Biggest Cyber Attacks, Ransomware Attacks, Data Breaches of March 2025

Date

Victim

Summary

Threat Actor

Business Impact

Source Link

March 01, 2025

The health Ministry of the Pacific Island Nation of Palau

Palau Health Ministry on the mend after Qilin ransomware attack

Qilin Ransomware

The health ministry of the Pacific island nation of Palau has recovered from a ransomware attack launched by a gang known for targeting prominent healthcare institutions. Palau officials said that the February 17 ransomware attack launched by hackers connected to a group named Qilin allowed the infiltrators to steal files from IT systems used by the Ministry of Health and Human Services (MHHS). The group published some of the stolen information on March 01, 2025, and in a statement, the Health Ministry confirmed that patient data was compromised as result of the cyber attack.

Palau health ministry ransomware attack

March 05, 2025

Toronto Zoo

Two decades of visitor data at the Toronto Zoo stolen in cyber attack

Akira Ransomware

A cyber attack last year exposed information about every visitor to the Toronto Zoo between 2000 and April 2023. The Toronto Zoo published a notice about the cyber attack in January 2024 following an analysis of the incident to figure out what data was accessed by the hackers. The transaction information had names, addresses, phone numbers and email addresses. For guests and members who conducted credit card transactions between January 2022 and April 2023, the last four digits of card numbers and expiration dates were stolen by the hackers.

Source: The Record Media

March 10, 2025

Sunflower Medical Group

Kansas healthcare provider says more than 220,000 impacted by cyber attack

Rhysida Ransomware

Sunflower Medical Group said nearly 221,000 of its patients had information accessed by hackers who broke into their systems on December 15. The company notified regulators in Maine, Vermont and California and posted a notice on its website. The Rhysida ransomware gang took credit for the attack in January, threatening to leak the stolen data if a ransom of about $800,000 was not paid.

Source: The Record Media

March 12, 2025

The Department of Health Services for the state of Yap

Ransomware attack takes down health system network in Micronesia

Unknown

One of the four states that make up the Pacific nation of Micronesia is battling against ransomware hackers who have forced all of the computers used by its government health agency offline. In response, the whole network was taken offline that caused zero internet connectivity as all computers were returned off to prevent further damage. 

Source: The Record Media

March 25, 2025

Union County, Pennsylvania

Hackers steal sensitive data from Pennsylvania county during ransomware attack

Unknown

Personal information from Union County, Pennsylvania, residents was stolen during a ransomware attack on government systems. The county published a notice, warning its more than 40,000 residents that the ransomware attack was discovered on March 13 as the county learned that the hackers took personal information from its network as the affected information appeared to be mostly related to individuals involved with County law enforcement, court related matters, and/or other County business,” the county said.

Source: The Record Media

March 25, 2025

Malaysia’s Kuala Lumpur International Airport (KLIA)

Malaysia PM says country rejected $10 million ransom demand after airport outages

Unknown

Malaysia’s National Cyber Security Agency (NACSA) and Malaysia Airports released a joint statement confirming that a cyber attack started causing disruptions on March 23 as hackers demanded a $10 million ransom.

Source: The Record Media

Date

Victim

Summary

Threat Actor

Business Impact

Source Link

March 03, 2025

Rubrik

Rubrik rotates authentication keys after log server breach

Unknown

Rubrik disclosed last month that one of its servers hosting log files was breached, causing the company to rotate potentially leaked authentication keys as its security team discovered anomalous activity on a server that contained log files. 

Source: Bleeping Computer

March 03, 2025

Stock Broker Angel One

Indian Stock Broker Angel One Discloses Data Breach

Unknown

Indian stock brokerage firm Angel One disclosed a data breach impacting client information stored in its Amazon Web Services (AWS) account. Following the data breach announcement, Angel One’s shares dropped over 11% in two days, hitting a 52-week low on March 3.

Source: Security Week

March 06, 2025

Carruth Compliance Consulting

Thousands of public school workers impacted by cyber attack on retirement plan administrator

Skira Ransomware

A December 2024 cyber attack on a prominent administrator for retirement plans has exposed the information of thousands of public school teachers and employees across the U.S. Dozens of public schools across the country reported data breaches to regulators in Maine, Massachusetts, Vermont and several other states, warning that sensitive data was stolen through Carruth Compliance Consulting - a company that provides third-party administrative services to public school districts and non-profit organisations for their 403(b) and 457(b) retirement savings plans. A new cybercriminal operation named Skira Team took credit for the attack, claiming to have stolen data from 36 public schools.

