#WarLock ransomware claims a major breach at UK‑based telecom provider #Colt , offering 1M+ documents for sale at $200K, while #Hitachi briefly appeared then vanished from the leak site.
Read: https://hackread.com/warlock-ransomware-group-breach-colt-telecom-hitachi/
Netherlands Speed Cameras Offline Due to Russia-China Cyberattack
#cyberattack #outage #speedcameras
https://blazetrends.com/netherlands-speed-cameras-offline-due-to-russia-china-cyberattack/?fsp_sid=95215
Last year's cyberattack at UnitedHealth Group's tech unit, Change Healthcare, impacted 192.7 million people, the US health department's website showed on Thursday.
#US #cyberattack #hack #cybersecurity
https://cnews.link/192-million-impacted-united-health-change-healthcare-hack-1/
Thiruvananthapuram’s Sree Padmanabhaswamy Temple faces a cyberattack; officials report data leaks and system intrusion. Cyber police register case https://english.mathrubhumi.com/news/kerala/thiruvananthapurams-sree-padmanabhaswamy-temple-network-hacked-case-registered-p1al8pyr?utm_source=dlvr.it&utm_medium=mastodon #SreePadmanabhaswamyTemple #CyberAttack #Thiruvananthapuram
It's been a bit quiet over the last 24 hours, but we've got a critical update on the state of election security in the US. Let's dive in:
Election Security Fears Amidst CISA Cuts 🚨
- Election officials across the US are expressing grave concerns over the significant reduction in federal support from the Cybersecurity and Infrastructure Security Agency (CISA), fearing a resurgence of physical threats and cyberattacks in the 2026 election cycle.
- The article highlights a worrying trend of increased intimidation, doxxing, and even death threats against election workers, alongside the daunting prospect of local offices being left to defend against sophisticated nation-state cyber threats without CISA's expertise and threat intelligence sharing.
- Compounding these issues is the growing concern over misinformation, now amplified by AI, making it harder for officials to combat false narratives and maintain public trust, underscoring the critical need for robust federal partnerships that are now diminishing.
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/08/16/election_workers_fears_after_cisa_cuts/
#CyberSecurity #ElectionSecurity #CISA #ThreatIntelligence #InfoSec #Government #CyberAttack #Misinformation #AI #NationalSecurity
The 15th August was a busy day in the cyber world with significant updates on major breaches, evolving nation-state tactics, new vulnerabilities, and shifts in the regulatory landscape:
SAP Zero-Day Exploitation Widens ⚠️
- A zero-day vulnerability (CVE-2025-31324) in SAP NetWeaver, initially exploited by Chinese state-linked actors (Salt Typhoon, Volt Typhoon comparisons), is now being leveraged by ransomware gangs.
- The flaw, affecting the middleware layer, grants full remote access, allowing data modification, deletion, exfiltration, and even code execution, similar to the SolarWinds Orion attacks.
- Over 580 victims, primarily in the US, UK, and Saudi Arabia, including critical infrastructure, have been identified, with exploitation traced back to January 2025, indicating a significant dwell time.
🤫 CyberScoop | https://cyberscoop.com/sap-cyberattack-widens-drawing-salt-typhoon-and-volt-typhoon-comparisons/
Scattered Spider Targets US Retailers with DragonForce Ransomware 🚨
- The notorious Scattered Spider (UNC3944) gang, after a hiatus, has expanded its attacks from UK retailers (M&S, Co-op, Harrods) to major US retail organisations.
- The group is now deploying DragonForce ransomware, a new development as they previously relied on ALPHV/BlackCat and RansomHub.
- Organisations are experiencing disruption not just from direct ransomware deployment but also from self-inflicted outages as they take defensive measures like freezing authentication servers.
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/05/15/cyber_scum_attacking_uk_retailers/
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/05/15/dragonforce_ransomware_uk_retail_attacks/
Coinbase Extortion and Insider Threat 💸
- Coinbase is facing a $20 million extortion demand after cybercriminals bribed overseas support staff to steal customer data and internal documentation.
