January 2025: Recent Cyber Attacks, Data Breaches, Ransomware Attacks

Date

Victim

Summary

Threat Actor

Business Impact

Source Link

January 02, 2025

Atos

Atos, contractor for French military and intelligence agencies, dismisses ransomware attack claims

Space Bears

A ransomware group calling itself Space Bears, named Atos on its darknet site on December 28 alongside a pledge to publish data pilfered from the company on January 8. Atos responded to the criminal's claim by stating it “takes such allegations very seriously” and that its cybersecurity team was “actively investigating the situation.” The company said its “initial analysis shows no evidence of any compromise or ransomware affecting any Atos/Eviden systems in any country, and no ransom demand has been received to-date.” 

Atos Ransomware Attack Incident

January 08, 2025

Casio

Casio warns employees, customers about data leak from October ransomware attack

Underground ransomware

Thousands of employees, customers and business partners of Japanese electronics manufacturer Casio had data stolen during a ransomware attack in October. In a notice, Casio provided a post-mortem on the attack, explaining that 6,456 employees, 1,931 business partners and 91 customers were impacted by the ransomware incident last fall.

Source: The Record

January 13, 2025

OneBlood

OneBlood confirms personal data stolen in July ransomware attack

Unknown

Blood-donation not-for-profit OneBlood confirmed that donors' personal information was stolen in a ransomware attack last summer. OneBlood first notified the public about the attack on July 31, 2024, noting that ransomware actors had encrypted its virtual machines, forcing the healthcare organization to fall back to using manual processes.

OneBlood Ransomware Attack Update

January 29, 2025

ENGlobal Corporation

Ransomware attack kept major energy industry contractor out of some systems for 6 weeks

Unknown

Officials at a large energy industry and federal government contractor were locked out of company financial systems for six weeks due to a recent ransomware attack. ENGlobal Corporation revealed the extended disruptions in an update to the U.S. Securities and Exchange Commission as the Oklahoma-based firm warned that the incident also involved the threat actor’s access to a portion of the Company’s IT system that contained sensitive personal information.

Source: The Record

January 29, 2025

Frederick Health Medical Group 

Maryland healthcare network forced to shut down IT systems after ransomware attack

Unknown

A ransomware attack on a large healthcare network in Maryland has forced officials to shut off IT systems and cancel some appointments as Frederick Health Medical Group warned that there will be delays in service as it contends with the cyber attack.

Source: The Record

January 30, 2025

The New York Blood Center (NYBC)

Ransomware attack disrupts New York blood donation giant

Unknown

The New York Blood Center (NYBC), one of the world's largest independent blood collection and distribution organisations, said a ransomware attack forced it to reschedule some appointments as it detected the attack after noticing suspicious activity on its IT systems over the weekend, on January 26. The attack came days after NYBC announced a blood emergency after a nearly 30% drop in blood donations that led to 6,500 fewer donations and "crippled the region's blood supply."

Source: Bleeping Computer

January 30, 2025

Tata Technologies 

Indian tech giant Tata Technologies hit by ransomware attack

Unknown

Tata Technologies said it had to suspend some of its IT services following a ransomware attack that impacted the company network. The company said in a notification to India's national stock exchange that the ransomware attack has temporarily affected IT assets that now have been restored. Client delivery services remained fully operational through the cyber attack, though, causing no impact on customer operations.

Source: Bleeping Computer

Date

Victim

Summary

Threat Actor

Business Impact

Source Link

January 05, 2025

Charter and Windstream networks

Chinese hackers breached Charter and Windstream networks 

Salt Typhoon

Chinese hackers have breached the systems of Charter Communications, Consolidated Communications, and Windstream.

Source: Bleeping Computer

January 06, 07 2025

The U.N.’s International Civil Aviation Organization (ICAO)

UN aviation agency 'actively investigating' cybercriminal’s claimed data breach

The threat actor known as “Natohub” on the hacking forum BreachForums-2

The U.N.’s International Civil Aviation Organization (ICAO) announced that it was “actively investigating reports of a potential information security incident” following a criminal claim to have breached the agency. The threat actor known as “Natohub” on the hacking forum BreachForums 2 has compromised 42,000 documents from ICAO containing personal data. According to Natohub, the ICAO personal records include full names, dates of birth, physical and email addresses, phone numbers, and details about the individuals’ education history and employment. The International Civil Aviation Organization (ICAO), a part of the United Nations, confirmed a hack of its recruitment systems involving the compromise of more than 40,000 records containing personal information.

