In a significant move for cybersecurity, Microsoft has announced it will provide free extended security updates for Windows 10 users across the European Economic Area (EEA). This decision comes in response to advocacy from Euroconsumers, a consumer protection organization representing approximately 1.5 million households in Europe and Brazil. The organization has urged Microsoft to reconsider the planned end-of-support date for Windows 10, currently set for October 14, 2025, citing that previous versions like Windows 7 and Windows XP enjoyed support for more than seven years after the introduction of newer systems.
Meanwhile, the saga of a teenage hacker continues to unfold. A 17-year-old, who had previously surrendered to authorities for cyberattacks on Las Vegas casinos, has been released into the custody of his parents following a family court ruling. This young individual is believed to be affiliated with the Scattered Spider group, responsible for breaching the networks of MGM Resorts and Caesars Entertainment, resulting in damages exceeding 0 million. His internet access has been limited to educational purposes, raising questions about whether he retains possession of .8 million in bitcoin linked to the attacks.
In another incident within the gaming sector, Boyd Gaming, a prominent Las Vegas company, has reported a cyberattack that led to the theft of employee data. In a notification to the Securities and Exchange Commission, Boyd Gaming confirmed that information from its internal IT system was compromised, although it reassured stakeholders that the attack did not affect its properties or business operations. The timeline of the attack remains unclear, as does whether ransomware was involved.
Security Vulnerabilities in Technology
On the technical front, researchers from Binarly have issued warnings regarding vulnerabilities in firmware produced by Supermicro, a key player in server and data center hardware. These vulnerabilities in the Baseboard Management Controller could allow attackers to install malicious updates, potentially granting them persistent control over both the BMC system and the main server operating system. This discovery highlights the ongoing challenges in maintaining robust security in hardware systems.
Salesforce has also been in the spotlight due to a critical flaw identified in its Agentforce platform, which is designed for developing AI agents. Cybersecurity experts from Noma Security have revealed that this vulnerability, dubbed ForcedLeak, could enable attackers to extract sensitive data from Salesforce’s CRM tools through indirect prompt injection. With a CVSS score of 9.4, this flaw poses a significant risk to organizations utilizing Salesforce Agentforce with Web-to-Lead functionality enabled.
In a distressing development, Kido International, a preschool and daycare organization, fell victim to a cyberattack by the Radiant Group, resulting in the leak of sensitive information about children and their parents. This breach has been condemned by cybersecurity professionals as particularly egregious, given the vulnerable nature of the affected individuals.
Volvo North America has disclosed a data breach stemming from a ransomware attack on its third-party supplier, Miljödata. This incident, which occurred in August, compromised personal data of Volvo employees and affected numerous other organizations. The ransomware group DataCarry has claimed responsibility for this attack, further complicating the landscape of cybersecurity for businesses reliant on third-party services.
Lastly, a critical flaw has been identified in the ZendTo file transfer application, which could allow authenticated users to manipulate file paths and access sensitive data from the host system. This vulnerability, assigned CVE-2025-34508, underscores the importance of rigorous security measures in software applications.
