to website malware affecting donation systems while NASCAR confirms Medusa ransomware attack exposed names and Social Security numbers of racing fans in $4 million extortion demand.
Cyber News Centre's cyber update for 29th July 2025: Heart Research Australia has disclosed a cyber incident involving malware on its donation website that may have affected donor devices. Meanwhile, NASCAR has confirmed a major data breach following a Medusa ransomware attack that exposed names and Social Security numbers of racing fans.
Heart Research Australia is a leading medical research charity dedicated to funding cardiovascular research across Australia. The organization supports critical research into heart disease prevention, treatment, and cure through public donations and community partnerships.
Update: Heart Research Australia announced on July 28, 2025, that it is investigating a cyber incident involving unusual activity on its website that may have affected devices used to make online donations between June 25 and June 30, 2025. The incident was resolved quickly, and the organization has implemented additional security measures to prevent reoccurrence.
Importantly, Heart Research Australia stated it has no indication that any personal data or donations were compromised during this period. The charity has notified relevant government agencies and law enforcement authorities including the Australian Cyber Security Centre (ACSC) and NSW Police. The organization has begun contacting donors believed to be affected directly with steps they can take to identify, remove and protect their systems from any malware that may have been installed on their devices.
Why it Matters: This incident highlights the growing threat to Australian charitable organizations and the potential for cybercriminals to target donation systems to distribute malware. The rapid response and transparency demonstrated by Heart Research Australia sets a positive example for incident disclosure in the nonprofit sector.
This serves as a reminder to maintain updated security software and monitor their devices for unusual activity after visiting websites, particularly during donation processes. The incident also demonstrates how quickly malware can be deployed through compromised websites and the importance of robust website security for organizations handling financial transactions.
The National Association for Stock Car Auto Racing (NASCAR) is America's premier stock car racing organization, headquartered in Daytona Beach, Florida. Founded in 1948, NASCAR governs stock car racing across the United States, owns 16 major motorsport facilities nationwide, and employs over 8,700 people.
Update: NASCAR has confirmed that it suffered a cyberattack and data breach between March 31 and April 3, 2025, which resulted in the theft of personal information including names and Social Security numbers of racing fans. The organization detected the unusual activity on April 3 and immediately launched an investigation with specialized cybersecurity firms while notifying law enforcement.
The Medusa ransomware group claimed responsibility for the attack in April 2025, adding NASCAR to its data leak site and demanding a $4 million ransom with a deadline of April 19. The group claimed to have stolen over one terabyte of data from NASCAR's network. NASCAR began notifying affected individuals on July 24, offering one year of free credit and identity monitoring services through Experian IdentityWorks. The organization has also established a toll-free call center to assist with inquiries related to the incident.
Why it Matters: This breach demonstrates the continued targeting of major American organizations by sophisticated ransomware groups like Medusa, which has previously attacked high-profile victims including Toyota Financial Services and Minneapolis Public Schools. The three-month delay between the attack and public disclosure raises questions about notification timelines and the complexity of determining what data was actually compromised.
For NASCAR's millions of fans, the exposure of Social Security numbers creates significant identity theft risks that could persist for years. The incident highlights how ransomware groups increasingly use double-extortion tactics, stealing data before encryption to maintain leverage even if victims restore from backups. The $4 million ransom demand reflects the scale and sophistication of modern ransomware operations targeting organizations with valuable data and significant revenue streams.
Get the stories that matter to you.
Subscribe to Cyber News Centre and update your preferences to follow our Daily 4min Cyber Update, Innovative AI Startups, The AI Diplomat series, or the main Cyber News Centre newsletter — featuring in-depth analysis on major cyber incidents, tech breakthroughs, global policy, and AI developments.
183 million credentials, including confirmed Gmail login details, has been added to the Have I Been Pwned database. The data, sourced from infostealer malware logs, highlights the persistent threat of credential-stealing software and the critical need for multi-factor authentication and passkeys.
US pharmacy benefit manager MedImpact Healthcare Systems has confirmed a ransomware attack by the prolific Qilin gang. The group claims to have exfiltrated 160GB of data, including financial operation details and claims reports, raising significant concerns for the healthcare sector.
Microsoft has issued an out-of-band security update for a critical Remote Code Execution vulnerability, CVE-2025-59287, in its Windows Server Update Service. The flaw, which has a CVSS score of 9.8, is under active exploitation by threat actors, prompting a high-priority alert from CISA.
Japanese retail giant Muji has suspended all online sales after a ransomware attack crippled its logistics partner, Askul Corporation, affecting multiple major retailers and highlighting critical supply chain vulnerabilities.
Where cybersecurity meets innovation, the CNC team delivers AI and tech breakthroughs for our digital future. We analyze incidents, data, and insights to keep you informed, secure, and ahead. Sign up for free!