Source: The Record

January 07 and 22, 2025

PowerSchool

PowerSchool hack exposes student, teacher data from K-12 districts

Unknown

PowerSchool has confirmed that the stolen data primarily contains contact details such as names and addresses. However, for some districts, it could also include Social Security numbers (SSNs), personally identifiable information (PII), medical information, and grades. The hacker claimed in an extortion demand that they stole the personal data of 62.4 million students and 9.5 million teachers.

Source: Bleeping Computer

January 07, 2025

American football team Green Bay Packers

Thousands of credit cards stolen in Green Bay Packers store breach

Unknown

American football team Green Bay Packers says cybercriminals stole the credit card data of over 8,500 customers after hacking its official Pro Shop online retail store in a September breach. In breach notification letters sent to affected individuals this week, the National Football League (NFL) team said it immediately disabled all checkout and payment capabilities after being notified on October 23 that the packersproshop.com website was breached. While the letters didn't share the number of impacted customers, the football team said in documents filed with Maine's Attorney General on Monday that the incident affected 8,514 people.

Source: Bleeping Computer

January 07, 2025

Medical billing company Medusind

Medical billing firm Medusind discloses breach affecting 360,000 people

Unknown

​Medusind, a leading billing provider for healthcare organisations, notified hundreds of thousands of individuals of a data breach that exposed their personal and health information more than a year ago, in December 2023. In the Maine filing, the company revealed that the December 2023 breach affected the personal and health information of 360,934 individuals.

Source: Bleeping Computer

January 08, 2025

​BayMark Health Services

Largest US addiction treatment provider notifies patients of data breach

Unknown

​BayMark Health Services, North America's largest provider of substance use disorder (SUD) treatment and recovery services, notified an undisclosed number of patients that attackers stole their personal and health information in a September 2024 breach. In data breach notification letters mailed to affected individuals, BayMark revealed that it learned of the breach on October 11, 2024, following an IT systems disruption. A follow-up investigation revealed that the attackers accessed BayMark's systems between September 24 and October 14.

​Source: Bleeping Computer

January 09, 2025

Russian government land record agency, Rosreestr

Hackers claim breach of Russian property agency, leak personal data

Silent Crow

A hacker group known as Silent Crow has claimed responsibility for breaching Rosreestr, the Russian government agency responsible for managing property and land records. The group, which created a Telegram channel in December, released a portion of a database containing sensitive personal data of Russian citizens, including names, dates of birth, addresses, phone numbers, and insurance account numbers. While Rosreestr has denied the breach, claiming its systems were not compromised, it has launched an investigation into the hackers’ claims. Russian investigative journalists at Agentstvo news reviewed leaked data and confirmed the authenticity of some of the personal details, including matching property addresses.

Data breach attack on Russian land record agency, Rosreestr

January 09, 2025

The Committee on Foreign Investment in the US (CFIUS)

Chinese hackers breached US government office that assesses foreign investments for national security risks

Silk Typhoon

Chinese hackers breached the US government office that reviews foreign investments for national security risks, three US officials familiar with the matter told CNN. The breach was part of a broader incursion by the hackers into the Treasury Department’s unclassified system. The office targeted by the hackers, the Committee on Foreign Investment in the US (CFIUS), in December gained greater authority to scrutinize real estate sales near US military bases.

Source: CNN

January 10, 2025

Telefonica Ticketing System

Infostealer Infections Lead to Telefonica Ticketing System Breach

Hellcat ransomware group

Information stealer malware allowed threat actors to compromise the credentials of multiple Telefonica employees and access the telecommunication giant’s internal ticketing system. The data breach came to light, after members of the Hellcat ransomware group (which previously claimed the attack on Schneider Electric) boasted on the BreachForums cybercrime forum about stealing customer data, ticket data, and thousands of files from the Spain-based telecom company.

Source: Security Week

January 12, 2025

UK domain registry Nominet

UK domain registry Nominet confirms breach via Ivanti zero-day

Unknown

Nominet, the official .UK domain registry and one of the largest country code registries, has confirmed that its network was breached two weeks ago using an Ivanti VPN zero-day vulnerability-CVE-2025-0282.

Source: Bleeping Computer

January 15, 2025

Label giant Avery

Label giant Avery says website hacked to steal credit cards

Unknown

Avery Products Corporation is warning it suffered a data breach after its website was hacked to steal customers' credit cards and personal information. Following an internal investigation by digital forensic experts, it was discovered that threat actors had planted a card skimmer on 'avery.com,' the company's online shop domain, on July 18, 2024. As a result, sensitive payment information customers inputted on Avery's website between July 18, 2024, and December 9, 2024, were exfiltrated to the threat actors.

