Ransomware attack disrupts K Club ahead of Irish Open — The K Club in County Kildare suffered a ransomware breach by a group calling itself SafePay, who exfiltrated sensitive financial and IT records just days before hosting a major golf tournament (06-09-2025) [EU]. The attackers demanded a ransom based on annual revenue, and Ireland’s Data Protection Commission has launched a formal inquiry. (Source: The Times, 06-09-2025).

Chinese-linked hackers impersonated U.S. lawmaker for spyware delivery — APT41 spoofed Rep. John Moolenaar to deliver spyware to U.S. trade groups ahead of international negotiations in Sweden (06-09-2025) [Global]. The operation aimed to access confidential sanctions drafts and is under investigation by the FBI and Capitol Police. (Source: WSJ, 06-09-2025).

Critical Sitecore vulnerability actively exploited — CISA warned that CVE-2025-53690, a remote code execution flaw in Sitecore, is being actively exploited across multiple deployments (07-09-2025) [Global]. Urgent patching is advised to mitigate this high-severity threat affecting enterprise content systems. (Source: The Hacker News, 07-09-2025).

New CastleRAT malware deployed by cyber-mercenary group TAG‑150 — TAG‑150, a known MaaS group, has launched a new RAT tool named CastleRAT, enabling highly modular remote access operations (07-09-2025) [Global]. Analysts warn this indicates growing accessibility to sophisticated tooling for less skilled actors. (Source: DarkReading, 07-09-2025).

CISA renewal bill (WIMWAG) advances in U.S. House — Lawmakers advanced the Widespread Information Management for the Welfare of Infrastructure and Government (WIMWAG) Act to extend CISA protections through 2035 (06-09-2025) [US]. The bill includes new privacy provisions but faces Senate pushback over censorship concerns. (Source: WSJ, 06-09-2025).