- While no private keys or funds were directly accessed, the stolen data (including names, addresses, masked SSNs, bank account numbers, and government IDs for up to 1% of customers) has been used in social engineering attacks to defraud users.
- Coinbase refused to pay the ransom, instead offering a $20 million bounty for information leading to the attackers' arrest and conviction, and plans to reimburse scammed customers, with total costs estimated between $180M-$400M.
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/05/15/coinbase_extorted_for_20m_support/
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/coinbase-discloses-breach-faces-up-to-400-million-in-losses/
Nova Scotia Power Data Breach ⚡
- Nova Scotia Power, a major Canadian utility, confirmed a data breach where sensitive customer information was stolen, including full names, phone numbers, email/mailing addresses, program participation, DOB, account history, driver's license numbers, SINs, and some bank account numbers.
- The breach was discovered on April 28, 2025, but forensic analysis revealed initial unauthorised access occurred on March 19, 2025, leading to a nearly two-month delay in customer notification.
- While no misuse of data has been detected, the company is offering two years of free credit monitoring to affected individuals and advises vigilance against phishing.
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/nova-scotia-power-confirms-hackers-stole-customer-data-in-cyberattack/
North Korea's Cyber Syndicate 🇰🇵
- A new DTEX Systems report characterises North Korea's cyber operations as a "mafia syndicate," driven by survivalist, profit-driven motivations, blurring lines between state-sponsored espionage and cybercrime.
- The regime employs a rigid hierarchy, including "Research Center 227" (an AI-driven cyber warfare unit), and uses false identities for operatives who infiltrate global companies, with hundreds successfully gaining remote work at Fortune 500 firms.
- This unique model involves money flowing upwards to the government, with internal competition and familial/school networks ensuring operational continuity and talent development, including AI-powered tools for phishing and exploitation.
🤫 CyberScoop | https://cyberscoop.com/north-korea-cybercrime-dtex-research-center-227/
Fancy Bear's Webmail Espionage Campaign 🐻
- Russia's APT28 (Fancy Bear/Sednit) has been conducting an ongoing cyberespionage campaign, "Operation RoundPress," since 2023, targeting high-ranking Ukrainian officials and defence contractors globally.
- The campaign leverages spear-phishing emails with malicious JavaScript payloads that exploit zero-day (CVE-2024-11182 in MDaemon) and n-day XSS vulnerabilities in webmail clients like Roundcube, Horde, MDaemon, and Zimbra.
- Victims simply opening the email can trigger credential theft, 2FA bypass, and exfiltration of email content, contacts, and login history, with targets including governments and military entities in Ukraine, Greece, Cameroon, Serbia, Ecuador, Bulgaria, and Romania.
🤫 CyberScoop | https://cyberscoop.com/russia-fancy-bear-gru-ukrainian-military-contractors/
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/government-webmail-hacked-via-xss-bugs-in-global-spy-campaign/
AI-Generated Deepfake Phishing Attacks 🗣️
- The FBI warns that cybercriminals are using AI-generated audio deepfakes and smishing (SMS phishing) to impersonate senior US officials, targeting current and former government personnel and their contacts.
- These attacks aim to establish rapport before tricking victims into clicking malicious links to gain access to personal accounts, which are then used for further social engineering to steal sensitive information or transfer funds.
- This highlights the increasing sophistication of social engineering, where AI enables highly convincing and scalable attacks, making vigilance and multi-factor authentication critical.
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/fbi-us-officials-targeted-in-voice-deepfake-attacks-since-april/
🤫 CyberScoop | https://cyberscoop.com/fbi-warns-of-ai-deepfake-phishing-impersonating-government-officials/
Malicious NPM Package Uses Unicode Steganography 📦
- A malicious NPM package, 'os-info-checker-es6', has been found using invisible Unicode characters for steganography to hide malicious code and Google Calendar links for C2 communication.