Source: Bleeping Computer

January 15, 2025

Wolf Haldenstein law firm

Wolf Haldenstein law firm says 3.5 million impacted by data breach

Unknown

Wolf Haldenstein Adler Freeman & Herz LLP ("Wolf Haldenstein") reported that it has suffered a data breach that exposed the personal information of nearly 3.5 million individuals to hackers.

Source: Bleeping Computer

January 17, 2025

Otelier

Otelier data breach exposes info, hotel reservations of millions

Unknown

Hotel management platform Otelier suffered a data breach after threat actors breached its Amazon S3 cloud storage to steal millions of guests' personal information and reservations for well-known hotel brands like Marriott, Hilton, and Hyatt.

Source: Bleeping Computer

January 20, 2025

Hewlett Packard Enterprise (HPE)

HPE investigates breach as hacker claims to steal source code

IntelBroker

Hewlett Packard Enterprise (HPE) investigated claims of a new breach after a threat actor said they stole documents from the company's developer environments. IntelBroker, who announced the sale of information allegedly stolen from HPE's networks, claimed they had access to the company's API, WePay, and (private and public) GitHub repositories for at least two days and stole certificates (private and public keys), Zerto and iLO source code, Docker builds, and old user personal information used for deliveries.

Source: Bleeping Computer

January 26, 2025

TalkTalk

TalkTalk investigating data breach after hacker claims theft of customer data

An individual using the alias “b0nd” 

U.K. telecom giant TalkTalk has confirmed that it is investigating a data breach after a hacker claimed to have stolen the personal information of millions of customers. In a post on a popular cybercrime forum seen by TechCrunch, an individual using the alias “b0nd” claimed to have stolen the personal data of more than 18.8 million current and former TalkTalk subscribers. This data, which the threat actor is offering for sale, supposedly includes customer names, email addresses, IP addresses, phone numbers, and subscriber PINs. TalkTalk spokesperson Liz Holloway confirmed the company is investigating the data breach, but said the 18.8 million figure claimed by the hacker is “wholly inaccurate and very significantly overstated.” 

Source: Tech Crunch

January 28, 2025

Matagorda County’s Emergency Operation Center

Texas county issues disaster declaration following cyber attack

Unknown

Matagorda County’s Emergency Operation Center published a statement warning that a cybersecurity breach had been discovered “involving a virus that has affected several internal systems.” Matagorda County Judge Bobby Seiferman issued a declaration of disaster based on the security breach.

Source: The Record

January 28, 2025

CenterPoint Energy

Texas utility firm investigating potential leak of customer data tied to 2023 MOVEit breach

Cl0p ransomware (MOVEit)

CenterPoint Energy confirmed it is investigating reports of stolen customer data that has been published on a cybercriminal forum after it was allegedly taken during a 2023 breach. CenterPoint Energy said that it is aware of reports that customer data has been leaked after researchers uncovered a cybercriminal forum post with the information.

Source: The Record

January 30, 2025

South African Weather Service (SAWS)

South Africa’s government-run weather service knocked offline by cyber attack

Unknown

A cyber attack has forced the government-run South African Weather Service (SAWS) offline, limiting access to a critical service used by the country’s airlines, farmers and allies. SAWS said its Information and Communication Technology (ICT) systems went down “following a security breach by criminal elements.”

Source: The Record

January 30, 2025

Insurance giant Globe Life

Globe Life data breach may impact an additional 850,000 clients

Unknown

Insurance giant Globe Life finished the investigation into the data breach it suffered last June and says that the incident may have impacted an additional 850,000 customers. On June 13, 2024, the company discovered during a security review of its networks that it had been compromised by hackers who had gained unauthorised access to one of its web portals.

Source: Bleeping Computer

January 30, 2025

Mizuno USA

Mizuno USA says hackers stayed in its network for two months

BianLian ransomware

​Mizuno USA, a subsidiary of Mizuno Corporation, one of the world's largest sporting goods manufacturers, confirmed in data breach notification letters that unknown attackers stole files from its network between August and October 2024. The information contained in the stolen files varies by impacted individual, and it may include the name, Social Security number, financial account information, driver's license information, and passport number.

