Parents and teachers have personal info, ID documents leaked online, but exam season mostly unaffected Scotland's West Lothian Council has confirmed that data was stolen from its education network after the Interlock ransomware group claimed responsibility for the intrusion earlier this month.... [...]
Critical vulnerabilities in Versa Concerto that are still unpatched could allow remote attackers to bypass authentication and execute arbitrary code on affected systems. [...]
A critical Samlify authentication bypass vulnerability has been discovered that allows attackers to impersonate admin users by injecting unsigned malicious assertions into legitimately signed SAML responses. [...]
The 19-year-old and a partner first tried to extort an unnamed telco, but failed A 19-year-old student has agreed to plead guilty to hacking into the systems of two companies as part of an extortion scheme, and The Register has learned that one of the targets was PowerSchool.... [...]
A Russian state-sponsored cyberespionage campaign attributed to APT28 (Fancy Bear/Forest Blizzard) hackers has been targeting and compromising international organizations since 2022 to disrupt aid efforts to Ukraine. [...]
Signal Messenger is warning the users of its Windows Desktop version that the privacy of their messages is under threat by Recall, the AI tool rolling out in Windows 11 that will screenshot, index, and store almost everything a user does every three seconds. Effective immediately, Signal for Windows …
Their connection? Aiding Ukraine, duh Russian cyberspies have targeted "dozens" of Western and NATO-country logistics providers, tech companies, and government orgs providing transport and foreign assistance to Ukraine, according to a joint government announcement issued Wednesday.... [...]
Credit card theft losses in 2023 alone totaled $36.5M International cops working with Microsoft have shut down infrastructure and seized web domains used to run a distribution service for info-stealing malware Lumma. Criminals paid $250 to $1,000 a month to get access to the infostealer.... [...]
Bribed support staff identified, fired Coinbase says the data of nearly 70,000 customers was handed over by overseas support staff who were bribed by criminals to give up the goods.... [...]
A 3AM ransomware affiliate is conducting highly targeted attacks using email bombing and spoofed IT support calls to socially engineer employees into giving credentials for remote access to corporate systems. [...]
Welcome to the first Cloud CISO Perspectives for May 2025. Today, Iain Mulholland, senior director, Security Engineering, pulls back the curtain on how Google Cloud approaches security engineering and how we take secure by design from mindset to production. As with all Cloud CISO Perspectives, the contents of this …
Earlier this month, a coordinated disruption action targeting the Lumma malware-as-a-service (MaaS) information stealer operation seized thousands of domains, part of its infrastructure backbone worldwide. [...]
CS remains hopeful damages will be limited to seven figures CrowdStrike is "confident" that the worst-case scenario of its pending lawsuit with Delta will result in it paying the airline a sum in the "single-digit millions."... [...]
A Google Chrome Web Store campaign uses over 100 malicious browser extensions that mimic legitimate tools, such as VPNs, AI assistants, and crypto utilities, to steal browser cookies and execute remote scripts secretly. [...]
From air-gapped bunkers to partner-run platforms, sovereignty is suddenly in vogue Google has updated its sovereign cloud services, including an air-gapped solution for customers with strict data security and residency requirements, as customers grow uneasy over US digital dominance.... [...]
Patching is basic cyber hygiene — but executing it at scale, securely, and fast? That's the real challenge. ThreatLocker's Patch Management flips the script with control, visibility, and Zero Trust workflows built for today's threat landscape. [...]
In practice, it'll cost many times that and almost certainly won't work In a White House press conference on Tuesday President Trump announced his plans for a defensive network of missiles, radar, space surveillance, and attack satellites that he promised would protect America.... [...]
The European Union has imposed strict sanctions against web-hosting provider Stark Industries and the two individuals running it, CEO Iurie Neculiti and owner Ivan Neculiti, for enabling "destabilising activities" against the Union. [...]
Kettering Health, a healthcare network that operates 14 medical centers in Ohio, was forced to cancel inpatient and outpatient procedures following a cyberattack that caused a system-wide technology outage. [...]
I already knew about the declining response rate for polls and surveys. The percentage of AI bots that respond to surveys is also increasing. Solutions are hard: 1. Make surveys less boring. We need to move past bland, grid-filled surveys and start designing experiences people actually want to complete …
British retailer giant Marks & Spencer (M&S) is bracing for a potential profit hit of up to £300 million £300 million ($402 million) following a recent cyberattack that led to widespread operational and sales disruptions. [...]
Coinbase, a cryptocurrency exchange with over 100 million customers, revealed that a recent data breach in which cybercriminals stole customer and corporate data affected 69,461 individuals [...]
Downtime stings retailer, with technical recovery costs coming at a later date Marks & Spencer says the disruption related to its ongoing cyberattack is likely to knock around £300 million ($402 million) off its operating profits for the next financial year (2025/26).... [...]
After 60 years+ cooperation on space and military ops, worrying 'rhetoric' from Team Trump has Brits examining options The current rhetoric coming from the US is "alarming" for the UK, which depends on a continuation of their long-standing co-operation around space and military tech for the future, the UK's …
Like most organizations, Google Cloud is continually engaging with customers, partners, and policymakers to deliver technology capabilities that reflect their needs. When it comes to digital sovereignty solutions, Google Cloud has worked with customers for nearly a decade. Today, we’re pleased to announce significant technical and commercial updates …
Crew ain't done hopping sectors, Unit 42 threat hunter warns interview Scattered Spider snared financial services organizations in its web before its recent spate of retail attacks in the UK and US, according to Palo Alto Networks' Unit 42.... [...]