Source: The Record Media

March 06, 2025

NTT Communications Corporation

Data breach at Japanese telecom giant NTT hits 18,000 companies

Unknown

Japanese telecommunication services provider NTT Communications Corporation (NTT) has warned almost 18,000 corporate customers that their information was compromised during a cybersecurity incident. NTT said hackers breached its 'Order Information Distribution System,' which held details on 17,891 corporate customers (companies), but no data on personal customers (consumers).

Source: Bleeping Computer

March 10, 2025

PowerSchool

PowerSchool previously hacked in August, months before data breach

Unknown

PowerSchool has published a long-awaited CrowdStrike investigation into its massive December 2024 data breach, which determined that the company was previously hacked over 4 months earlier, in August, and then again in September as the breach impacted 6,505 school districts in the US, Canada, and other countries, with 62,488,628 students and 9,506,624 teachers having their data stolen.

Source: Bleeping Computer

March 17, 2025

Western Alliance Bank

Western Alliance Bank says nearly 22,000 impacted by file transfer software breach

Clop Ransomware

Phoenix-based Western Alliance Bank said the information of more than 20,000 people was stolen through a vulnerability in a popular file sharing tool last year. The bank confirmed that it was affected by a vulnerability in a “third-party vendor’s secure file try Western Alliance and numerous other organisations.” The information stolen includes names, Social Security numbers and in some cases, dates of birth, financial account numbers, driver’s license numbers, tax identification numbers and passports.

Source: The Record Media

March 18, 2025

GitHub Action

GitHub Action hack likely led to another in cascading supply chain attack

Unknown

A cascading supply chain attack that began with the compromise of the "reviewdog/action-setup@v1" GitHub Action is believed to have led to the recent breach of "tj-actions/changed-files" that leaked CI/CD secrets.

Source: Bleeping Computer

March 18, 2025

Dogequest

Dogequest Website exposes Tesla owners' sensitive information

Unknown

A website called "Dogequest" allegedly published the personal information of Tesla owners across the U.S. in an apparent attempt to shame and intimidate them, amid tech billionaire Elon Musk’s growing interference in government. "Encouraging destruction of Teslas throughout the country is extreme domestic terrorism!!" Musk posted on X.

Dogequest data breach

March 19, 2025

Pennsylvania State Education Association

Half a million people impacted by Pennsylvania State Education Association data breach

Rhysida Ransomware

More than 500,000 people were impacted by a cyber attack on the Pennsylvania State Education Association (PSEA) that took place in July 2024. The organisation published breach notices in several states and on its website, warning its current and former members as well as their dependants that hackers broke into their systems last year and stole state IDs, Social Security numbers, financial account numbers, payment card information, passport numbers, taxpayer IDs, health insurance information and medical data.

Source: The Record Media

March 19, 2025

Ascom, Jira

HellCat hackers go on a worldwide Jira hacking spree

HellCat Ransomware 

Swiss global solutions provider Ascom has confirmed a cyber attack on its IT infrastructure as a hacker group known as Hellcat targets Jira servers worldwide using compromised credentials as the company announced that hackers breached its technical ticketing system and is currently investigating the incident. The HellCat hacking group claimed the attack and said that they stole about 44GB of data that may impact all of the company’s divisions.

Source: Bleeping Computer

March 19, 2025

Sperm donation giant California Cryobank

Sperm donation giant California Cryobank warns of a data breach

Unknown

US sperm donor giant California Cryobank is warning customers it suffered an April 2024 data breach that exposed customers' personal information. An almost a year-long investigation has determined that the attack exposed varying personal data for customers, including names, bank accounts and routing numbers, Social Security numbers, driver's license numbers, payment card numbers, and/or health insurance information.

Source: Bleeping Computer

March 20, 2025

China's Baidu

China's Baidu denies data breach after executive's daughter leaks personal info

Human Error

Chinese search giant Baidu denied allegations it had suffered an internal data breach after a top executive's teenage daughter posted personal details of other internet users online, sparking a controversy. Baidu said all employees and executives at all levels were prohibited from accessing user data and the information posted by the teenager originated from illegally obtained "doxing databases" on foreign platforms, which aggregate stolen private data.

