Extortion emails name-drop Big Red's E-Business Suite, though Google and Mandiant yet to find proof of any breach Criminals with potential links to the notorious Clop ransomware mob are bombarding Oracle execs with extortion emails, claiming to have stolen sensitive data from Big Red's E-Business Su...

Allianz Life and WestJet lead the way, along with a niche software shop A trio of companies disclosed data breaches this week affecting approximately 3.7 million customers and employees across North America.…

‘Phantom Taurus’ created custom malware to hunt secrets across Asia, Africa, and the Middle East Threat-hunters at Palo Alto Networks’ Unit 42 have decided a gang they spotted two years ago is backed by China, after seeing it sling a new variety of malware.…

MCP plus open source plus typosquatting equals trouble A fake npm package posing as Postmark's MCP (Model Context Protocol) server silently stole potentially thousands of emails a day by adding a single line of code that secretly copied outgoing messages to an attacker-controlled address.…

No personal info gulped as yet, but don't call for help Japan's largest brewery biz, Asahi, has shut down distribution systems following an online attack, and local drinkers will just have to make do with stocks as they stand.…

Attackers make contact but negotiations fall on deaf ears Luxury London-based retailer Harrods is facing its second cybersecurity scandal in 2025, confirming criminals not only stole 430,000 customers' data in a fresh attack but have even made contact.…

Hundreds of thousands of workers in financial despair supported with landmark loan The UK government is stepping in with financial support for Jaguar Land Rover, providing it with a hefty loan as it continues to battle the fallout from a cyberattack.…

CRM giant denies security shortcomings as claims allege stolen data used for ID theft Updated  Salesforce is facing a wave of lawsuits in the wake of a cyberattack that exposed customer data.…

Operation Cronos didn’t kill LockBit – it just came back meaner Trend Micro has sounded the alarm over the new LockBit 5.0 ransomware strain, which it warns is "significantly more dangerous" than past versions due to its newfound ability to simultaneously target Windows, Linux, and VMware ESXi e...

The downstream consequences of Miljödata’s ransomware attack continue to affect major organizations Volvo North America is the latest large organization to announce attackers accessed employee data after a ransomware attack struck its HR system provider.…

CISA gives feds 24 hours to patch, NCSC urges rapid action as flaws linked to ArcaneDoor spies Cybersecurity agencies on both sides of the Atlantic are sounding the alarm over Cisco firewall vulnerabilities that are being exploited by an "advanced threat actor."…

Keeping Pyongyang's coffers full North Korean-linked crews connected to the pervasive IT worker scams have upped their malware game, using more advanced tools, including a backdoor that has much of the same code as Pyongyang's infamous Lazarus Group deploys.…

Images of toddlers and home addresses leaked in reprehensible landmark attack A cyber criminal crew has targeted Kido International, a preschool and daycare organization, leaking sensitive details about its pupils and their parents.…

Supermarket says the hack that shut down systems and emptied shelves has turned profits into losses The Co-operative Group has revealed the cyberattack that knocked its systems offline earlier this year will leave it nursing an £80 million hangover. …

If you recently got an email asking you to verify your credentials to a PyPI site, better change that password The Python Software Foundation warned users of a new string of phishing attacks using a phony Python Package Index (PyPI) website and asking victims to verify their account or face suspensi...

After air passenger travel hit across the Atlantic, organized crime agency strikes The UK's National Crime Agency has arrested a man as part of an investigation into a ransomware attack that disrupted airports around the world last weekend.…

Attackers hit jackpot after targeting Boyd Gaming Hotel and casino operator Boyd Gaming has disclosed a cyberattack to US regulators, warning that hackers may have stolen personal information belonging to employees and other individuals.…

Covid-style financial support? Nothing to confirm yet, say MPs The chair of the UK's business and trade committee says the situation at Jaguar Land Rover is likely to get "harder and harder over the next week or two," but stopped short of confirming that the government might intervene with financial...

Secret Service seizes 300-server network allegedly tied to nation-state hackers The US Secret Service has dismantled a network of SIM farms in and around New York City it claims was behind multiple incidents targeting senior government officials and had enough power to disrupt entire cellular networ...

With no idea when engines restart, families gear down on spending ahead of Christmas Jaguar Land Rover is extending the shutdown of its production plants another week in a move that experts say could cost the business in the multiple billions.…

Instead of job offers, victims get MiniJunk backdoor and MiniBrowse stealer Suspected Iranian government-backed online attackers have expanded their European cyber ops with fake job portals and new malware targeting organizations in the defense, manufacturing, telecommunications, and aviation sector...

Reeves points finger at Moscow in interview when authorities reckon it's local lads UK chancellor Rachel Reeves is blaming Moscow for Britain's latest cyber woes, an attribution that seems about as solid as wet cardboard given the trail of evidence pointing to attackers much closer to home.…

Not old enough to drink, old enough to be accused of causing millions in damage A teen surrendered to Las Vegas police and was booked on suspicion of breaking into multiple Las Vegas casino networks in 2023, as part of a series of hacks attributed to Scattered Spider.…

Airport staff revert to manual ops as travellers urged to use self-service check-in where possible The EU's cybersecurity agency today confirmed that ransomware is the cause of continued disruption blighting major airports across Europe.…

Automaker insists only names and emails exposed, no financials Car giant Stellantis is admitting that attackers targeted one of its third-party partners, spilling its own customers' details in the process.…

‘Cyber-attack’ on ticketing outfit Collins and cable cuts at Dallas ground hundreds of flights Technology problems hit the commercial aviation industry hard over the weekend, leading to hundreds of cancelled flights and myriad delays on both sides of the Atlantic.…

Unnamed org compromised with two malware sets An unknown attacker has abused a couple of flaws in Ivanti Endpoint Manager Mobile (EPMM) and deployed two sets of malware against an unnamed organization, according to the US Cybersecurity and Infrastructure Security Agency.…

Feds say gift card splurges tied suspect to multimillion-dollar ransomware crew Thalha Jubair, one of the two UK teens arrested on Tuesday and accused of being members of the notorious Scattered Spider cybercrime gang, allegedly played a role in bilking more than 100 organizations out of at least $1...