- The package, downloaded over 1,000 times, appears benign but contains obfuscated install scripts and a sophisticated C2 mechanism that fetches a final payload via redirects from a Google Calendar short link.
- This technique allows the attacker to evade detection by security tools, and the package is also a dependency for four other NPM packages, posing as accessibility and developer tools.
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/malicious-npm-package-uses-unicode-steganography-to-evade-detection/
Pwn2Own Berlin Day 1 Highlights Zero-Days 🏆
- On the first day of Pwn2Own Berlin 2025, researchers earned $260,000 by demonstrating zero-day exploits against Windows 11, Red Hat Linux, and Oracle VirtualBox.
- Exploits included local privilege escalations on Red Hat Linux (integer overflow, use-after-free) and Windows 11 (use-after-free, integer overflow, out-of-bounds write, type confusion) to gain SYSTEM privileges.
- Successful virtual machine escapes were also demonstrated against Oracle VirtualBox (integer overflow) and Docker Desktop (use-after-free), allowing code execution on the underlying OS.
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/windows-11-and-red-hat-linux-virtualbox-hacked-on-first-day-of-pwn2own/
Google Chrome High-Severity Flaw Fixed 🌐
- Google has released emergency security updates for a high-severity vulnerability (CVE-2025-4664) in Chrome's Loader component, which has a public exploit and could lead to full account takeover.
- The flaw involves insufficient policy enforcement, allowing remote attackers to leak cross-origin data via maliciously crafted HTML pages, specifically by exploiting the Link header's ability to set a referrer-policy to 'unsafe-url' and capture sensitive query parameters (e.g., in OAuth flows).
- Users are urged to update to Chrome versions 136.0.7103.113 (Windows/Linux) or 136.0.7103.114 (macOS) immediately.
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/google-fixes-high-severity-chrome-flaw-with-public-exploit/
Cybercriminals Reinvesting in Legitimate Businesses 💰
- Sophos X-Ops research reveals cybercriminals are increasingly laundering illicit gains by investing in seemingly ordinary businesses like pizza shops, construction, and even cybersecurity companies.
- Discussions on dark web forums show brazen collaboration, with criminals sharing guides on diversifying crypto into fiat, establishing shell companies, and even proposing selling spyware to pentesters or offering "protective services" after finding vulnerabilities.
- This trend raises concerns about insider threats and the potential for criminal motivations to infiltrate legitimate security sectors, highlighting the need to track money flow beyond initial compromise.
🤫 CyberScoop | https://cyberscoop.com/what-cybercriminals-do-with-their-money-sophos/
Tor Releases Oniux for Linux App Anonymisation 🧅
- The Tor Project has introduced Oniux, a new command-line utility for Linux that routes any application's network traffic securely through the Tor network for enhanced anonymisation.
- Unlike older methods like torsocks, Oniux uses Linux namespaces to create a fully isolated network environment at the kernel level, preventing data leaks even from malicious or misconfigured applications.
- While still experimental, Oniux offers true isolation by forcing all app traffic through Tor via a virtual interface and custom DNS, making it a promising tool for privacy-conscious users and researchers.
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/new-tor-oniux-tool-anonymizes-any-linux-apps-network-traffic/
#CyberSecurity #ThreatIntelligence #Ransomware #NationState #APT #ZeroDay #Vulnerability #Deepfake #SocialEngineering #SupplyChainSecurity #DataPrivacy #InfoSec #CyberAttack #Malware #IncidentResponse #CloudSecurity #AI #Regulation #Government
Hey everyone! We're playing catch-up after our integrations burned out over the week, so here's the wrap-up for the 13th August:
It's been a pretty packed 24 hours in the cyber world, with a flurry of critical vulnerability patches, ongoing nation-state espionage, and some significant data breach confirmations. Let's dive into the details:
M&S Data Breach Confirmed ⚠️
- Marks & Spencer has confirmed customer data theft following a cyberattack last month, widely believed to be a ransomware incident involving DragonForce affiliates and Scattered Spider tactics.
