Cybersecurity Developments

Nearly 750K exposed after hacker attack on drug tester

The Alcohol & Drug Testing Service (TADTS) has announced that a cyberattack exposed hundreds of thousands of people, revealing data ranging from their names to biometrics. The company provides employee drug and alcohol testing services.

Attackers breached the company in early July 2024, and the TADTS security team caught up with cyber crooks five days later. According to a breach notification that the company sent to impacted individuals, the attackers managed to access and download company data.

China's spy agency criticizes foreign attempts to 'steal' rare Earth resources

China's Ministry of State Security on Friday said foreign spy agencies had tried to "steal" rare earths and pledged to crack down on infiltration and espionage targeted at its critical mineral sector.

Foreign intelligence agencies and their agents had colluded with "domestic lawbreakers" to steal rare earth-related items from China, posing a serious threat to China's national security, the spy agency said in a statement on its WeChat account without naming any specific country.

Microsoft Entra ID Vulnerability Let Attackers Escalate Privileges to Global Admin Role

A critical vulnerability in Microsoft Entra ID allows attackers to escalate privileges to the Global Administrator role through the exploitation of first-party applications.

The vulnerability, reported to Microsoft Security Response Center (MSRC) in January 2025, affects organizations using hybrid Active Directory environments with federated domains.

Meta investors, Zuckerberg settle $8 billion privacy lawsuit tied to Cambridge Analytica scandal

Meta investors on Thursday announced they have settled a long-running lawsuit alleging that CEO Mark Zuckerberg and other current and former company executives mishandled the Cambridge Analytica data privacy scandal.

Shareholders had sought $8 billion in damages, but the settlement terms are unclear, Bloomberg Law reported.

Russian vodka producer reports disruptions after ransomware attack

More than 2,000 WineLab liquor stores across Russia have remained shut for three days following a ransomware attack on their parent company, one of Russia’s largest alcohol producers.

The attack crippled parts of the Novabev Group’s infrastructure, affecting WineLab’s point-of-sale systems and online services. The company confirmed that the attackers had demanded a ransom but said it refused to negotiate.

Armenian, Ukrainian nationals among Ryuk ransomware actors facing US hacking charges

The U.S. is taking legal action against several hackers allegedly behind the Ryuk ransomware.

Armenian national Karen Serobovich Vardanyan, 33, was extradited from Ukraine last month and now faces up to five years in prison for his role in Ryuk, prosecutors said on Wednesday.

Co-op CEO acknowledges personal data has been stolen from all 6.5M Co-op Group members

Shirine Khoury-Haq, CEO of the Co-op Group, has confirmed that all of its 6.5 million members had their data stolen in a recent cyberattack.

Khoury-Haq declares that full names, home addresses, email addresses, phone numbers, and dates of birth were stolen. The attackers didn’t succeed in exfiltrating financial data, purchase history, or other transaction data, she added.

Hacker steals $27 million in BigONE exchange crypto breach

Cryptocurrency exchange BigONE disclosed that hackers stole various digital assets valued at $27 million in an attack yesterday.

The platform announced that private keys and user data remain unaffected by the intrusion and any customers that incurred losses will be reimbursed from available reserves.

Major UK leak exposes identities of spies, not just Afghans who helped Britain

A secret court order was partly lifted today, revealing that a major data leak exposed the identities of British special forces and intelligence officers in addition to the thousands of Afghans who had worked with the UK, which was reported earlier.

The leak happened in February 2022, when someone at UK Special Forces headquarters accidentally sent a sensitive database outside the government. The database included the personal details of more than 100 British officials.

Google sues to disrupt BadBox 2.0 botnet infecting 10 million devices

Google has filed a lawsuit against the anonymous operators of the Android BadBox 2.0 malware botnet, accusing them of running a global ad fraud scheme against the company's advertising platforms.

The BadBox 2.0 malware botnet is a cybercrime operation that utilizes infected Android Open Source Project (AOSP) devices, including smart TVs, streaming boxes, and other connected devices that lack security protections, such as Google Play Protect.

Popular fitness app Fitify exposes 138K user progress photos

Fitify’s publicly accessible Google cloud storage bucket has exposed hundreds of thousands of files. Some of the files were user-uploaded progress pictures that individuals upload to track their body changes over time. After Cybernews contacted the company, the unprotected instance was closed.

“It is also worthwhile to note that 'progress pictures' and ‘body scans’ are often captured with minimal clothing to better showcase the progress of weight loss and muscle growth. Therefore, most of the leaked images might be of the types that users normally would like to keep private and not share with anyone on the internet,” the team said.

VMware fixes four ESXi zero-day bugs exploited at Pwn2Own Berlin

VMware fixed four vulnerabilities in VMware ESXi, Workstation, Fusion, and Tools that were exploited as zero-days during the Pwn2Own Berlin 2025 hacking contest in May 2025.

Three of the patched flaws have a severity rating of 9.3, as they allow programs running in a guest virtual machine to execute commands on the host. These flaws are tracked as CVE-2025-41236, CVE-2025-41237, and CVE-2025-41238.

Cisco Warns of Critical ISE Flaw Allowing Unauthenticated Attackers to Execute Root Code

Cisco has disclosed a new maximum-severity security vulnerability impacting Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) that could permit an attacker to execute arbitrary code on the underlying operating system with elevated privileges.

Tracked as CVE-2025-20337, the shortcoming carries a CVSS score of 10.0 and is similar to CVE-2025-20281, which was patched by the networking equipment major late last month.

Possible cross-chain crypto laundering exceeds $21.8B as criminals try to cover tracks

Crypto criminals are increasingly moving their illicit assets across different blockchains in an attempt to cover their tracks, a new report has found.