Source: Reuters

March 21, 2025

Coinbase

Coinbase was primary target of recent GitHub Actions breaches

Unknown

Researchers have determined that Coinbase was the primary target in a recent GitHub Actions cascading supply chain attack that compromised secrets in hundreds of repositories as the threat actors modified the action to dump CI/CD secrets and authentication tokens into GitHub Actions logs.

Source: Bleeping Computer

March 21 and 26, 2025

Oracle

Oracle denies breach after hacker claims theft of 6 million data records, but customers confirm it

Rose87168, a BreachForums account name

Despite Oracle denying a breach of its Oracle Cloud federated SSO login servers and the theft of account data for 6 million people, it has been confirmed with multiple companies that associated data samples shared by the threat actor are valid.

Source: Bleeping Computer

March 26, 2025

StreamElements

StreamElements discloses third-party data breach after hacker leaks data

"Victim", a BreachForum name

Cloud-based streaming company StreamElements confirmed it suffered a data breach at a third-party service provider after a threat actor leaked samples of stolen data on a hacking forum. A BreachForum hacker claimed to have stolen the data of 210,000 StreamElements customers on March 20, 2025 as the threat actor shared samples of the stolen data, which included full names, addresses, phone numbers, and email addresses.

Source: Bleeping Computer

March 26, 2025

Numotion

U.S. wheelchair maker Numotion says data breach impacted half a million customers

Black Basta group

Tennessee-based healthcare mobility services provider Numotion recently suffered a serious data security incident that compromised the sensitive personal information of nearly half a million individuals.

Source: Teiss UK

March 26, 2025

NYU

Hacker defaces NYU website, exposing admissions data on 1 million students

Computer Niggy Exploitation

The hacker accessed and replaced the NYU homepage with charts and links to large student datasets categorizing standardized testing scores based on race. The threat actor also claimed personal information identifying students was redacted but linked to four different datasets that included personal information on NYU applicants, their citizenship status and more.

Source: The Record Media

March 26, 2025

Lafayette Federal Credit Union

Over 75,000 people impacted in Lafayette Federal Credit Union data breach

Unknown

Maryland-based Lafayette Federal Credit Union said the data security incident it suffered last year compromised the sensitive personal information of more than 75,000 individuals.

Source: Teiss UK

Date

Victim

Summary

Threat Actor

Business Impact

Source Link 

March 03, 2025

Anne Arundel County

Several local governments struggling with cyber attacks limiting services

Unknown

Government services offered by one of the largest counties in Maryland are still being limited more than a week after it was targeted by a cyber attack. Anne Arundel County, home to nearly 600,000 people and the state capital of Annapolis, first announced the incident on February 23 and still warned residents that multiple services were still down. County officials initially said the attack was “of external origin” and was considered a “multi-day event.”

Source: The Record Media

March 03, 2025

Polish Space Agency, POLSA

Polish space agency confirms cyber attack

Unknown

The Polish Space Agency (POLSA) is currently dealing with a cybersecurity incident as sources inside the agency, who asked to remain anonymous, claimed the attack appears to be related to an internal email compromise and that staff are being told to use phones for communication instead.

Polish Space Agency cyber attack

March 07, 2025

National Presto Industries, Presto

Home appliance company Presto says cyber attack causing delivery delays

Unknown

National Presto Industries — the company behind the Presto brand of home appliances said a cyber attack was hampering its shipping and manufacturing processes as it filed notices with the U.S. Securities and Exchange Commission (SEC), warning that it experienced a system outage caused by a cybersecurity incident that began on March 1.

Source: The Record Media

March 07, 2025

The government of Mission, Texas

Texas border city declares state of emergency after cyber attack on government systems

Unknown

The government of Mission, Texas, filed a state of emergency declaration this week after a cyber attack exposed all of the data held on city systems. The city government notified residents of the incident, telling them cybercriminals targeted portions of their network as police officers have lost the ability to run license plates and driver’s licenses through state databases.