Source: Bleeping Computer

January 30, 2025

Community Health Center (CHC) USA

US healthcare provider data breach impacts 1 million patients

Unknown

Community Health Center (CHC), a leading Connecticut healthcare provider, is notifying over 1 million patients of a data breach that impacted their personal and health data. CHC said in filing with Maine's attorney general that unknown attackers gained access to its network in mid-October 2024, a breach discovered more than two months later, on January 2, 2025 as the threat actors stole files containing patients' personal and health information belonging to 1,060,936 individuals.

Source: Bleeping Computer

Date

Victim

Summary

Threat Actor

Business Impact

Source Link 

January 05, 2025

Argentina’s airport security police (PSA)

Hackers reportedly compromise Argentina’s airport security payroll system

Unknown

Argentina’s airport security police (PSA) have fallen victim to a cyber attack that reportedly compromised the personal and financial data of its officers and civilian personnel. The threat actor gained access to PSA’s payroll records and deducted small amounts of money from employees' salaries as the hacker listed these fraudulent deductions — ranging from 2,000 to 5,000 pesos ($100 to $245) — under false labels, such as “DD mayor” and “DD seguros.”

Source: The Record

January 05, 2025

South Portland Public Schools in Maine and Rutherford County Schools

Cyber attacks hit Maine, Tennessee school districts 

Unknown

At least two U.S. school districts (South Portland Public Schools in Maine and Rutherford County Schools) suffered from cyber attacks over the Christmas and New Years holidays, continuing an annual trend of hackers targeting K-12 schools and colleges during periods when IT staffing is at its lowest. South Portland Public Schools in Maine said it was forced to take its network down after a cyber attack was discovered, and Rutherford County Schools said on December 27 that it had been dealing with a “network and systems disruption” since November 25.

Source: The Record

January 07, 2025

Russian internet provider Nodex

Russian internet provider confirms its network was ‘destroyed’ following attack claimed by Ukrainian hackers

Ukrainian Cyber Alliance

Russian internet provider Nodex reported that its network had been ruined in a cyber attack, which it suspects originated from Ukraine. The company said the “planned” attack “destroyed” its infrastructure overnight as it added that it was working to restore systems from backups but could not provide a timeline for when operations would fully resume. 

Source: The Record

January 08, 2025

Winston-Salem, North Carolina

Some Winston-Salem city services knocked offline by cyber attack

Unknown

Winston-Salem, North Carolina, residents are not able to pay their utility bills online after a post-Christmas cyber attack knocked the city’s systems offline. City officials initially announced a cyber attack on December 30, telling residents that they discovered issues with their digital platforms one day after Christmas. The city said that out of an abundance of caution, certain city computer systems had been taken offline. 

Source: The Record

January 09, 2025

Office of Geodesy Cartography and Cadastre of the Slovak Republic (UGKK)

Slovakia Hit by Historic Cyber-Attack on Land Registry

A large-scale cyber-attack originating from outside Slovakia’s borders has hit the information system of the Office of Geodesy, Cartography and Cadastre of the Slovak Republic (UGKK). All systems have been shut down as a response to the incident.

Slovakia Land Registry (UGKK) cyber attack

January 09, 2025

Cannabis company Stiiizy

Cannabis company Stiiizy says hackers accessed customers’ ID documents

Everest ransomware group

Popular Los Angeles-based cannabis brand Stiiizy has confirmed that hackers accessed reams of sensitive customer data, including government-issued documents and medical cannabis cards, during a November cyber attack.

Stiiizy ransomware attack

January 22, 2025

Conduent

Conduent confirms cyber attack after government agencies report outages

Unknown

Conduent has confirmed suffering disruptions due to a cyber attack after government agencies in multiple US states reported service outages. The Department of Children and Families in Wisconsin said that the incident impacted payments. Oklahoma Human Services also reported that a Conduent customer service line had been experiencing a technical outage.

Conduent cyber attack

January 23, 2025

Phemex

Hackers steal $85 million worth of cryptocurrency from Phemex

Unknown

The Phemex crypto exchange suffered a massive security breach where threat actors stole over $85 million worth of cryptocurrency. Following the cyberattack, the cryptocurrency exchange immediately suspended deposits and withdrawals and published proof of reserves for transparency. According to Phemex's CEO, Federico Variola, the incident only impacted hot wallets while cold wallets remained safe.

Source: Bleeping Computer

January 27, 2025

DeepSeek

DeepSeek halts new signups amid "large-scale" cyber attack

Unknown

Chinese AI platform DeepSeek has disabled registrations on its DeepSeek-V3 chat platform due to an ongoing "large-scale" cyber attack targeting its services.