The estimated total value of such "cross-chain criminal and high-risk activity" has exceeded $21.8 billion, compared with $7 billion in 2023 and $4 billion in 2022, blockchain analysis firm Elliptic said in its State of Cross-chain Crime in 2025 report.

Chinese Hackers Target Taiwan's Semiconductor Sector with Cobalt Strike, Custom Backdoors

The Taiwanese semiconductor industry has become the target of spear-phishing campaigns undertaken by three Chinese state-sponsored threat actors.

"Targets of these campaigns ranged from organizations involved in the manufacturing, design, and testing of semiconductors and integrated circuits, wider equipment and services supply chain entities within this sector, as well as financial investment analysts specializing in the Taiwanese semiconductor market," Proofpoint said in a report published Wednesday.

NCA officer jailed for stealing and laundering 50 BTC: how was it recovered?

A former UK National Crime Agency (NCA) officer has been jailed for five and a half years for stealing 50 bitcoins, which are now worth almost $6 million. The cryptocurrency was seized as criminal property during the Silk Road 2.0 investigation. The bitcoin was traced despite being laundered through a “mixer.”

Paul Chowles, 42, was part of the NCA investigation, who later executed a shocking betrayal.

TikTok, AliExpress, and WeChat violate EU privacy laws, data protection group claims

The Austrian digital rights and data protection advocate has filed complaints against popular Chinese companies over a lack of data transparency.

The Austrian data protection group, noyb, filed complaints against Chinese companies TikTok, AliExpress, and WeChat for failing to comply with EU data regulations.

Amid border dispute, Thailand goes after Cambodian tycoon over alleged cyber scam ties

Thai police raided seven properties on Tuesday allegedly connected to a prominent Cambodian senator and tycoon accused of involvement in the online scamming industry.

The raids were the latest action taken against the politically connected businessman, Kok An, amid a deepening diplomatic row between Cambodia and Thailand.

Co-op confirms data of 6.5 million members stolen in cyberattack

UK retailer Co-op has confirmed that personal data of 6.5 million members was stolen in the massive cyberattack in April that shut down systems and caused food shortages in its grocery stores.

Co-op (short for the Co-operative Group) is one of the United Kingdom's largest consumer co-operatives, operating food stores, funeral services, insurance, and legal services. It is owned by millions of members who receive discounts on services and share in the company's governance.

Hackers Started Exploiting CitrixBleed 2 Vulnerability Before Public PoC Disclosure

Researchers detected an active exploitation of CVE-2025-5777, dubbed CitrixBleed 2, nearly two weeks before a public proof-of-concept surfaced.

Initial reconnaissance and attack patterns were first observed on June 23, while the PoC was not released until July 4. This early exploitation underscores the need for proactive threat intelligence and rapid patch management.

Louis Vuitton says regional data breaches tied to same cyberattack

Luxury fashion giant Louis Vuitton confirmed that breaches impacting customers in the UK, South Korea, and Turkey stem from the same security incident, which is believed to be linked to the ShinyHunters extortion group.

"Despite all security measures in place, on July 2, 2025, we became aware of a personal data breach resulting from the exfiltration of certain personal data of some of our clients following an unauthorized access to our system," reads Louis Vuitton's data breach notifications sent to customers.

UnitedHealth-Linked Health Tech Firm Episource Breach Hits 5.4M Patients

Episource, a company specialising in medical billing, is currently informing more than 5.4 million individuals across the United States that their personal and health information was stolen in a cyberattack earlier this year.

This incident, impacting a significant number of Americans, stands as a major healthcare data breach reported in 2025 so far, according to data from the US Department of Health and Human Services.

Europol disrupts pro-Russian NoName057(16) DDoS hacktivist group

An international law enforcement operation dubbed "Operation Eastwood" has targeted the infrastructure and members of the pro-Russian hacktivist group NoName057(16), responsible for distributed denial-of-service (DDoS) attacks across Europe, Israel, and Ukraine.

Operation Eastwood was led by Europol and Eurojust with support from 12 countries. It took place on July 15, 2025, and targeted the systems and individuals behind the group's activities.

Cloudflare says 1.1.1.1 outage not caused by attack or BGP hijack

To quash speculation of a cyberattack or BGP hijack incident causing the recent 1.1.1.1 Resolver service outage, Cloudflare explains in a post mortem that the incident was caused by an internal misconfiguration.

The outage occurred on July 14 and impacted most users of the service all over the world, rendering internet services unavailable in many cases.

Google Releases Critical Chrome Update for CVE-2025-6558 Exploit Active in the Wild

Google on Tuesday rolled out fixes for six security issues in its Chrome web browser, including one that it said has been exploited in the wild.

The high-severity vulnerability in question is CVE-2025-6558 (CVSS score: 8.8), which has been described as an incorrect validation of untrusted input in the browser's ANGLE and GPU components.

Most cyber incidents stem from the same 10% of employees, study finds

Have you ever clicked on a phishing link at work? If so, you’re likely to make further cybersecurity mistakes, and your employer should make “right interventions.” New data reveals that just a small fraction of employees are responsible for the majority of risky cybersecurity behavior.

According to a report by Living Security, a human risk management platform, just 10% of employees will drive almost three-quarters (73%) of cyber risks.

Google spots tailored backdoor malware aimed at SonicWall appliances

Threat actors are stealing sensitive data from organizations by breaching end-of-life appliances made by cybersecurity company SonicWall.

Incident responders from Google Threat Intelligence Group (GTIG) and Mandiant said on Wednesday that they have uncovered an ongoing campaign by an unidentified threat group that leverages credentials and one-time password (OTP) seeds stolen during previous intrusions — allowing the hackers to regain access to organizations even after security updates are installed.

Ukraine-aligned hackers claim cyberattack on major Russian drone supplier

Ukrainian military intelligence and allied hacker groups said they carried out a large-scale cyberattack against a major Russian drone supplier, disrupting its operations.