Source: The Record Media

March 10, 2025

X

Musk blames X outages on alleged ‘massive’ cyber attack

Dark Storm

The global outages impacting the social media platform X are being caused by a cyber attack, CEO Elon Musk said after the app and website were down intermittently throughout the day. Alp Toker, director of internet monitor Netblocks said they have been observing a cycle of outages affecting X over the last six hours impacting the site’s availability globally as this was amongst the longest Twitter outages tracked in terms of duration, and the pattern is consistent with a denial of service attack targeting X’s infrastructure at scale.

Source: The Record Media

March 15, 2025

Raymond Ltd

Raymond Ltd confirms cyber attack on IT Infrastructure, assures no disruptions to retail operations

Unknown

Raymond Ltd’s real estate division reported a cybersecurity incident affecting some of its IT assets. In regulatory filings, the company stated, "A cybersecurity incident has occurred at the company, impacting some of the IT assets, which have been isolated." 

Raymond Ltd cyber attack

March 17, 2025

Kansas’ Atchison County, Cleveland Municipal Court, Strafford County and Pelham School District in New Hampshire

Municipalities in four states are struggling with cyber attacks limiting services

Unknown

Cyber attacks on public entities across the U.S. (from police stations to school districts and courts) are causing wide-ranging issues for thousands of residents and public employees. Nearly three weeks after announcing a cyber attack had brought down its systems, Cleveland’s Municipal Court did not recover, hampering dozens of trials that had been slated to begin in March. Three other U.S. municipalities were also dealing with cyber attacks, including Strafford County and Pelham School District in New Hampshire, as well as Connecticut’s Derby Police Department.

Source: The Record Media

March 17, 2025

Blockchain gaming, WEMIX

Blockchain gaming platform WEMIX hacked to steal $6.1 million

Unknown

Blockchain gaming platform WEMIX suffered a cyber attack last month, allowing threat actors to steal 8,654,860 WEMIX tokens, valued at approximately $6,100,000 at the time. During a press conference, WEMIX's CEO Kim Seok-Hwan confirmed the incident occurred on February 28, 2025, explaining that the delay in issuing a public announcement wasn't an attempt to cover it up, but rather a conscious choice to protect players from additional losses.

Source: Bleeping Computer

March 18, 2025

National Iranian Tanker Company (NITC) and Islamic Republic of Iran Shipping Lines (IRISL)

Cyber group says it disrupted Iranian shipping communications

Lab Dookhtegan

A hacker group called Lab Dookhtegan said it has disrupted the communication networks of 116 ships belonging to two major Iranian shipping companies in one of the biggest attacks against Iranian maritime operations, critical to the country's oil sales. As part of this operation, the hackers allegedly targeted the communication network of 116 ships belonging to two major Iranian companies sanctioned by the US Department of the Treasury, the United Kingdom, and the European Union: 50 ships belonging to the National Iranian Tanker Company (NITC) and 66 ships belonging to the Islamic Republic of Iran Shipping Lines (IRISL).

Cyber attack on two Iranian shipping companies

March 21, 2025

YouTube account of Costa Rica's presidency

YouTube account of Costa Rica's presidency back online after cyber attack

Unknown

The official YouTube account of Costa Rican President Rodrigo Chaves came back under government control after the platform suffered an hours-long cyber attack. The YouTube presidential profile showed a logo with the word "Strategy" followed by a bitcoin symbol. The most recent videos uploaded to the profile had contained information related to the cryptocurrency, which the presidential office assured had not come from them.

Source: Reuters

March 23, 2025

State-owned railway company Ukrzaliznytsia

Ukraine railway says its online systems targeted in large-scale cyber attack

Unknown

The online systems of Ukraine’s state-owned railway company Ukrzaliznytsia have been targeted by a large-scale cyber attack that forced the organisation to sell tickets offline.

Source: AlArabiya.net

March 24, 2025

Belgian Websites

Russian hackers target big Belgian websites with little success

NoName057

The Russian hackers’ collective NoName057 has attacked several major Belgian websites including MyGov.be that provides Belgian citizens with access to official documents as well as the platform of the Walloon Parliament.