Source: Bleeping Computer

January 28, 2025

UK engineering firm Smiths Group

UK engineering firm Smiths Group hit by cyber attack

Unknown

British engineering firm Smiths Group said it is managing a cybersecurity incident that involved unauthorised access to its systems, and sent its shares down as much as 2.3% in early trade.

Source: Reuters

New Ransomware

Summary

FunkSec ransomware

Researchers have uncovered a new ransomware group that has claimed over 80 victims in just one month - more than any other threat actor in December.

FireScam malware

A new Android malware named ‘FireScam’ is being distributed as a premium version of the Telegram app via phishing websites on GitHub that mimick the RuStore, Russia's app market for mobile devices.

Eagerbee malware

New variants of the Eagerbee malware framework are being deployed against government organisations and internet service providers (ISPs) in the Middle East.

A new Mirai-based botnet 

A relatively new Mirai-based botnet has been growing in sophistication and is now leveraging zero-day exploits for security flaws in industrial routers and smart home devices.

Date

New Flaws/Fixes

Summary

January 07, 2025

CVE-2024-41713, CVE-2020-2883, CVE-2024-55550

CISA has warned U.S. federal agencies to secure their systems against critical vulnerabilities in Oracle WebLogic Server and Mitel MiCollab systems that are actively exploited in attacks. 

January 08, 2025

CVE-2024-52875

Hackers are trying to exploit CVE-2024-52875, a critical CRLF injection vulnerability that leads to 1-click remote code execution (RCE) attacks in GFI KerioControl firewall products.

January 08, 2025

CVE-2024-53704

SonicWall is emailing customers urging them to upgrade their firewall's SonicOS firmware to patch an authentication bypass vulnerability in SSL VPN and SSH management that is "susceptible to actual exploitation." 

January 09, 2025

CVE-2024-9138, CVE-2024-9140

Industrial networking and communications provider Moxa is warning of a high-severity and a critical vulnerability that impacts various models of its cellular routers, secure routers, and network security appliances. 

January 09, 2025

CVE-2025-0282 and CVE-2025-0283

IT software vendor Ivanti said that multiple customers have been affected by a new vulnerability being exploited by hackers. The bugs affect the company’s Connect Secure, Policy Secure and ZTA Gateways products - all of which are used widely across local and federal government agencies in the U.S. as well as internationally.

January 11, 2025

CVE-2024-49113

A deceptive proof-of-concept (PoC) exploit for CVE-2024-49113 (aka "LDAPNightmare") on GitHub infects users with infostealer malware that exfiltrates sensitive data to an external FTP server.

January 23, 2025

CVE-2024-12084, CVE-2024-12085, CVE-2024-12086, CVE-2024-12087, CVE-2024-12088, and CVE-2024-12747 

QNAP has fixed six rsync vulnerabilities that could let attackers gain remote code execution on unpatched Network Attached Storage (NAS) devices.

January 27, 2025

CVE-2025-24085

​Apple has released security updates to fix this year's first zero-day vulnerability, tagged as actively exploited in attacks targeting iPhone users. 

January 28, 2025

CVE-2024-57726, CVE-2024-57727, and CVE-2024-57728

Hackers are believed to be exploiting recently fixed SimpleHelp Remote Monitoring and Management (RMM) software vulnerabilities to gain initial access to target networks. 

January 28, 2025

CVE-2024-55417, CVE-2024-55416, CVE-2024-55415

Three vulnerabilities discovered in the open-source PHP package Voyager for managing Laravel applications could be used for remote code execution attacks. 

January 29, 2025

CVE-2024-40891

Hackers are exploiting a critical command injection vulnerability in Zyxel CPE Series devices that is currently tracked as CVE-2024-40891 and remains unpatched since last July.

January 29, 2025

CVE-2024-41710

A new variant of the Mirai-based botnet malware Aquabot has been observed actively exploiting CVE-2024-41710, a command injection vulnerability in Mitel SIP phones.

News Type

Summary

Report

The government of Rhode Island said the hackers behind a recent ransomware attack on several of the state’s digital platforms have leaked some of the data that was stolen from the platform last month.

Report

​The U.S. Treasury Department has sanctioned Beijing-based cybersecurity company Integrity Tech for its involvement in cyber attacks attributed to the Chinese state-sponsored Flax Typhoon hacking group.

Report

A Beijing-based cybersecurity company, Integrity Technology Group, has been sanctioned by the U.S. for its role in facilitating attacks conducted by a state-sponsored hacking group known for targeting critical infrastructure.