Ukraine’s military intelligence agency (HUR) confirmed the attack and its involvement in a statement sent to local media. The agency claimed that the operation had paralyzed Gaskar’s accounting systems, production software and internet infrastructure.

Senate panel passes Intelligence Authorization Act that takes aim at telecom hacks

The Senate Intelligence Committee on Tuesday approved an annual intelligence authorization bill that aims to augment defenses against digital espionage campaigns like the recent China-linked attack that penetrated multiple U.S. telecommunications networks.

The measure aims to prevent compromise of U.S. telecommunications through strengthening network security by establishing “baseline cybersecurity requirements for vendors of telecommunications services” to the country’s 18 intelligence agencies, according to a summary of the bill released by the panel.

Police disrupt “Diskstation” ransomware gang attacking NAS devices

An international law enforcement action dismantled a Romanian ransomware gang known as 'Diskstation,' which encrypted the systems of several companies in the Lombardy region, paralyzing their businesses.

Diskstation is a ransomware operation that targets Synology Network-Attached Storage (NAS) devices, which are commonly used by companies for centralized file storage and sharing, data backup and recovery, and general content hosting.

North Korean XORIndex malware hidden in 67 malicious npm packages

North Korean threat actors planted 67 malicious packages in the Node Package Manager (npm) online repository to deliver a new malware loader called XORIndex to developer systems.

The packages collectively count more than 17,000 downloads and were discovered by researchers at package security platform Socket, who assess them to be part of the continued Contagious Interview operation.

Former US soldier pleads guilty to hacking telecom companies

A former US Army soldier has pleaded guilty to hacking telecommunications companies' databases, stealing records, and demanding ransoms for the stolen data, the US Department of Justice said.

According to the DOJ, Cameron John Wagenius, 21, defrauded at least 10 organizations by obtaining login credentials for their private computer networks, stealing data, and then attempting to extort at least $1 million from them.

US National Guard severely hacked by Salt Typhoon in 2024

A US state's Army National Guard network was thoroughly hacked by a Chinese cyberespionage group nicknamed "Salt Typhoon," according to a Department of Homeland Security memo.

The memo obtained by Property of the People, a national security transparency nonprofit, said the hackers "extensively compromised" the unnamed state Army National Guard's network between March and December 2024 and exfiltrated maps and "data traffic" with counterparts' networks in "every other US state and at least four US territories."

This is what you should include in your password to make it uncrackable

The cybersecurity team at Specops analyzed 10 million real passwords pulled from a massive database of over a billion compromised credentials. The team then slapped those 10 million passwords onto a heatmap of length vs complexity.

15 characters or more, with at least two different character classes (letters, numbers, symbols), bumps up the number of possible combinations into trillions and beyond. These numbers make even high-end cracking farms start to sweat, pushing the expected crack time from hours into years or centuries.

NSA: Volt Typhoon was ‘not successful’ at persisting in critical infrastructure

Senior cybersecurity officials at the National Security Agency and FBI said the agencies have been successful in addressing some of the Chinese cyber campaigns targeting critical infrastructure in the U.S.

“The good news is, they really failed. They wanted to persist in domestic networks very quietly for a very long time so that if and when they needed to disrupt those networks, they could. They were not successful in that campaign,” Kristina Walter, director of the NSA’s Cybersecurity Collaboration Center said.

UK's NCA disputes claim it's nearly three times less efficient than the FBI

The UK's National Crime Agency (NCA) has hit back at a think tank after it assessed its US counterpart, the FBI, to be nearly three times more effective.

"Arrest figures alone are not an authoritative measure of impact, and while both are national law enforcement bodies, the remits of the NCA and FBI are substantially different," they added.

UK launches vulnerability research program for external experts

UK's National Cyber Security Centre (NCSC) has announced a new Vulnerability Research Initiative (VRI) that aims to strengthen relations with external cybersecurity experts.

The agency already conducts internal vulnerability research on a wide range of technologies and will continue to do so. However, the launch of VRI will create a parallel program designed to improve discovery and sharing of critical insights with the community more expeditiously.

NCSC: “Act now to prepare your organization for Windows 11 upgrade”

The United Kingdom’s National Cyber Security Centre (NCSC) is telling business owners and organizations they’d better get into action to meet the new hardware standards and prioritize security before Autumn 2025.

Microsoft’s operating system, Windows 10, has been around for more than a decade. After October 14th, 2025, the Redmond-based tech company will no longer offer free software and security updates, technical assistance, or bug fixes for Windows 10.

Exploited Wing file transfer bug risks ‘total server compromise,’ CISA warns

A vulnerability in products from the file transfer company Wing FTP Server is being actively exploited, the Cybersecurity and Infrastructure Security Agency (CISA) warned Monday.

In the CVE entry, CISA said the bug carries a 10 out of 10 severity score and “guarantees a total server compromise. The agency confirmed industry reports of exploitation, adding it to the Known Exploited Vulnerabilities (CVE) catalog and ordering all federal civilian agencies to patch the bug by August 4.”

Piracy sites for Nintendo Switch, PS4 games taken down by FBI

The FBI took down multiple websites used by gamers to illegally download popular titles for platforms like Nintendo Switch and PlayStation 4.

Last week, the FBI’s Atlanta field office announced the seizure of nsw2u.com, nswdl.com, game-2u.com, bigngame.com, ps4pkg.com, ps4pkg.net and mgnetu.com — placing FBI banners on all of the sites.

Federal IT contractor to pay $14.75 million fine over ‘cyber fraud’ allegations

A Maryland-based company supplying IT services to the U.S. government has agreed to a $14.75 million fine to settle alleged violations of its contracts with federal agencies.