- Compromised data includes names, addresses, phone numbers, dates of birth, online order history, and household information, but no usable payment details or account passwords.
- Customers will be prompted to reset passwords, and M&S advises vigilance against phishing, while the NCSC investigates potential links to other UK retail attacks (Co-op, Harrods).
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/05/13/ms_confirms_customer_data_stolen/
🗞️ The Record | https://therecord.media/marks-spencer-confirms-customer-data-breach
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/mands-says-customer-data-stolen-in-cyberattack-forces-password-resets/
Alabama State Government Cyber Event 🚨
- Alabama's state government is responding to a "cybersecurity event" detected on May 9th, causing potential disruptions to government services and website access.
- Some state employee usernames and passwords were compromised, but authorities currently believe no Alabamian's personally identifiable information was retrieved.
- The state Office of Information Technology (OIT) is working with a third-party cybersecurity firm, and employees are reminded to be cautious of malicious emails.
🗞️ The Record | https://therecord.media/alabama-says-cyber-event-could-cause-disruptions
Twilio Denies Steam 2FA Breach 🔒
- Twilio has denied a breach of its systems after a threat actor claimed to possess over 89 million Steam user records, including one-time access codes.
- Leaked samples contained historic SMS text messages with Steam one-time passcodes and recipient phone numbers, leading to speculation of a supply-chain compromise involving an SMS provider.
- While Twilio states no evidence of a breach on their end, Steam users are advised to enable Steam Guard Mobile Authenticator and monitor account activity.
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/twilio-denies-breach-following-leak-of-alleged-steam-2fa-codes/
North Korean Espionage Campaigns 🇰🇵
- North Korean state-backed groups TA406 (Konni/Opal Sleet) and APT37 (ScarCruft) have launched new cyber-espionage campaigns targeting Ukrainian and South Korean government entities, respectively.
- TA406 is using spear-phishing with fake think tank impersonations and cloud-hosted password-protected archives to gather intelligence on Russia's war efforts in Ukraine, likely to assess risks to DPRK forces.
- APT37 is targeting South Korean national security interests, impersonating experts and think tanks via phishing emails with Dropbox links to deploy RoKRAT malware for system info collection and screenshots.
🗞️ The Record | https://therecord.media/north-korea-hackers-target-ukraine-to-understand-russian-war-efforts
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/north-korea-ramps-up-cyberspying-in-ukraine-to-assess-war-risk/
🗞️ The Record | https://therecord.media/apt37-scarcruft-cyber-espionage-campaign-south-korea
BlackDB.cc Cybercrime Marketplace Leader Extradited ⚖️
- Liridon Masurica, a Kosovo national, has been extradited to the US to face charges for allegedly operating BlackDB.cc, an illegal online marketplace active since 2018.
- The marketplace reportedly sold compromised account credentials, credit card details, and personal information, primarily of US citizens, facilitating tax fraud, credit card fraud, and identity theft.
- Masurica faces up to 55 years in federal prison if convicted on charges including conspiracy to commit access device fraud and fraudulent use of unauthorized access devices.
🗞️ The Record | https://therecord.media/us-extradites-kosovo-national-online-marketplace
🤫 CyberScoop | https://cyberscoop.com/blackdb-administrator-liridon-masurica-extradited-charged/
Microsoft May 2025 Patch Tuesday 🛡️
- Microsoft's May 2025 Patch Tuesday addresses 72 flaws, including five actively exploited zero-days and two publicly disclosed zero-days.
- The actively exploited flaws include four Elevation of Privilege vulnerabilities (CVE-2025-30400, CVE-2025-32701, CVE-2025-32706, CVE-2025-32709) and one Scripting Engine Memory Corruption RCE (CVE-2025-30397).
- Key fixes also include a Microsoft Defender for Identity Spoofing vulnerability (CVE-2025-26685) and a Visual Studio RCE (CVE-2025-32702), both publicly disclosed.
