From AI abuse to new ransomware waves, this week’s security stories show that no one—whether a nonprofit, school, healthcare provider, or government agency—is immune from digital threats. We’ve rounded up the most important headlines to help you stay alert, aware, and ready to respond.
AI Chatbots Pose Real-World Risk with Phishing, Malware, and Bad Code
Security researchers warn that public AI chatbots can inadvertently generate phishing links, malicious code, or unsafe downloads when manipulated. This is particularly concerning for organizations that rely on AI tools for internal efficiency or public-facing services.
Read more on Help Net Security
McHire AI Hiring Tool Exposes McDonald’s Job Seekers’ Data
A leak in McDonald’s AI-powered hiring tool exposed the personal data of job applicants. Organizations leveraging automated systems for HR and outreach must ensure their vendors meet privacy and security standards.
Read more on HackRead
How to Help Seniors Avoid Online Scams
SANS’ latest OUCH! newsletter offers practical tips for educating and protecting seniors from increasingly sophisticated cyber scams. Hope-based groups and nonprofits supporting older adults should consider integrating this guidance into outreach programs. Read more on SANS OUCH!
AI Impersonator Poses as Senator Rubio in Foreign Calls
An AI-generated voice impersonating Senator Marco Rubio was used to contact U.S. and foreign officials. This tactic demonstrates how generative AI is being weaponized for influence campaigns, with potential ramifications for nonprofits involved in policy advocacy or civic engagement.
Read more on SecurityWeek
Health Data Breach Impacts 263,000 at Esse Health
A cyberattack on Esse Health exposed data from over a quarter-million individuals. Healthcare-focused organizations should take this as another wake-up call to revisit access controls and data encryption practices.
Read more on SecurityWeek
July Sees Surge in Healthcare Ransomware Attacks
At least seven healthcare providers faced ransomware attacks in early July, affecting patient care and data integrity. Nonprofit clinics and service providers are strongly encouraged to test backup systems and implement multi-layered defenses.
Read more on HIPAA Journal
Glasgow City Council Hit by Cyberattack
A recent cyber incident disrupted digital services in Glasgow, affecting local government operations. Municipal and civic organizations should strengthen email filtering and endpoint protections.
Read more on The Register
Let’s Encrypt Discontinues Expiry Notifications for Certificates
To reduce operational costs and enhance privacy, Let’s Encrypt will no longer send expiration notices. Nonprofits using Let’s Encrypt certificates should implement alternative monitoring methods to avoid unplanned service interruptions.
Read more on BleepingComputer
Forminator WordPress Plugin Vulnerability Affects 400,000+ Sites
A severe vulnerability in the Forminator plugin used by many WordPress sites could allow attackers to gain full control. Churches and small nonprofits relying on WordPress should update immediately.
Read more on SecurityWeek
Microsoft Patch Tuesday: July 2025 Edition
Microsoft released critical security patches for Windows and related products in its July update. Organizations should prioritize patching to protect against known vulnerabilities.
Read more on Krebs on Security
HopeNet reviews a variety of security news sources so you don’t have to! This list is curated specifically for churches, nonprofits, and other Organizations of Hope. The headlines and our added comments are meant to provide enough to get an overview of recent happenings, but links are also provided for readers who want to explore certain topics deeper.
If this was shared with you and you would like to receive a copy directly to your email, please sign up for this FREE newsletter at HopeNetCISO.com. Also, check out the Services section of our site for ways we can help! Thanks for reading!