Hill Associates is accused of billing for personnel who did not have the required amount of experience or education stipulated within the contract. The Department of Justice also alleged that Hill Associates had billed for cybersecurity services that were out of the scope of its contract.

eSIM Vulnerability in Kigen's eUICC Cards Exposes Billions of IoT Devices to Malicious Attacks

Cybersecurity researchers have discovered a new hacking technique that exploits weaknesses in the eSIM technology used in modern smartphones, exposing users to severe risks.

The issues impact the Kigen eUICC card. According to the Irish company's website, more than two billion SIMs in IoT devices have been enabled as of December 2020.

Wing FTP Server Vulnerability Actively Exploited – 2000+ Servers Exposed Online

Security researchers have confirmed active exploitation of a critical vulnerability in Wing FTP Server, just one day after technical details were publicly disclosed.

The flaw, tracked as CVE-2025-47812, has received the maximum CVSS score of 10.0 and enables unauthenticated remote code execution with root or SYSTEM privileges.

Louis Vuitton Data Breach Hits Customers in Several Countries

Customers of the French luxury retailer Louis Vuitton are being notified of a data breach that appears to impact people in several countries.

Data breach notifications have been published on Louis Vuitton websites or privately sent out for customers in the United Kingdom, South Korea, and Turkey. Other countries may be impacted as well. The cyberattack resulted in the theft of information such as name, contact information, and other data shared by customers.

Gigabyte motherboards vulnerable to UEFI malware bypassing Secure Boot

Dozens of Gigabyte motherboard models run on UEFI firmware vulnerable to security issues that allow planting bootkit malware that is invisible to the operating system and can survive reinstalls.

The vulnerabilities could allow attackers with local or remote admin permissions to execute arbitrary code in System Management Mode (SMM), an environment isolated from the operating system (OS) and with more privileges on the machine.

UK replaces US as “No. 1 target” for Russian cyberattacks

Russia has shifted the focus of its cyberattacks to the UK, with Russian President Vladimir Putin reportedly seeking to avoid offending his US counterpart, Donald Trump.

Britain has become the new “No. 1 target” for Russian cyberattacks and espionage, as President Putin seeks to avoid provoking his US counterpart and as UK Prime Minister Keir Starmer’s international profile rises, according to The Times.

Saudi industrial services group breached, hackers claim

Rezayat Group, a multibillion-dollar industrial services provider based in Saudi Arabia, has been posted on a dark web leak site. Hackers claim they’ve obtained several gigabytes of data from the company.

Rezayat, which consists of 25 companies operating in engineering, manufacturing, logistics, and other sectors, was allegedly hit by the Everest ransomware cartel. The gang posted the company on its leak site, which it uses to showcase its latest victims.

CBI Shuts Down £390K U.K. Tech Support Scam, Arrests Key Operatives in Noida Call Center

India's Central Bureau of Investigation (CBI) has announced that it has taken steps to dismantle what it said was a transnational cybercrime syndicate that carried out "sophisticated" tech support scams targeting citizens of Australia and the United Kingdom.

The fraudulent scheme is estimated to have led to losses worth more than £390,000 ($525,000) in the United Kingdom alone.

Albemarle latest Virginia county hit with ransomware

Phone and technology outages that plagued Albemarle County last month were caused by a ransomware attack, officials said in a statement on Friday.

The county warned residents that it “appears likely” the hackers accessed the data of local government and public school employees — including their driver’s license numbers, Social Security numbers, passport numbers, military IDs and more.

TikTok under new Irish investigation after admitting EU user data reached China

The Data Protection Commission (DPC) has announced that it will launch a new investigation into TikTok’s transfer of European users’ personal data to servers in China.

The inquiry follows the DPC’s decision of April 30th, 2025, which also considered TikTok’s transfers of European users’ personal data to China under a separate inquiry.

Louis Vuitton Hacked – Attackers Stolen Customers Personal Data

Luxury fashion giant Louis Vuitton has confirmed a significant data breach affecting UK customers, marking the third cybersecurity incident to hit parent company LVMH in recent months.

According to Dior’s statement, the unauthorized third-party attackers successfully infiltrated Louis Vuitton’s UK operational systems through what security experts classify as a SQL injection or credential stuffing attack.

Hackers Inject Malware Into Gravity Forms WordPress Plugin

Two trojanized versions of the Gravity Forms WordPress plugin were distributed through the official download page following a supply chain attack.

The malicious activity related to Gravity Forms was flagged on July 11, after Patchstack received a report that the plugin made an HTTP request to a suspicious domain that was created on July 8.

Google Gemini flaw hijacks email summaries for phishing

Google Gemini for Workspace can be exploited to generate email summaries that appear legitimate but include malicious instructions or warnings that direct users to phishing sites without using attachments or direct links.

Such an attack leverages indirect prompt injections that are hidden inside an email and obeyed by Gemini when generating the message summary.

CISA orders agencies to immediately patch Citrix Bleed 2, saying bug poses ‘unacceptable risk’

The federal cybersecurity watchdog ordered all civilian agencies to immediately patch a vulnerability impacting several NetScaler products used by organizations to manage network traffic.

The Cybersecurity and Infrastructure Security Agency (CISA) added the bug — tracked as CVE-2025-5777 — to its catalog of known exploited vulnerabilities on Thursday afternoon but took the extraordinary step of giving federal civilian agencies just one day to patch it.

Hacker returns cryptocurrency stolen from GMX exchange after $5 million bounty payment

The person behind a $42 million theft from decentralized exchange GMX has returned the stolen cryptocurrency in exchange for a $5 million bounty.

The person behind the theft began transferring the funds in $5 million chunks, according to several blockchain security companies, eventually transferring about $40.5 million worth of cryptocurrency to GMX accounts. Despite the bounty agreement, the hacker behind the incident could still face legal liability if identified.