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/microsoft/microsoft-may-2025-patch-tuesday-fixes-5-exploited-zero-days-72-flaws/
Ivanti Zero-Days and Critical Flaws ⚠️
- Ivanti has patched two zero-day vulnerabilities (CVE-2025-4427, CVE-2025-4428) in its Endpoint Manager Mobile (EPMM) software, which were chained for unauthenticated remote code execution in limited attacks.
- Additionally, a critical authentication bypass (CVE-2025-22462) in Neurons for ITSM and a default credentials flaw (CVE-2025-22460) in Cloud Services Appliance (CSA) were addressed.
- Organisations using on-premise EPMM should update immediately, and those with Neurons for ITSM or CSA should apply patches and review Ivanti's hardening guidance.
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/ivanti-warns-of-critical-neurons-for-itsm-auth-bypass-flaw/
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/ivanti-fixes-epmm-zero-days-chained-in-code-execution-attacks/
Fortinet FortiVoice Zero-Day Exploited 🚨
- Fortinet has released security updates for a critical stack-based overflow vulnerability (CVE-2025-32756) in FortiVoice enterprise phone systems, actively exploited as a zero-day.
- The flaw, also affecting FortiMail, FortiNDR, FortiRecorder, and FortiCamera, allows remote unauthenticated attackers to execute arbitrary code via crafted HTTP requests.
- Indicators of compromise include 'fcgi debugging' being toggled on and cron jobs for credential harvesting; Fortinet advises disabling HTTP/HTTPS administrative interfaces if immediate patching isn't possible.
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/fortinet-fixes-critical-zero-day-exploited-in-fortivoice-attacks/
ASUS DriverHub RCE Flaw 💻
- A critical remote code execution (RCE) flaw (CVE-2025-3462, CVE-2025-3463) was found in ASUS DriverHub, an official driver management utility pre-installed on some ASUS motherboards.
- The vulnerability allows malicious websites to execute commands with admin rights by bypassing origin header checks and tricking the software into downloading and running malicious executables via a legitimate ASUS installer.
- ASUS has released a fix, and users are strongly recommended to update DriverHub; the flaw is limited to motherboards but impacts laptops and desktops with the software installed.
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/asus-driverhub-flaw-let-malicious-sites-run-commands-with-admin-rights/
Türkiye-Linked Spies Exploit Messaging App Zero-Day 🕵🏼
- Microsoft's Marbled Dust (aka Sea Turtle, UNC1326), a Türkiye-affiliated espionage group, exploited a zero-day (CVE-2025-27920) in Output Messenger v2.0.62 to snoop on the Kurdish military in Iraq.
- The directory traversal vulnerability allowed the group to steal user data and drop malicious VBS and Go-based backdoor executables (OMServerService.exe) on compromised servers and clients.
- Attacks began in April 2024, with the group likely gaining initial authentication via DNS hijacking or typosquatting; users are urged to update to Output Messenger V2.0.63.
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/05/13/turkish_spies_messaging_app/
Apple's Extensive Security Update 🍎
- Apple has released substantial security updates for iOS, iPadOS, and macOS, addressing over 30 vulnerabilities, including a baseband flaw (CVE-2025-31214) in the new C1 modem.
- Numerous privacy-focused vulnerabilities were patched in macOS Sequoia components like Apple Intelligence, Core Bluetooth, and Finder, which could expose sensitive personal data.
- While no active exploitation was indicated, the updates cover recurring issues like out-of-bounds reads, memory corruption, and logic errors across shared codebases like WebKit.
🤫 CyberScoop | https://cyberscoop.com/apple-security-update-c1-modem-privacy-fixes-may-2025/
EU Launches Vulnerability Database (EUVD) 🇪🇺
- The European Vulnerability Database (EUVD) is now fully operational, aiming to improve vulnerability management and transparency, especially as the US CVE program faces funding uncertainties.
