What's New at UpGuard: July 2025
In this month's newsletter:
PS: This is the last edition of “What’s New at UpGuard,” but we've got exciting updates starting soon! Get ready for an all-new series of newsletters launching next month, packed with the latest from UpGuard and key industry insights. Stay tuned on our website and social media for updates—coming soon!
Security News Roundup
🇦🇺 Australia | Cybersecurity Dive | Transportation
Qantas confirmed that a vendor breach exposed data of 5.7 million passengers. Exposed records include names, email addresses, frequent-flyer numbers, and, for some, personal details such as birth dates and contact information.
🇺🇸 United States | Security Week | Government
The State Department is warning U.S. diplomats of attempts to impersonate Secretary of State Marco Rubio and possibly other officials using technology driven by artificial intelligence, according to two senior officials and a cable sent last week to all embassies and consulates.
🌎 Global | Bleeping Computer | Vulnerabilities
A new tapjacking technique, TapTrap, exploits Android UI animations to bypass permissions and access sensitive data or cause harmful actions. Unlike traditional methods, TapTrap works even in zero-permission apps and remains unaddressed in Android 15 and 16.
UpGuard Research
Following Asana's recent disclosure of a bug in its Model Context Protocol (MCP) server, UpGuard's research team analyzed the potential impact. This incident, while not an external hack, highlights the complex risks of third-party AI integrations and how they can lead to cross-account data exposure. Check out the full report to learn more about what happened—and key takeaways for managing your own software supply chain.
As teams build the next wave of AI applications, new attack surfaces are emerging. UpGuard Research investigated public-facing Chroma databases—a popular open-source tool for AI—and found that a significant number lack basic authentication. See our findings on how these misconfigurations can lead to sensitive data leaks and what you can do to secure your AI stack.
Company Highlights
In cybersecurity, trust is earned through results. For the third consecutive year, UpGuard has been named the top Third-Party & Supplier Risk Management solution in G2’s Summer 2025 Report—an honor awarded by security leaders who depend on us daily to manage complex risk. See the full report to find out why users trust us to help them build world-class vendor risk programs.
Whether you're new to UpGuard or want a refresher on our full capabilities, our weekly live deep dive is for you. Join us for a 30-minute interactive walkthrough of our platform's most powerful features, followed by an open Q&A with our product specialists. It’s the perfect opportunity to get your specific questions answered.
Planning on attending Black Hat? Be sure to drop by Booth #1961 to hear the latest on our products and what's coming soon. Grab a tasty mid afternoon snack with our catered popcorn service, or play a round of Jeopardy! Looking for something fun to do after the expo hall closes? Join us at Franklin Lounge for an exclusive reception—RSVP here!
New Cybersecurity Blogs