Spain awards Huawei contracts to manage intelligence agency wiretaps

The Spanish government is using Huawei to manage and store judicially authorized wiretaps in the country used by both law enforcement and intelligence services, despite concerns about how the Chinese government could compel Huawei to assist Beijing with its own intelligence activities.

The Ministry of the Interior officially awarded Huawei a €12.3 million ($14.3 million) contract following a standard public procurement process, as first reported by Spanish digital newspaper The Objective.

Major security flaws found in Adobe PDF reader and ASUS system controller

Cisco’s cybersecurity division, Talos, has uncovered a new batch of vulnerabilities lurking inside widely used software: Asus Armoury Crate and Adobe Acrobat Reader.

Four flaws were found in total, split evenly between the two platforms. Now, patched vulnerabilities could have served attackers in hijacking systems, stealing data, or escalating user privileges.

Former Mexican president investigated over allegedly taking bribes from spyware industry

Mexican Attorney General Alejandro Gertz Manero announced Tuesday that he has launched a probe into allegations that former Mexican President Enrique Peña Nieto took bribes from Israeli businessmen who allegedly paid him as much as $25 million to secure government contracts for spyware and other technology.

The investigation comes in response to an account in the Israeli business publication TheMarker.

Windows 11 now uses JScript9Legacy engine for improved security

Microsoft announced that it has replaced the default scripting engine JScript with the newer and more secure JScript9Legacy on Windows 11 version 24H2 and later.

The decision is driven by security concerns, as JScript9Legacy is expected to offer better protection against web threats, such as cross-site scripting (XSS), and also improved performance.

Ex-ASML engineer who stole chip tech for Russia gets three years in Dutch prison

A former ASML and NXP semiconductor engineer will spend three years in a Dutch prison after stealing secret chip technology from his employers and sharing it with Russia.

While the Dutch court documents don't name the defendant, earlier media reports claim the perpetrator was a Russian national named German Aksenov, and report that he sold the corporate data to Russia's FSB intelligence service.

Security pros run a 36-hour war room to close a critical DeFi backdoor, likely installed by North Korean hackers

Security researchers said they've closed a critical backdoor on "thousands" of smart contracts before a threat actor managed to hit a large target.

Deebeez, a security researcher at Venn Network, a developer of a decentralized firewall, said the North Korea state-sponsored hacker group Lazarus is suspected of planting the backdoor, which was spotted by Venn on July 8th due to anomalous transactions.

Police raids lead to the arrest of 13 suspects in British taxpayer phishing scam

Romanian police have raided the homes of more than a dozen suspects on Thursday in connection with a targeted phishing scam that siphoned £47 million from British taxpayers.

The thirteen suspects are accused of stealing the personal information of more than 100,000 Brits, and then illegally accessing at least 1,000 HMRC taxpayer accounts to claim tens of millions in fraudulent government payments, the Romanian Police’s Economic Crimes Investigation Directorate said.

Millions of Cars Exposed to Remote Hacking via PerfektBlue Attack

Researchers at penetration testing and threat intelligence firm PCA Cyber Security (formerly PCAutomotive) have discovered that critical vulnerabilities affecting a widely used Bluetooth stack could be exploited to remotely hack millions of cars.

The researchers conducted an analysis of the BlueSDK Bluetooth framework developed by OpenSynergy and found several vulnerabilities, including ones that enable remote code execution, bypassing security mechanisms, and information leaks.

Breach of legendary Chicago radio station exposes financial data, contracts, hackers claim

WFMT, a well-known Chicago-based radio station, was allegedly breached by a hacker group. The attackers claim they’ve taken a trove of sensitive personal and business information.

The classical music radio station was posted on Play ransomware‘s dark web blog, which the cyber cartel uses to showcase its latest victims. In an attempt to coax the victim to meet ransom demands, the gang claims to have released part of the supposedly stolen data.

Russian basketball player arrested in France over alleged ransomware ties

A Russian professional basketball player has been arrested in France at the request of the United States, which reportedly accused him of being involved in a ransomware group that allegedly targeted hundreds of American companies and federal institutions.

Daniil Kasatkin, 26, was detained in June at Paris’s Charles de Gaulle Airport shortly after arriving in the country with his fiancée, according to local media reports. He is currently being held in extradition custody, with a U.S. warrant reportedly issued against him. Kasatkin previously studied and played basketball in the U.S., at Penn State University.

Four arrested by UK police over ransomware attacks on M&S, Co-op and Harrods

Four individuals in Britain were arrested early on Thursday morning by the National Crime Agency on suspicion of involvement in a range of ransomware attacks targeting the British retail sector earlier this year.

All four are now in custody having been arrested at home, and the NCA said its officers have seized their electronic devices for forensic analysis.

Palo Alto Networks GlobalProtect Vulnerability Allows Root User Privilege Escalation

Palo Alto Networks has disclosed a critical security vulnerability in its GlobalProtect VPN application that enables locally authenticated users to escalate their privileges to root access on macOS and Linux systems, or NT AUTHORITY\SYSTEM on Windows machines.

The vulnerability, classified as an incorrect privilege assignment flaw, poses significant security risks.

Pakistan’s Transparent Tribe Hits Indian Defence with Linux Malware

A sophisticated cyber espionage operation, believed to be run by a group known as APT36 (also called Transparent Tribe), is now targeting Indian defence personnel and organizations.

This Pakistan-based group is targeting systems running BOSS Linux (Bharat Operating System Solutions), an Indian Linux distribution based on Debian commonly used by Indian government agencies.

German court rules Meta tracking technology violates European privacy laws

A German court has ruled that Meta must pay €5,000 ($5,900) to a German Facebook user who sued the platform for embedding tracking technology in third-party websites — a ruling that could open the door to large fines down the road over data privacy violations relating to pixels and similar tools.