Vendor pulls plug on cloud backup feature, urges admins to reset passwords and re-secure devices SonicWall is telling some customers to reset passwords after attackers broke into its cloud backup service and accessed firewall configuration data.…

Three US medical centers fess up to serious breaches Cybercriminals broke in and stole nearly a million Americans' data in the space of a week, in the course of three digital burglaries at healthcare providers.…

Decisive action comes nearly a year after the attack and first arrest took place Two teenagers are set to appear in court today after being charged with offences related to the cyberattack on Transport for London (TfL) in August 2024.…

VC giant rebuilt boxes, patched holes, and says it’s beefed up security – but won’t say who did it Venture capital giant Insight Partners has confirmed that a January ransomware attack compromised the personal data of more than 12,000 people, including employees, former staff, and the firm's u...

As the Trump administration guts efforts to counter election disinfo The Russian troll farm that in the lead-up to the 2024 US presidential election posted a bizarro video claiming Democratic candidate Kamala Harris was a rhino poacher, is back with hundreds of new fake news websites serving up phon...

You didn't really trust the crims to keep their word, did you? Spiders don't change their stripes. Despite gang members' recent retirement claims, Scattered Spider hasn't exited the cybercrime business and instead has shifted focus to the financial sector, with a recent digital intrusion at a US ban...

Prosecutors say Conor Fitzpatrick's crimes caused 'incalculable' damage The founder of the popular cybercrime website BreachForums will spend three years in prison after previously being let off with a slap on the wrist.…

Pentesters confirm key system is safe but core products remain unavailable Brit telco Colt Technology Services says its recovery from an August cyberattack might not be completed until late November.…

Redmond names alleged ringleader, claims 5K+ creds stolen and $100k pocketed Microsoft has seized 338 websites associated with RaccoonO365 and identified the leader of the phishing service - Joshua Ogundipe - as part of a larger effort to disrupt what Redmond's Digital Crimes Unit calls the "fastest...

Talk about an inside job Google confirmed that miscreants created a fraudulent account in its Law Enforcement Request System (LERS) portal, which police and other government agencies use to ask for data about Google users.…

Intrusions bear the same hallmarks as recent Nx mess The npm platform is the target of another supply chain attack, with crims already compromising 187 packages and counting.…

Tech evolved from PoC to global campaign in under two months An attack called FileFix is masquerading as a Facebook security alert before ultimately dropping the widely used StealC infostealer and malware downloader on Windows machines.…

Latest extension to factory closures takes incident response into fourth week Jaguar Land Rover (JLR) has announced a further extension to its multi-site global shutdown, bringing its cyber-related downtime to nearly four weeks.…

Cautionary tale from the recent SonicWall attacks Failing to encrypt sensitive data leaves you wide open to attack. During the recent SonicWall attack spree, intruders bypassed multi-factor authentication (MFA) in at least one case, because a user's recovery codes were left sitting in a plaintext fi...

Bank says incident went undetected for over a year before discovery in June A US fintech biz is writing to nearly 700,000 customers because a former employee may have accessed or acquired their data after leaving the company.…

Kimsuky gang proves that with the right wording, you can turn generative AI into a counterfeit factory North Korean spies used ChatGPT to generate a fake military ID for use in an espionage campaign against a South Korean defense-related institution, according to new research.…

As post-cyberattack layoffs begin, labor org argues UK goverment should step in The UK's chief automotive workers' union is calling on the government to establish a Covid-esque furlough scheme for the thousands of individuals who face losing their jobs due to the cyber-related downtime at Jaguar Lan...

PLUS: Japan woos Micron, again; China launches chip dumping probe; Mitsubishi expands opsec empire; and more! Asia in Brief  Criminals appear to be moving cyber-scam centers to vulnerable countries.…

UK data watchdog says students behind most education cyberattacks The UK's data protection watchdog says more than half of cyberattacks in schools are caused by students, and that parents should act early to prevent their offspring from falling into the wrong crowds.…

Okta uncovers new phishing-as-a-service operation with 'multiple entities' falling victim Multiple attackers using a new phishing service dubbed VoidProxy to target organizations' Microsoft and Google accounts have successfully stolen users' credentials, multi-factor authentication codes, and sessio...

FastNetMon says 1.5 Gpps deluge from hijacked routers, IoT kit nearly drowned scrubbing shop A DDoS mitigation provider was given a taste of the poison it tries to prevent, after being smacked by one of the largest packet-rate attacks ever recorded – a 1.5 billion packets per second (1.5 Gpps) flo...

Ron Wyden urges FTC to probe failure to secure Windows after attackers used Kerberoasting to cripple Ascension Microsoft is back in the firing line after US Senator Ron Wyden accused Redmond of shipping "dangerous, insecure software" that helped cybercrooks cripple one of America's largest hospital ...