Editor's Message

Welcome to DBD. 2024 was a tough year for me personally, and I'd like to thank every one of you who has supported me - you have been my light in times of darkness. 2024 saw the highest number of ransomware attacks on record, and there's no sign of these attacks slowing down as we head into the new year. Ransomware is a BIG problem that is NOT going away anytime soon, and this year could be just as catastrophic, if not worse, as cyber criminals continue to extort their victims with very little chance of being brought to justice. Wishing you all the very best for 2025. Stay safe. :)


“Data Breaches Digest and its PRiSM portal provide Dentons Global Security Team with valuable insights into the ransomware landscape, from the latest incidents to trends over time, as well as the ability to customize visual analytics. Timely reports and tracking by Data Breaches Digest help inform cyber intelligence for the world’s largest law firm and thus our cybersecurity posture across more than 80 countries worldwide.”
Dentons Senior Analyst, Washington DC



Monday, 9 December 2024

Data Breaches Digest - Week 50 2024

Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 9th December and 15th December 2024.


15th December

Alleged Data Breach at Fédération Française de Football (FFF) Exposes Sensitive Information

Alleged Data Breach at Meat Expert Forum Exposes User Information

Alleged Data Breach at NivteIndia.in Exposes Sensitive User Information

Alleged Data Breach at University of Georgia Exposes Sensitive Information

Alleged Data Breach in Shandong Exposes Courier and Engineering Personnel Database

Alleged Leak of 5 Billion URL Login Credentials Raises Serious Security Concerns

Clop ransomware claims responsibility for Cleo data theft attacks

Cyberattack in Rhode Island: Sensitive data breach, hackers demand ransom

Exploring Cyber-Darkness: How Moscow Undermines The West Via The Dark Web

NotLockBit ransomware targets Apple users with advanced file-locking and data exfiltration

Organizations should improve employee-wide cybersecurity awareness

Prevention techniques for top 10 common cyberattacks

Ransomware defenses are being weakened by outdated backup technology, limited backup data encryption, and failed data backups

Rhode Island Benefits Portal Hit by Ransomware Attack

Rhode Island hit by data breach as hackers demand ransom

Serbian police used Cellebrite to unlock, then plant spyware on, a journalist’s phone

Winnti hackers target other threat actors with new Glutton PHP backdoor

14th December

390,000 WordPress accounts stolen from hackers in supply chain attack

Alleged Data Breach at Indonesia’s Ministry of Transportation Exposes Sensitive Documents

Alleged Data Breach Exposes Company Address Database in China

Alleged Leak of Large User Login Database Raises Online Security Concerns

Alleged Leak of ViennaLife Development Server Source Code Raises Security Concerns

Alleged Sale of Spoof-Enabled VPS and Dedicated Servers Raises Security Concerns

CISA Warns of Cleo 0-Day Vulnerability Exploited by Ransomware Gangs

Cyber attack may affect personal information of thousands of Rhode Islanders

Germany Disrupts BADBOX Malware on 30,000 Devices Using Sinkhole Action

Hackers claim they've obtained 17 million patient records at PIH Health hospitals, report says

Hackers steal 390,000 WordPress credentials from other hackers

Microsoft Users Alerted to Increased Cyber Attack Risks

Nigeria’s ‘Hustle Kingdom’ Trains Future Generations Of Cybercriminals

Rhode Island says personal data likely breached in social services cyberattack

Rhode Island Suffers Data Breach in Health System Cyberattack, Personal Information at Risk

Singapore Police warn public on PayNow phishing website and scam SMS ‘alert’ on certificate expiry

Thai Officials Targeted in Yokai Backdoor Campaign Using DLL Side-Loading Techniques

Top Highlights of the Year 2024 from a Cybersecurity Perspective

Vietnam hit 3rd hardest in SE Asia with 40K+ financial phishing attacks

13th December

94% of U.K. Businesses Aren’t Adequately Prepared for AI-Driven Phishing Scams

2024 Sees Sharp Increase in Microsoft Tool Exploits

58,000 Bitcoin ATM Users Exposed In Byte Federal Data Breach

390,000+ WordPress Credentials Stolen via Malicious GitHub Repository Hosting PoC Exploits