The Regional Court of Leipzig in Germany ruled Friday that Meta tracking pixels and software development kits embedded in countless websites and apps collect users’ data without their consent and violate the continent’s General Data Protection Regulation (GDPR).

Qantas confirms data breach impacts 5.7 million customers

Australian airline Qantas has confirmed that 5.7 million people have been impacted by a recent data breach, in which threat actors stole customers' data.

Qantas warns that these counts are based on unique email addresses, and customers may have multiple accounts with different emails.

Qantas says they are now contacting customers whose data was stolen and have implemented additional safeguards to protect customers' data.

Nippon Steel Solutions suffered a data breach following a zero-day attack

Nippon Steel Solutions, a subsidiary of Japan’s Nippon Steel, disclosed a data breach, attackers exploited a zero-day vulnerability. The company provides cloud and cybersecurity services.

“We have recently discovered that our company’s internal network was subject to unauthorized access (zero-day attack) due to a software vulnerability, and that some of the personal information of our customers, partners, and employees held by our company may have been leaked to the outside. We deeply apologize for the great inconvenience and concern this incident has caused to our business partners and other related parties.” reads the data breach notice pubblished by the company

McDonald’s AI Hiring Bot With Password ‘123456’ Leaks Millions of Job-Seekers Data

A severe security vulnerability in McDonald’s AI-powered hiring system has exposed the personal information of potentially 64 million job applicants to unauthorized access.

Security researchers Ian Carroll and Sam Curry discovered that the McHire platform, built by artificial intelligence software firm Paradox.ai, suffered from elementary security flaws that allowed hackers to access applicant databases using credentials as simple as the username and password “123456.”

Microsoft Confirms Teams Outage for Users, Investigation Underway – Updated

Microsoft acknowledged a significant outage affecting its popular communication platform, Microsoft Teams, leaving numerous users unable to access critical services.

Microsoft first reported the disruption earlier today, stating that some users might be experiencing difficulties with Microsoft Teams. The outage has impacted individuals and organizations relying on the platform for remote work, virtual meetings, and real-time collaboration.

Microsoft confirms Windows Server Update Services (WSUS) sync is broken

Microsoft has confirmed a widespread issue in Windows Server Update Services (WSUS) that prevents organizations from syncing with Microsoft Update and deploying the latest Windows updates.

Since last night, Windows admins have reported that WSUS synchronization is broken, with event logs showing "A connection attempt failed" or .NET errors stating, "The operation has timed out," when syncs were attempted.

Fake CNN and BBC sites used to push investment scams

Cybercriminals are faking popular news websites such as CNN, BBC and CNBC to trick people into investing in fraudulent cryptocurrency schemes, according to a new report.

Researchers at Bahrain-based cybersecurity firm CTM360 said they identified more than 17,000 such sites, which publish fake stories featuring prominent public figures, including national leaders and central bank governors.

More than $40 million stolen from GMX crypto platform

Decentralized exchange GMX said more than $40 million worth of cryptocurrency was stolen during an incident on Wednesday morning.

Several blockchain security companies confirmed the theft, tracking about $43 million in user funds exiting the platform. Trading on the platform has been disabled.

Qantas begins telling some customers that mystery attackers have their home address

Qantas says that when cybercrooks attacked a "third party platform" used by the airline's contact center systems, they accessed the personal information and frequent flyer numbers of the "majority" of the circa 5.7 million people affected.

The Aussie airline said today this personal information includes names and/or email addresses, and warned frequent flyer numbers, customer tiers, status credits, and points balances might also be compromised.

Ingram Micro starts restoring systems after ransomware attack

Ingram Micro has begun restoring systems and business services after suffering a massive SafePay ransomware attack right before the July 4th holiday.

"Subscription orders, including renewals and modifications, are available globally and are being processed centrally via Ingram Micro's support organization," Ingram Micro announced on Monday.

Iranian hacktivists target Iran's only independent news outlet, threaten London journalists

Iran International, one of the nation's only sources of independent news, is allegedly hit by a massive breach on Tuesday, carried out by the pro-Tehranian hacktivist group known as Handala. Now, the group has begun to threaten the outlet's top journalists.

The hacker group took to its dark leak blog and Telegram channel Tuesday morning, claiming a large-scale cyberattack on the news outlet, boasting that it has compromised the identities of both its readers and the staff who work there.

Massive browser hijack: extensions turn Trojan and infect 2.3M Chrome and Edge users

Eighteen extensions had a “squeaky clean” codebase, sometimes for years, until a version bump turned them into dangerous trojans without any user input. Security researchers warn that over 2.3 million users have just been compromised, but there are many more extensions lurking.

The sophisticated campaign, dubbed RedDirection, has infected over 2.3 million users across Chrome and Edge, making it one of the largest browser hijacking operations

CISA Adds Four Critical Vulnerabilities to KEV Catalog Due to Active Exploitation

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.

CVE-2014-3931, CVE-2016-10033, CVE-2019-5418, and CVE-2019-9621 are the four vulnerabilities that require immediate patching to prevent cyberattacks.

M&S confirms social engineering led to massive ransomware attack

M&S confirmed today that the retail outlet's network was initially breached in a "sophisticated impersonation attack" that ultimately led to a DragonForce ransomware attack.

M&S chairman Archie Norman revealed this in a hearing with the UK Parliament's Business and Trade Sub-Committee on Economic Security regarding the recent attacks on the retail sector in the country.

Treasury sanctions key player behind North Korean IT worker scheme

A senior official within North Korea’s Reconnaissance General Bureau (RGB) was sanctioned by the United States on Tuesday for his role in facilitating the IT worker scheme in China and Russia.