- The EUVD, mandated by the NIS2 Directive, provides near real-time updates on critical and actively exploited flaws, sourced from open-source databases, national CSIRTs, and vendor advisories.
- Unlike the US NVD, which has a backlog, EUVD highlights critical and exploited vulnerabilities at the top and is updated quickly, though ENISA is still in contact with MITRE regarding CVE funding.
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/05/13/eu_security_bug_database/
🗞️ The Record | https://therecord.media/eu-launches-vulnerability-database
UK NCSC on CISA Relationship Post-Trump 🇬🇧🇺🇸
- UK's National Cyber Security Centre (NCSC) leadership asserts that their relationship with the US CISA remains "enduring" and "unwavering" despite concerns over the current US administration's treatment of CISA.
- NCSC officials, including CTO Ollie Whitehouse, confirmed continued "embeds" within CISA and positive engagements, downplaying public criticisms and budget cuts faced by the US agency.
- This stance contrasts with broader industry concerns about US government cybersecurity funding and the future of critical programs like CVE, which was only recently renewed for less than a year.
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/05/13/cisa_ncsc/
Android 16 Boosts Advanced Protection 📱
- Android 16 introduces significant enhancements to its 'Advanced Protection' feature, expanding device-level security against sophisticated spyware and zero-day attacks.
- New features include verified boot, strong sandboxing, USB port lockdown, automatic reboots, enhanced Play Protect, intrusion logging, and blocking auto-reconnects to insecure networks.
- Further privacy and security improvements include "in-call scam protections," Key Verifier for Messages (to combat text-based fraud), and AI-powered Scam Detection for Phone and Messages apps.
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/android-16-expands-advanced-protection-with-device-level-security/
#CyberSecurity #ThreatIntelligence #Ransomware #NationState #APT #ZeroDay #Vulnerability #PatchTuesday #DataBreach #InfoSec #CyberAttack #Malware #IncidentResponse #Privacy
The Fort Bend County Libraries website will be fully operational starting Sept. 2, roughly six months after a cyberattack, according to county officials.
#BooksLibraries #FortBend #Local #News #Cyberattack #Cybersecurity #FortBendCounty #FortBendCountyLibraries
Norway spy chief blames Russian hackers for hijacking dam
Russian hackers briefly hijacked a dam in Norway in early April and spilled millions of gallons of water…
#NewsBeep #News #Headlines #cyberattack #cybersecurity #Energy #InBrief #Russia #World
https://www.newsbeep.com/61321/
A weak password turned Norway’s Bremanger dam into a high-stakes experiment—hackers opened floodgates to release 500 liters of water per second for hours. A chilling wake-up call on critical infrastructure vulnerability. What’s next in the cyber war playbook?
https://thedefendopsdiaries.com/cybersecurity-breach-at-norways-bremanger-dam-a-wake-up-call/
#cybersecurity
#criticalinfrastructure
#russianhackers
#cyberattack
#norwaydam
Norway says pro-Russian hackers breached a dam in Bremanger in April, opening a water valve for 4 hours after exploiting a weak password.
🔗 https://hackread.com/norway-blames-pro-russian-hackers-for-dam-cyberattack/
Canada’s House of Commons just faced a cyber breach by exploiting a Microsoft flaw, leaving sensitive employee data exposed. A real wake-up call for our digital defenses—what does this mean for our security?
#cyberattack
#canadahouseofcommons
#databreach
#cybersecurity
#microsoftvulnerability
Seems like the DDoS attacks on Arch Linux infrastructure are still going on :/
Here's a dashboard for the uptimes:
@Codeberg is great, and their hoster, #INBerlin, too.
But, please, don't make it the new #MSGitHub, i.e. don't centralize all #freeSoftware on it. It is important to have various servers, not all eggs in one basket, also for #resilience against #cyberattack or #censorship.
If you can, think about #selfHosting #forgejo, #gitea, or #gitlab. If not, take a look at #sourceHut or #Salsa.debian.org, too. The latter is not only for #Debian stuff! 🙂