Cyber attack on Belgian websites like MyGov.be

March 25, 2025

South Africa’s Astral Foods

Cyber attack causes delays for South Africa’s largest chicken producer

Unknown

South Africa’s largest chicken producer lost more than $1 million due to a recent cyber attack that caused delivery delays and other issues. Astral Foods told investors that it suffered a cyber attack on March 16 that required the company to implement all of its disaster recovery protocols and preparedness plans.

Source: The Record Media

New Ransomware

Summary

ClickFix phishing campaign

A newly uncovered ClickFix phishing campaign is tricking victims into executing malicious PowerShell commands that deploy the Havok post-exploitation framework for remote access to compromised devices.

Poco RAT

The hacker group Dark Caracal appears to be shifting to newer malware in an espionage campaign targeting individuals in Latin America, researchers said.

Eleven11bot malware

A new botnet malware named 'Eleven11bot' has infected over 86,000 IoT devices, primarily security cameras and network video recorders (NVRs), to conduct DDoS attacks.

MassJacker malware

A newly discovered clipboard hijacking operation dubbed 'MassJacker' uses at least 778,531 cryptocurrency wallet addresses to steal digital assets from compromised computers.

Polyglot malware and its backdoor named Sosano

Polyglot malware is being deployed in attacks against aviation, satellite communication, and critical transportation organizations in the United Arab Emirates. The malware delivers a backdoor called Sosano, which establishes persistence on the infected devices and allows the attackers to execute commands remotely.

KoSpy spyware

A new Android spyware named 'KoSpy' is linked to North Korean threat actors who have infiltrated Google Play and third-party app store APKPure through at least five malicious apps.

StilachiRAT malware

​Microsoft has discovered a new remote access trojan (RAT) that employs "sophisticated techniques" to avoid detection, maintain persistence, and extract sensitive data. 

Arcane malware

A newly discovered information-stealing malware called Arcane is stealing extensive user data, including VPN account credentials, gaming clients, messaging apps, and information stored in web browsers.

Atlantis AIO, a new cyber crime platform

A new cybercrime platform named 'Atlantis AIO' provides an automated credential stuffing service against 140 online platforms, including email services, e-commerce sites, banks, and VPNs.

Date

New Flaws/Fixes

Summary

March 01, 2025

CVE-2025-0288, CVE-2025-0287, CVE-2025-0286, CVE-2025-0285, CVE-2025-0289

Microsoft had discovered five Paragon Partition Manager BioNTdrv.sys driver flaws, with one used by ransomware gangs in zero-day attacks to gain SYSTEM privileges in Windows. 

March 03, 2025

CVE-2023-20118, CVE-2018-8639

CISA has warned US federal agencies to secure their systems against attacks exploiting vulnerabilities in Cisco and Windows systems. 

March 04 and 06, 2025

CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226

Broadcom warned customers about three VMware zero-days, tagged as exploited in attacks and reported by the Microsoft Threat Intelligence Center. Over 37,000 internet-exposed VMware ESXi instances are vulnerable to CVE-2025-22224, a critical out-of-bounds write flaw that is actively exploited in the wild.

March 04, 2025

CVE-2024-50302, CVE-2024-43093

Google has released patches for 43 vulnerabilities in Android's March 2025 security update, including two zero-days exploited in targeted attacks. 

March 07, 2025

CVE-2025-1316

A critical command injection vulnerability impacting the Edimax IC-7100 IP camera is currently being exploited by botnet malware to compromise devices. 

March 08, 2025

CVE-2024-4577

A vulnerability initially exploited mostly in cyberattacks against Japanese organizations is now a potential problem worldwide, researchers said.

March 11, 2025

CVE-2025-24201

Apple has released emergency security updates to patch a zero-day bug the company describes as exploited in "extremely sophisticated" attacks. 

March 11, 2025

CVE-2025-24983, CVE-2025-24984, CVE-2025-24985, CVE-2025-24991, CVE-2025-24993, CVE-2025-26633, and a publicly disclosed zero-day is: CVE-2025-26630

Microsoft's March 2025 Patch Tuesday, which includes security updates for 57 flaws, including six actively exploited zero-day vulnerabilities. 

March 12, 2025

CVE-2023-1389

A model of internet routers marketed to consumers and businesses is being targeted as part of an effort to grow a new botnet known as Ballista. The hacker behind the malware, who they believe is based in Italy, has been exploiting a firmware vulnerability.