Song Kum Hyok, a cyber actor associated with North Korea’s Andariel hacking group, helped provide North Korean IT workers with stolen U.S. identities that were used to obtain employment

Microsoft July 2025 Patch Tuesday fixes one zero-day, 137 flaws

Microsoft's released July security updates, which includes security updates for 137 flaws, including one publicly disclosed zero-day vulnerability in Microsoft SQL Server

This Patch Tuesday also fixes fourteen "Critical" vulnerabilities, ten of which are remote code execution vulnerabilities, one is an information disclosure, and two are AMD side channel attack flaws.

Android malware Anatsa infiltrates Google Play to target US banks

The Anatsa banking trojan has sneaked into Google Play once more via an app posing as a PDF viewer that counted more than 50,000 downloads.

According to Threat Fabric researchers who spotted the latest campaign and reported it to Google, Anatsa shows users a fake message when they open the targeted apps, informing of a scheduled banking system maintenance.

Iranian ransomware group offers bigger payouts for attacks on Israel, US

An Iranian ransomware gang has ramped up operations amid heightened tensions in the Middle East, offering larger profit shares to affiliates who carry out cyberattacks against Israel and the U.S., researchers said.

The group, known as Pay2Key.I2P, is believed to be a successor to the original Pay2Key operation, which has been linked to Iran’s state-backed Fox Kitten hacking group.

Beware of Bert: New ransomware group targets healthcare, tech firms

A new ransomware group has been breaching organizations across Asia, Europe, and the U.S., with victims reported in the healthcare, technology and event services sectors, researchers have found.

The group, calling itself Bert, was first identified in April by researchers at cybersecurity firm Trend Micro, who detailed their findings in a report published Monday.

iPhone wingman app leaks 160K chat screenshots

The Cybernews research team recently discovered an unprotected Google Cloud Storage Bucket owned by Buddy Network GmbH, an iOS app developer.

The exposed data was attributed to one of the company’s projects, FlirtAI - Get Rizz & Dates, an app that intends to analyze screenshots that users provide, promising to suggest appropriate replies.

Gemini can read your WhatsApp texts. Here’s what to do about it

Starting July 7th, Android users may wake up to find that Google's Gemini AI can access their favorite apps, like WhatsApp, Messages, and Phone, even if they’ve previously opted out.

Unless users take explicit action, the AI assistant is getting cozy with third-party apps by default, thanks to a quiet policy update that Google framed as a "helpful" new feature.

Alexa, were you spying on us? Amazon faces class action lawsuit

Tens of millions of Alexa users have just got the green light to sue Amazon for allegedly recording their private conversations.

A federal judge in Seattle has ruled that tens of millions of Amazon Alexa users can unite in a massive class-action lawsuit accusing the tech behemoth of covertly recording their private conversations. Not disclosing that information properly violates Washington’s consumer protection law.

Alleged Chinese hacker tied to Silk Typhoon arrested for cyberespionage

A Chinese national was arrested in Milan, Italy, last week for allegedly being linked to the state-sponsored Silk Typhoon hacking group, which responsible for cyberattacks against American organizations and government agencies.

According to Italian media ANSA, the 33-year-old man, Xu Zewei, was arrested at Milan's Malpensa Airport on July 3rd after arriving on a flight from China. Italian police arrested the suspect on an international warrant from the U.S. government.

Qantas is being extorted in recent data-theft cyberattack

Qantas has confirmed that it is now being extorted by threat actors following a cyberattack that potentially exposed the data for 6 million customers.

"A potential cyber criminal has made contact, and we are currently working to validate this," Qantas shared in an updated statement.

Employee gets $920 for credentials used in $140 million bank heist

Hackers stole nearly $140 million from six banks in Brazil by using an employee's credentials from C&M, a company that offers financial connectivity solutions.

The incident reportedly occurred on June 30, after the attackers bribed the employee to give them his account credentials and perform specific actions that would help their operations.

IT company Ingram Micro says ransomware targeted internal systems

One of the U.S.'s biggest providers of IT products and services said it was hit with ransomware ahead of the July 4 holiday weekend.

Ingram Micro published a statement on Saturday saying it discovered “ransomware on certain of its internal systems,” which it immediately took offline.

Nearly 300,000 people were impacted by cyberattack on Nova Scotia Power

Canadian utility Nova Scotia Power is notifying about 280,000 people of a data breach that occurred following a cyberattack earlier this year.

In letters to victims, the company said an investigation revealed that hackers had access to critical systems from March 19 to April 25, allowing them to steal names, addresses, driver's license numbers, Canadian Social Insurance numbers, bank account details and troves of information from the Nova Scotia Power program

Russia’s St. Petersburg hit by major internet outage amid drone strike warnings

Residents of St. Petersburg, Russia, experienced a widespread mobile internet outage over the weekend.

The disruptions affected both consumers and businesses, with some cafes, shops and gas stations switching to cash transactions because they couldn’t process card or QR-code payments, according to media reports.

Trump confirms US-China talks on TikTok deal to start early next week

US President Donald Trump has announced plans to initiate discussions with China on Monday or Tuesday regarding a potential deal on the sale of TikTok.

“I think we’re gonna start Monday or Tuesday ... talking to China – perhaps President Xi or one of his representatives – but we would, we pretty much have a deal,” Trump told reporters on Air Force One.

Ingram Micro outage caused by SafePay ransomware attack

An ongoing outage at IT giant Ingram Micro is caused by a SafePay ransomware attack that led to the shutdown of internal systems, BleepingComputer has learned.

Since Thursday, Ingram Micro's website and online ordering systems have been down, with the company not disclosing the cause of the issues.

China-linked hackers spoof big-name brand websites to steal shoppers' payment info

Researchers have uncovered a sprawling network of fraudulent retail websites impersonating major global brands in an effort to steal payment data from online shoppers.