Akira and RansomHub Surge as Ransomware Claims Reach All-Time High

Alleged Data Breach at CREFSP Exposes Full Database in São Paulo

Alleged Data Breach at HGS Exposes Sensitive Customer Information in Turkey

Alleged Data Breach at Northern.ac.th Exposes Sensitive User Information

Australian IT Pros Urged to Guard Against Chinese Cybersecurity Threats

Auto parts giant LKQ says cyberattack disrupted Canadian business unit

Bitcoin ATM Giant Byte Federal Hit by Hackers, 58,000 Users Impacted

Byte Federal says hackers stole the data of 58,000 customers from its systems

Canadian Eyecare Firm Care1 Exposes 2.2TB of Patient Records

CISA confirms critical Cleo bug exploitation in ransomware attacks

CISA warns of ransomware gangs exploiting Cleo, CyberPanel bugs

CISA warns water facilities to secure Human Machine Interface (HMI) systems exposed online

CISOs need to consider the personal risks associated with their role

Citrix shares mitigations for ongoing Netscaler password spray attacks

Cleo urges customers to ‘immediately’ apply new patch as researchers discover new malware

Critical OpenWrt Vulnerability Exposes Devices to Malicious Firmware Injection

Cybercrime platform selling PII busted by law enforcement, admins face 40+ years behind bars

Cyberint’s 2024 Report Highlights Surge in Credential Theft and Rise of AI-Powered Phishing

Department of Justice (DoJ) Indicts 14 North Koreans for $88M IT Worker Fraud Scheme Over Six Years

FBI Busts Rydox Marketplace with 7,600 PII Sales, Cryptocurrency Worth $225K Seized

Federal Trade Commission (FTC) warns of online task job scams hooking victims like gambling

Germany cuts hacker access to 30,000 devices infected with BadBox malware

Germany sinkholes BadBox malware pre-loaded on Android devices

Hacker Uses Info-Stealer Against Security Pros, Other Bad Actors

Inmediata Health Group settles for $250,000 over HIPAA violations in data breach

Internet of Things (IoT) infected with pre-installed malware: Germany blocks 30K devices

Iran-Linked IOCONTROL Malware Targets SCADA and Linux-Based IoT Platforms

ISC2 Survey Reveals Critical Gaps in Cybersecurity Leadership Skills

Japanese game and anime publisher reportedly pays $3 million ransom to Russia-linked hackers

Ledger Wallet User Falls Victim to Phishing, Loses 10 BTC

Massive data leak might have exposed locations of millions of Muslims online

Massive parking app data breach - how to see if you qualify for part of $32.8 million settlement

Medway Community Healthcare: No NHS data breach after suspicious IT activity

Microsoft Recall’s “sensitive information” filter failing to recognize credit card numbers

New BoneSpy, PlainGnome Android spyware deployed by Gamaredon

New Linux Rootkit PUMAKIT Uses Advanced Stealth Techniques to Evade Detection

Nigerian Cyber Criminal Extradited to Nebraska for Multi-Million Dollar Fraud Scheme

Quarter of a million exposed in US credit union digital heist

Researchers Discover Malware Used by Nation-Sates to Attack Industrial Systems

Rhode Island says personal information potentially stolen in RIBridges data breach

Rhode Island state government hit by major cyberattack

Rhysida group claims a major ransomware attack on Rutherford County Schools District

Russian cyberspies target Android users with new spyware

SAP systems increasingly targeted by cyber attackers

Sophisticated Phishing Campaign Attempts to Bypass Secure Email Gateways (SEGs)

South Carolina credit union says 240,000 impacted by recent cyberattack

SRP Federal Credit Union Announces Data Breach Impacting Over 240k People

Starbucks, Supermarkets Targeted in Ransomware Attack

Tackling software vulnerabilities with smarter developer strategies

Texas Attorney General launches investigation into 15 tech companies for violating child privacy law