March 12, 2025

CVE-2025-27363

Facebook is warning that a FreeType vulnerability in all versions up to 2.13 can lead to arbitrary code execution, with reports that the flaw has been exploited in attacks. 

March 17, 2025

CVE-2024-55591 and CVE-2025-24472

Two vulnerabilities impacting Fortinet products are being exploited by a new ransomware operation with ties to the LockBit ransomware group as multiple researchers spotlighted the exploitation of flaws by a new ransomware group called Mora_001.

March 18, 2025

ZDI-CAN-25373

At least 11 state-backed hacking groups from North Korea, Iran, Russia, and China have been exploiting a new Windows vulnerability in data theft and cyber espionage zero-day attacks since 2017. 

March 18, 2025

CVE-2024-54085

​A new critical severity vulnerability found in American Megatrends International's MegaRAC Baseboard Management Controller (BMC) software can let attackers hijack and potentially brick vulnerable servers. 

March 19, 2025

No CVE id

WhatsApp has patched a zero-click, zero-day vulnerability used to install Paragon's Graphite spyware following reports from security researchers at the University of Toronto's Citizen Lab.

March 20, 2025

CVE-2025-23120

Veeam has patched a critical remote code execution vulnerability in its Backup & Replication software that impacts domain-joined installations.

March 20, 2025

CVE-2024-48248

CISA has warned U.S. federal agencies to secure their networks against attacks exploiting a high-severity vulnerability in NAKIVO's Backup & Replication software. 

March 20, 2025

CVE-2024-20439

Attackers have started targeting Cisco Smart Licensing Utility (CSLU) instances unpatched against a vulnerability exposing a built-in backdoor admin account. 

News Type

Summary

Report

CISA said it will continue to monitor Russian cyber threats as the Cybersecurity and Infrastructure Security Agency (CISA) refuted reports that changes are being made to how it approaches cyberthreats from Russia.

Report

The United Kingdom's privacy watchdog announced that it's investigating TikTok, Reddit, and Imgur because of privacy concerns about how they are processing children's data.

Report

Two people were arrested in New York City after allegedly using backend access to StubHub’s system to steal the URLs for 900 concert tickets, most of which were for Taylor Swift’s popular Eras Tour.

Warning

Federal law enforcement agencies are warning business executives of a new scam involving criminals using the name of a prominent Russian ransomware gang to extort companies.

Warning

Microsoft has warned that Chinese cyber-espionage threat group 'Silk Typhoon' has shifted its tactics, now targeting remote management tools and cloud services in supply chain attacks. Microsoft reported that Silk Typhoon switched tactics around that period, abusing stolen API keys and compromised credentials for IT providers, identity management, privileged access management, and RMM solutions, which are then used to access downstream customer networks and data.

Warning

YouTube has warned that scammers are using an AI-generated video featuring the company's CEO in phishing attacks to steal creators' credentials as the attackers are sharing it as a private video with targeted users via emails claiming YouTube is changing its monetization policy.

Report

A report said that scammers are impersonating the BianLian ransomware gang in fake ransom notes sent to US companies via snail mail through the United States Postal Service.

Report

​Microsoft has taken down an undisclosed number of GitHub repositories used in a massive malvertising campaign that impacted almost one million devices worldwide.

Report

The Akira ransomware gang was spotted using an unsecured webcam to launch encryption attacks on a victim's network, effectively circumventing Endpoint Detection and Response (EDR), which was blocking the encryptor in Windows.

Report

A Memphis man was arrested and charged with stealing DVD and Blu-ray discs of unreleased movies and sharing ripped digital copies online before their release.

Report

Microsoft said a North Korean hacking group tracked as Moonstone Sleet has deployed Qilin ransomware payloads in a limited number of recent attacks.

Report

The Federal Trade Commission (FTC) shuttered its case against MGM Resorts International centered on the company’s handling of personal data stolen during a 2023 ransomware attack. The FTC filed a Civil Investigative Demand (CID) in January 2024 seeking answers to dozens of questions about the ransomware attack that involved customer and employee data as well as troves of business information. MGM Resorts International repeatedly refused to provide the information and the FTC in June 2024 filed a lawsuit in Nevada to enforce the CID. But on February 28, court filings confirmed that with the Trump administration taking office, the FTC’s CID had been withdrawn, making the court cases “moot” according to lawyers for both sides.