How to prove your identity after your account gets hacked and how to improve security for the future Phone lost or stolen? Practical steps to restore peace of mind UK passport lost or stolen? Here are the steps you need to take Your Facebook or Instagram account can be …
Nothing like insecure code in security suites The "ongoing exploitation" of two Ivanti bugs has now extended beyond on-premises environments and hit customers' cloud instances, according to security shop Wiz.... [...]
A 19-year-old college student from Worcester, Massachusetts, has agreed to plead guilty to a massive cyberattack on PowerSchool that extorted millions of dollars in exchange for not leaking the personal data of millions of students and teachers. [...]
KrebsOnSecurity last week was hit by a near record distributed denial-of-service (DDoS) attack that clocked in at more than 6.3 terabits of data per second (a terabit is one trillion bits of data). The brief attack appears to have been a test run for a massive new Internet …
Wisconsin wireless provider Cellcom has confirmed that a cyberattack is responsible for the widespread service outage and disruptions that began on the evening of May 14, 2025. [...]
A critical privilege escalation vulnerability has been discovered in the premium WordPress theme Motors, which allows unauthenticated attackers to hijack administrator accounts and take complete control of websites. [...]
The VanHelsing ransomware-as-a-service operation published the source code for its affiliate panel, data leak blog, and Windows encryptor builder after an old developer tried to sell it on the RAMP cybercrime forum. [...]
Microsoft is updating Windows 11 with a set of new encryption algorithms that can withstand future attacks from quantum computers in a move aimed at jump-starting what’s likely to be the most formidable and important technology transition in modern history. Computers that are based on the physics of …
SK Telecom says that a recently disclosed cybersecurity incident in April, first occurred all the way back in 2022, ultimately exposing the USIM data of 27 million subscribers. [...]
Triaging and quickly responding to security events is important to minimize impact within an AWS environment. Acting in a standardized manner is equally important when it comes to capturing forensic evidence and quarantining resources. By implementing automated solutions, you can respond to security events quickly and in a repeatable …
Update before that proof-of-concept comes to bite Security researchers are sounding the alarm over a fresh flaw in the JavaScript implementation of OpenPGP (OpenPGP.js) that allows both signed and encrypted messages to be spoofed.... [...]
A threat actor named 'Hazy Hawk' has been using DNS CNAME hijacking to hijack abandoned cloud endpoints of domains belonging to trusted organizations and incorporate them in large-scale scam delivery and traffic distribution systems (TDS). [...]
The official website for the RVTools VMware management tool was taken offline in what appears to be a supply chain attack that distributed a trojanized installer to drop the Bumblebee malware loader on users' machines. [...]
Service desks are on the front lines of defense—and attackers know it. Attackers are using social engineering attacks to trick agents into changing passwords, disabling MFA, and granting access. Learn more from Specops Software on how to secure your service desk. [...]
Peter Green Chilled supplies all the major UK chains It's more bad news for UK supermarkets with chilled and frozen food distribution business Peter Green Chilled confirming a ransomware attack with customers.... [...]
A DoorDash driver stole over $2.5 million over several months: The driver, Sayee Chaitainya Reddy Devagiri, placed expensive orders from a fraudulent customer account in the DoorDash app. Then, using DoorDash employee credentials, he manually assigned the orders to driver accounts he and the others involved had created …
Researcher finds VoLTE metadata could be used to locate users within 100 meters UK telco Virgin Media O2 has fixed an issue with its 4G Calling feature that allowed users' general location to be discerned by those who called them.... [...]
Brain drain, budget cuts, constant cyberthreats - who wouldn't want this job? The US Cybersecurity and Infrastructure Security Agency (CISA) has a new No. 2: Madhu Gottumukkala, stepping in as the nation's lead civilian cyber agency faces budget cuts, a brain drain, and the never-ending task of defending critical infrastructure …
Threat actors have been distributing trojanized versions of the KeePass password manager for at least eight months to install Cobalt Strike beacons, steal credentials, and ultimately, deploy ransomware on the breached network. [...]
A flaw in O2 UK's implementation of VoLTE and WiFi Calling technologies could allow anyone to expose the general location of a person and other identifiers by calling the target. [...]
Proving yet again that crims are bad at search hygiene An Alabama man who SIM-swapped his way into the SEC's official X account, enabling a fake ETF announcement that briefly pumped Bitcoin, has been sentenced to 14 months in prison and three years of supervised release.... [...]
Arla Foods has confirmed to BleepingComputer that it was targeted by a cyberattack that has disrupted its production operations. [...]
The United Kingdom's Legal Aid Agency (LAA) has confirmed that a recent cyberattack is more serious than first believed, with hackers stealing a large trove of sensitive applicant data in a data breach. [...]
Mozilla released emergency security updates to address two Firefox zero-day vulnerabilities demonstrated in the recent Pwn2Own Berlin 2025 hacking competition. [...]