The City of Athens races to get over $700,000 back from a sophisticated cyber attack

The Role of Blockchain and Smart Contracts in Securing Digital Transactions

Three arrested in Kosovo for operating Rydox cybercriminal marketplace

UnitedHealth’s Optum left an AI chatbot, used by employees to ask questions about claims, exposed to the internet

US Offers $10 Million Reward for Chinese Hacker Wanted for Cyberattacks

US Uncovers North Korean IT Worker Fraud, Offers $5M Bounty

Vulnerabilities found in crypto platforms Dogecoin, Lightning Network, and Proton Wallet

Young Life Announces Data Breach Affecting Employees and Volunteers

12th December

$10 Million Reward Announced for Chinese Hacker Behind Global Firewall Attacks

27 DDoS-for hire platforms seized by law enforcement

70% of cybersecurity leaders influenced by personal liability concerns

A ransomware attack struck Romanian energy provider Electrica

Alleged Data Breach at Breitling.com Exposes Sensitive Customer Information

Alleged Data Breach at Edemporium.uk Exposes Sensitive User Information

Alleged Data Breach at Escursi.com Exposes Sensitive Customer Information

Alleged Data Breach at MyWebSport.com Exposes Sensitive User Information

Alleged Data Breach at PharmaWebCanada Exposes Sensitive Customer Information

Alleged Data Breach at SENATI Exposes Historical Ticketing System Data

Alleged Data Leak in India Exposes Information Across 1,500 Categories

Alleged Leak of 5 Million Private URL Logs Raises Online Security Concerns

Alleged Leak of Comprehensive National Database in Brazil Raises Privacy Concerns

Almost 30K Sabre employees’ data compromised in ransomware attack

Another pastor charged with crypto fraud after setting up marketing scheme worth $5.9M

Artivion heart surgery device maker suffers a ransomware attack

Authorities Shut Down 27 DDoS-for-Hire Platforms, Arrest 3 Admins

BeReal hit with privacy complaint over how it asks EU users to agree to tracking

Bitcoin ATM firm Byte Federal hacked via GitLab flaw, 58K users exposed

Bitcoin ATM Giant Byte Federal Reports Data Breach Affecting 58,000 Users

Bitcoin ATM giant Byte Federal says 58,000 users’ personal data compromised in breach

Bitcoin ATM Giant Byte Federal Suffers Data Breach: 58,000 Users Affected

Bitcoin ATM operator Byte Federal hit by data breach, 58,000 exposed

Bitcoin ATM Operator Byte Federal Reports Data Breach Affecting 58,000 Customers

Bitcoin ATM Operator Byte Federal Reports Data Breach Affecting 58,000 Users

Bitcoin ATM Operator Byte Federal Says 58K Users Were Affected by Massive Data Breach

Byte Federal’s bitter bite: thousands of crypto ATM users’ data exposed

Charity Scams During the Holidays: How to Verify Legitimate Charities

China-based hacker accused of deploying malware to exploit global firewall devices

Chinese Hacker Sanctioned by US Government for Severe Critical Infrastructure Breach

Cleo patches critical zero-day exploited in data theft attacks

Cleo patches zero-day exploited by ransomware gang

Countering the security threat from within

Cyber attack forces medical devices maker Artivion to take systems offline

Cyber attack on Center for Vein Restoration impacted close to 450,000 patients

Cyber risk to intensify in 2025 as attackers switch tactics

Data Breach: Bitcoin ATM Operator, Byte Federal Reports 58,000 Users Personal Data Compromised

Data breach at Center for Vein Restoration compromises sensitive medical records of 445,000 individuals

Delhi Police suffers sixth cyber attack in 15 months

Department of Justice (DOJ) indicts 14 North Koreans who fraudulently earned $88 million working for US firms