Warning

Microsoft warned that an ongoing phishing campaign impersonating Booking.com is using ClickFix social engineering attacks to infect hospitality workers with various malware, including infostealers and RATs.

Report

A large-scale Coinbase phishing attack poses as a mandatory wallet migration, tricking recipients into setting up a new wallet with a pre-generated recovery phrase controlled by attackers.

Warning

US cities warned of an ongoing mobile phishing campaign pretending to be texts from the city's parking violation departments about unpaid parking invoices, that if unpaid, will incur an additional $35 fine per day.

Report

A widespread phishing campaign has targeted nearly 12,000 GitHub repositories with fake "Security Alert" issues, tricking developers into authorising a malicious OAuth app that grants attackers full control over their accounts and code.

Report

Hackers are spreading a malicious remote access tool through an email campaign that targets people interested in buying President Donald Trump’s cryptocurrency through the Binance platform. The emails are made to look like they come from Binance — currently the largest cryptocurrency platform in the world — and offer the ability to earn TRUMP coins through various actions like installing Binance software, registering an account on the platform and depositing funds.

Report

The encrypted messaging app Signal has stopped responding to requests from Ukrainian law enforcement regarding Russian cyberthreats, a Ukrainian official claimed, warning that the shift is aiding Moscow’s intelligence efforts.

Warning

Mozilla warned Firefox users to update their browsers to the latest version to avoid facing disruption and security risks caused by the upcoming expiration of one of the company's root certificates.

Report

The Cybersecurity and Infrastructure Security Agency confirmed that it is cutting funding for cybersecurity intelligence sharing bodies amid a wider campaign of firings and budget cuts impacting the federal cybersecurity landscape.

Report

The Medusa ransomware gang has attacked over 300 victims in critical infrastructure sectors as according to U.S. cybersecurity agencies the group and its affiliates have attacked organizations in the medical, education, legal, insurance, technology and manufacturing industries.

Report

Nearly a dozen nation-state groups from North Korea, China and Russia are exploiting a vulnerability affecting a commonly used feature of Microsoft Windows.

Report

Google announced a definitive agreement to acquire leading cloud security platform Wiz for $32 billion in an all-cash transaction.

Report

A malware operation dubbed 'DollyWay' has been underway since 2016, compromising over 20,000 WordPress sites globally to redirect users to malicious sites.

Report

The US Federal Trade Commission (FTC) has taken action against the "Click Profit" business opportunity platform for allegedly earning $14 million while deceiving consumers with false promises of guaranteed passive income through online stores.

Report

​Microsoft is investigating an ongoing outage preventing Outlook on the web users from accessing their Exchange Online mailboxes.

Report

The UK's National Cyber Security Centre (NCSC) has published specific timelines on migrating to post-quantum cryptography (PQC), dictating that critical organizations should complete migration by 2035.

Report

Infosys Limited has agreed to pay a $17.5 million settlement for six class action lawsuits filed against its subsidiary Infosys McCamish System (IMS) in a 2023 data breach.

Report

A former University of Michigan assistant football coach was charged by federal prosecutors with hacking into the student athlete databases of more than 100 colleges and universities and accessing the medical information of about 150,000 people.

Report

A new phishing campaign is targeting SEO professionals with malicious Semrush Google Ads that aim to steal their Google account credentials. Malwarebytes researcher Jerome Segura and SEO strategist Elie Berreby believe that the threat actor is after Google Ads accounts that would enable them to create new malvertising campaigns.

Report

The FBI warned that fake online document converters are being used to steal peoples’ information and, in worst-case scenarios, to deploy ransomware on victims' devices.

Warning

Britain’s National Crime Agency (NCA) has warned of a “new generation of young, English-speaking cyber criminals” who are “predominantly teenage boys that often share sadistic and misogynistic material, and have been seen to target those their own age or younger.”

Report

The cryptocurrency platform Abracadabra Finance has lost about $13 million worth of digital currency to hackers.

Report

Advanced, a business that provides IT services to numerous healthcare providers in the United Kingdom, has been fined £3.1 million (about $4 million) by the country’s privacy regulator over a ransomware attack in 2022.