Deepfake scams, major data leaks, and corporate device exploits. It’s always a busy sight in cybersecurity with the bad, the good, and the not so good. While criminals keep finding new ways to deceive users, companies are also raising the bar on protection and vulnerability management.

Let’s take a closer look at the stories. 

Brazilian Scammers Used Gisele Bündchen Deepfakes to Defraud Victims

Brazilian authorities have uncovered a criminal ring that used AI to create fake videos of supermodel Gisele Bündchen and other celebrities promoting false investment schemes on Instagram.

A spokesperson for Bündchen’s team told consumers to be careful with ads that use celebrities to promote deals that seem too good to be true and to always confirm such offers.

Police investigations revealed that the group made millions of reais from victims across Brazil. Each scam targeted a different audience and ran through several accounts, which made it hard to spot until financial authorities tracked the suspicious money flow.

What’s the Implication of This?

This incident shows how deepfakes can be used to spread fraud on a large scale. AI-generated videos can mimic real people in a very convincing manner, which is powerful enough to win public trust. When familiar faces endorse fake offers, victims are more likely to respond without verifying.

What You Can Do

• Verify offers directly on the brand or celebrity’s official website or social pages.
• Report suspicious advertisements and monitor your account if you have already made a payment.

Apple Raises Top Bug Bounty Payout to $2 Million

Apple has announced an increase in its bug bounty program, with the top payout now reaching $2 million. Since the program’s creation, Apple has paid over $35 million to researchers who responsibly disclosed vulnerabilities.

The company explained that the payout depends on the severity and quality of the report. The higher amount is meant to reward critical discoveries affecting iOS, macOS, and iCloud systems.

What’s the Implication of This?

This increase is proof of Apple’s commitment to strengthening security through collaboration. By offering higher rewards, the company is encouraging ethical hackers to report vulnerabilities quickly, reducing the risk of those flaws being exploited by attackers.

What You Can Do

• Keep your devices updated so that newly fixed issues are applied automatically.

Qantas Confirms Major Data Breach from Third-Party Vendor 

Qantas has confirmed that customer information stolen earlier this year has now been released by hackers onto the internet. The breach affected about 5.7 million customer records. The information was taken from a third-party system used by Qantas's call centers, which is linked to software from Salesforce. 

The leaked data included names, phone numbers, frequent flyer details, and travel history, but the company says sensitive financial or passport details were not exposed.

What’s the Implication of This?

A breach of this size can cause long-term damage to both individuals and the organization. Stolen data can lead to identity theft, targeted scams, and financial fraud. Qantas could also face regulatory sanctions and reputational harm.

What You Can Do

• If you have a Qantas account, change your password.
• Keep an eye on your online accounts and financial statements for unusual activity.

Coordinated Attacks Target Cisco, Fortinet, and Palo Alto Devices

Cybersecurity company GreyNoise has reported a coordinated cyber campaign targeting devices from Cisco, Fortinet, and Palo Alto Networks. Attackers were observed engaging in scanning and reconnaissance activities, which included exploiting known vulnerabilities and attempting brute-force logins to gain deeper access into company networks.

The campaign focused on networking devices that manage data traffic between systems. According to researchers, these attacks are well-organized and show that threat actors are focusing on high-value infrastructure. Vendors have released patches and security updates to help organizations reduce the risks.

What’s the Implication of This?

When networking equipment is compromised, attackers can intercept sensitive data, monitor traffic, and launch follow-up attacks within corporate environments. Such breaches often take time to detect and can affect multiple connected systems.

What You Can Do

• Apply all available security patches and firmware updates from your device vendors.
• Limit administrative access to trusted personnel only.
• Monitor network logs for signs of unauthorized activity.

DraftKings Warns of Account Breaches from Credential Stuffing Attacks

Sports betting platform DraftKings has warned users about credential-stuffing attacks in which hackers used leaked passwords from other websites to gain access to customer accounts. As was the case in the major November 2022 incident, some users reported unauthorized withdrawals before their accounts were locked and reset

The company has contained the attack and advised customers to strengthen their passwords and use multi-factor authentication.

What’s the Implication of This?

Credential stuffing continues to thrive because many users reuse passwords across multiple services. Once hackers obtain a password from one breach, they can test it on several platforms to gain access to new accounts.

What You Can Do

• Review your recent transactions and report suspicious activity immediately.

Avnet Confirms Data Breach but Says Stolen Data Is Unreadable

Global electronics distributor Avnet has suffered a data breach involving unauthorized access to internal systems.  While some data was stolen, the company stated that the majority was unreadable without access to Avnet’s proprietary sales tool, which was not compromised.

Avnet reassured customers that their systems remain operational and that no direct impact has been reported. The company continues to investigate and is working with security specialists to strengthen its defenses.

What’s the Implication of This?

Even though the stolen data may be unreadable, the breach reveals the present threat to global supply chains. A single compromise can disrupt operations or expose data of countless partner companies if the proprietary format methods are later bypassed.

What You Can Do

• Check that your own organization’s data exchanges with Avnet remain secure.
• Ensure backups and response plans are up to date in case of indirect exposure.

Simple Habits that Keep You Safe Online

We all saw how tricky these attacks can be, from deepfakes to leaked passwords. The good thing is that you don't need to be a tech genius to fight back. Doing just a few simple things can block most common attacks.

Here are the easy security habits you should get into:

• Make Passwords Unique: Use a different, strong password for every online account; a password manager can make this super easy.
• Turn on "Two-Step Login" (MFA): Even if a criminal gets your password, they still need a code sent to your phone to get in. Always turn this on wherever you can.
• Keep Everything Updated: Those little update reminders for your phone and computer aren't just annoying; they fix security holes. Always update to stay protected.
• Stop and Think: If an email, text, or social media ad seems too good or too urgent, it's probably fake. Take a moment to check the official website yourself before you click on anything.

Want to keep up with what’s really happening in cybersecurity? Join our newsletter. It breaks down new threats and real cases and ways to stay safe online.