Report

A California man has sued three banks for alleged “willful blindness” in allowing criminals to open accounts used to steal nearly $1 million from him in a cryptocurrency investment scam. In his suit filed in the Central District of California on December 31, Liem accuses the financial institutions - Hong Kong-based Chong Hing Bank Limited and Fubon Bank Limited, as well as Singapore-based DBS Bank, which has a Los Angeles branch - of failing to conduct Know Your Customer anti-money laundering checks as required by the Bank Secrecy Act.

Report

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) said that the Treasury Department breach disclosed last week did not impact other federal agencies.

Report

Washington state has sued T-Mobile over failing to secure the sensitive personal information of over 2 million Washington residents in a 2021 data breach.

Report

Telegram revealed that the communications platform has fulfilled 900 U.S. government requests, sharing the phone number or IP address information of 2,253 users with law enforcement.

Report

Over 4,000 abandoned but still active web backdoors were hijacked and their communication infrastructure sinkholed after researchers registered expired domains used for commanding them.

Warning

CrowdStrike warned that a phishing campaign is impersonating the cybersecurity company in fake job offer emails to trick targets into infecting themselves with a Monero cryptocurrency miner (XMRig).

Report

Proton, which provides privacy-focused online services, said that a worldwide outage was caused by an ongoing infrastructure migration to Kubernetes and a software change that triggered an initial load spike. Proton users reported that they couldn't connect to their Proton VPN, Proton Mail, Proton Calendar, Proton Drive, Proton Pass, and Proton Wallet accounts.

Report

The U.S. Department of Justice indicted three operators of sanctioned Blender.io and Sinbad.io crypto mixer services used by ransomware gangs and North Korean hackers to launder ransoms and stolen cryptocurrency.

Report

Threat actors are employing a new tactic called "transaction simulation spoofing" to steal crypto, with one attack successfully stealing 143.45 Ethereum, worth approximately $460,000.

Report

A pastor at a Pasco, Washington, church has been indicted on 26 counts of fraud for allegedly operating a cryptocurrency scam that defrauded investors of millions between 2021 and 2023.

Report

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has sanctioned Yin Kecheng, a Shanghai-based hacker for his role in the recent Treasury breach and a company associated with the Salt Typhoon threat group.

Report

Russian nation-state actor Star Blizzard has been running a new spear-phishing campaign to compromise WhatsApp accounts of targets in government, diplomacy, defense policy, international relations, and Ukraine aid organizations.

Report

Ransomware gangs are increasingly adopting email bombing followed by posing as tech support in Microsoft Teams calls to trick employees into allowing remote control and installing malware that provides access to the company network.

Report

Hackers are once again abusing Google ads to spread malware, using a fake Homebrew website to infect Macs and Linux devices with an infostealer that steals credentials, browser data, and cryptocurrency wallets.

Warning

Cloudflare mitigated a record-breaking 5.6Tbps DDoS attack as security experts have warned of an increase in hyper-volumetric DDoS attacks designed to overwhelm networks, after revealing the largest such effort to date peaked at 5.6 Terabits per second (Tbps).

Report

Hackers are distributing close to 1,000 web pages mimicking Reddit and the WeTransfer file sharing service that lead to downloading the Lumma Stealer malware.

Report

Security researchers have discovered an arbitrary account takeover flaw in Subaru's Starlink service that could let attackers track, control, and hijack vehicles in the United States, Canada, and Japan using just a license plate.

Report

New York State has announced a $2,000,000 settlement with PayPal over charges it failed to comply with the state's cybersecurity regulations, leading to a 2022 data breach.

Report

UnitedHealth has revealed that 190 million Americans had their personal and healthcare data stolen in the Change Healthcare ransomware attack, nearly doubling the previously disclosed figure.

Report 

The European Union sanctioned three hackers, part of Unit 29155 of Russia's military intelligence service (GRU), for their involvement in cyberattacks targeting Estonia's government agencies in 2020.

Report

Microsoft reminded Microsoft 365 admins that its new brand impersonation protection feature for Teams Chat will be available for all customers by mid-February 2025.

Report

MGM Resorts International agreed to pay $45 million to settle multiple class action lawsuits related to a data breach in 2019 and a ransomware attack the company experienced in 2023.

Report

A team of security researchers has disclosed new side-channel vulnerabilities in modern Apple processors that could steal sensitive information from web browsers.

Report

​Law enforcement authorities in the United States and the Netherlands have seized 39 domains and associated servers used by the HeartSender phishing gang operating out of Pakistan.