The campaign, which has been active for months, uses thousands of phishing websites that mimic the design and product listings of well-known retailers — including Apple, PayPal, Nordstrom, Hermes, and Michael Kors

SK Telecom stock downgraded to Sell by Goldman Sachs on data breach fallout

Goldman Sachs downgraded SK Telecom (NYSE:SKM) from Neutral to Sell and lowered its price target to KRW42,000.00 from KRW54,000.00 following the company’s recent data breach incident.

The Ministry of Science and ICT (MSIT) concluded its investigation on July 4, finding SK Telecom liable for the data breach that first surfaced in April.

Taiwan NSB Alerts Public on Data Risks from TikTok, Weibo, and RedNote Over China Ties

Taiwan's National Security Bureau (NSB) has warned that China-developed applications like RedNote (aka Xiaohongshu), Weibo, TikTok, WeChat, and Baidu Cloud pose security risks due to excessive data collection and data transfer to China.

The alert comes following an inspection of these apps carried out in coordination with the Ministry of Justice Investigation Bureau (MJIB) and the Criminal Investigation Bureau (CIB) under the National Police Agency.

Who gets promoted and fired? More than half of US managers use AI to decide

Almost all HR managers in the US use AI at work, and a majority of those rely on it to decide who gets promoted, gets a raise, or gets fired, a new survey has found.

The survey, which polled 1,342 managers, found that a startling 66% of managers consulted a large language model (LLM) such as ChatGPT for guidance on layoffs. A majority also use AI to determine raises (78%) and promotions (77%).

Hacker leaks Telefónica data allegedly stolen in a new breach

A hacker is threatening to leak 106GB of data allegedly stolen from Spanish telecommunications company Telefónica in a breach that the company did not acknowledge.

The threat actor has leaked a 2.6GB archive that unpacks into five gigabytes of data with a little over 20,000 files to prove that the breach occurred.

Police dismantles investment fraud ring stealing €10 million

The Spanish police have dismantled a large-scale investment fraud operation that caused cumulative damages exceeding $11.8 million (€10 million).

21 individuals were arrested, and the police agents also confiscated seven luxury vehicles and more than $1.5 million €1.3 million in cash and cryptocurrency.

Recruiting software maker exposes nearly 26M resumes

TalentHook, a cloud-based applicant tracking system, left a misconfigured instance open. It spilled tens of millions of job seekers’ CVs, full of personal details ranging from full names to home addresses.

The Cybernews research team has uncovered a misconfigured Azure Blob storage container with nearly 26 million files, most of which are US job seekers’ resumes.

BMW Financial Services entangled in cyber incident

BMW Financial Services was indirectly involved in a data breach affecting the third-party company AIS.

AIS, a Texas-based fintech firm, provided its monitoring and processing services and legal monitoring services to BMW Financial Services and its account holders during the breach.

Ford CEO: “AI is going to replace literally half of all white collar workers in the US”

Ford CEO Jim Farley has joined a growing number of executives warning that artificial intelligence (AI) may threaten millions of jobs.

“AI is going to replace literally half of all white collar workers,” Mr Farley said, speaking at the Aspen Ideas Festival on June 27th.

Microsoft shuts down 3,000 email accounts created by North Korean IT workers

Microsoft said it suspended 3,000 Outlook and Hotmail email accounts it believed were created by North Korean IT workers as part of a larger effort to help companies address the costly scheme.

The tech giant said it has spent years monitoring North Korea’s campaign to get its citizens hired in IT roles at U.S. companies and recently saw changes in how the campaign operates.

Virginia county says April ransomware attack exposed employee SSNs

Government employees working for the county of Gloucester in Virginia had Social Security numbers and other sensitive data stolen during a ransomware attack in April.

The county sent 3,527 current and former employees notices this week warning that their personal information was accessed by hackers who breached county systems on April 22.

Ransomware gang attacks German charity that feeds starving children

Deutsche Welthungerhilfe (WHH), the German charity that aims to develop sustainable food supplies in some of the world’s most impoverished countries, has been attacked by a ransomware gang.

The cybercriminals are attempting to sell data stolen from the charity for 20 bitcoin, equivalent to around $2.1 million.

Australia’s Qantas Confirms Cyberattack: 6 Million Service Records Compromised

Australia’s national carrier, Qantas Airways Limited, has revealed a cybersecurity incident. The Qantas cyberattack was traced to unauthorized access through a third-party customer service platform used by one of the airline’s contact centers.

“Qantas can confirm that a cyber incident has occurred in one of its contact centres, impacting customer data. The system is now contained.” The breach, described as criminal in nature, involved the targeting of a third-party system that stored service records for approximately six million customers.

Google Ordered to Pay $314M for Misusing Android Users' Cellular Data Without Permission

Google has been ordered by a court in the U.S. state of California to pay $314 million over charges that it misused Android device users' cellular data when they were idle to passively send information to the company.

"Google's unauthorized use of their cellular data violates California law and requires Google to compensate Plaintiffs for the value of the cellular data that Google uses for its own benefit without their permission.".

Louis Vuitton Korea says systems breach led to customer data leak

A systems breach at Louis Vuitton (LVMH.PA), opens new tab Korea in June led to the leak of some of customer data including contact information, but did not involve customers' financial information, the luxury brand's South Korea unit said on Friday.

“"We regret to inform that an unauthorized third party temporarily accessed our system resulting in the leak of some customer information," the unit said in a statement..

India - Max Financial arm Axis Max Life gets anonymous tip claiming data breach

Max Financial Services Limited disclosed that its material subsidiary, Axis Max Life Insurance Limited, has received a communication from an anonymous source claiming unauthorised access to certain customer data.

The company has launched a detailed investigation in consultation with information security experts to determine the root cause of the incident and to implement necessary remedial measures.