Dogecoin flaw exploited by hacker, crashes 69% of nodes

Dogecoin Flaw Exploited, Hacker Crashes 69% of Active Nodes

El Salvador’s cyber laws threaten media freedom and privacy, human rights experts warn

Electrica Group compromise pinned on Lynx ransomware gang

Europol Dismantles 27 DDoS Attack Platforms Across 15 Nations; Admins Arrested

Experts discovered surveillance tool EagleMsgSpy used by Chinese law enforcement

Firefox ditches “Do Not Track” option after admitting that it didn’t work anyway

First responders are embracing AI amid cybersecurity concerns

For Russian spies, existing cybercrime tools become avenues into Ukrainian military devices

Freight forward: How to safeguard your business from phishing, smishing and quishing

Funksec ransomware gang allegedly targets pair of Aussie companies

Gamaredon Deploys Android Spyware "BoneSpy" and "PlainGnome" in Former Soviet States

Hacker Exploits Dogecoin Vulnerability, Crashes 69% of Network Nodes

Hacker Exploits Dogecoin Vulnerability, Crashes 69% Of Nodes - But DOGE Still Spikes 1.8%

Hacker Exploits Vulnerability in Dogecoin: What’s the Big Deal?

Hacker Exposes $DOGE Flaw, Puts the Network at Risk

Half a million medical patients just had their addresses, dates of birth, SSNs and more stolen by hackers — how to stay safe

Has Arun Estates suffered a cyber attack?

Insurance Worker Sentenced After Illegally Accessing Claimants’ Data

Is Dogecoin at Risk? Hacker Revealed Critical Vulnerability

Japanese publisher Kadokawa paid $3 million to Russia-linked hacker group after cyberattack

Japanese publisher paid $3 million to hacker group after cyberattack

Krispy Kreme cybersecurity incident disrupts online ordering

Krispy Kreme Faces Cyberattack Disrupting Online Orders; Company Responds to Data Breach

Lookout Discovers New Spyware Deployed by Russia and China

Lynx Ransomware Targets Romanian Energy Supplier Electrica

Massive data breach exposes personal details of over 765,000 Senior Dating users

Massive data leak might have exposed locations of millions of Muslims online

More advanced Zloader malware variant emerges

National Cyber Security Centre (NCSC) Q3 2024 Report Highlights Surge in New Zealand Cyber Incidents

National Museum of the Royal Navy hit by cyber attack

New cyber scam campaign targets job seekers

New IOCONTROL malware used in critical infrastructure attacks

New Ransomware Strain Drives Rising Attack Levels

New stealthy Pumakit Linux rootkit malware spotted in the wild

New Windows Drive-By Security Attack - What You Need To Know

Operation PowerOFF took down 27 DDoS platforms across 15 countries

Over 300K Prometheus Instances Exposed: Credentials and API Keys Leaking Online

ParkMobile users in Michigan eligible for lawsuit settlement. Here's how to get your share

Phishing scams can be hard to spot

Police shuts down Rydox cybercrime market, arrests 3 admins

Pro-Russian and Pro-Palestinian Hacktivists Unite Against France

Professions That Are the Most Exposed to Cybersecurity Threats

Ransomware hitting South African economy hard

Ransomware impacts Ohio county’s emergency services

Remcos RAT Malware Evolves with New Techniques

Researchers bypass Microsoft’s MFA by simply guessing possible 6-digit codes

Researchers find security flaws in Skoda cars that may let hackers remotely track them

Researchers Uncover Symlink Exploit Allowing Transparency, Consent, and Control (TCC) Bypass in iOS and macOS

Russia’s Secret Blizzard APT targets Ukraine with Kazuar backdoor

Rutherford County Schools Investigates Network Disruption, Data Breach Claims

Scammers Exploit Fake Domains in Dubai Police Phishing Scams

Screen Actors Guild Health Plan sued after September data breach exposes healthcare info

Security Flaws in WordPress Woffice Theme Prompts Urgent Update

Spain busts voice phishing ring for defrauding 10,000 bank customers

Telecom providers smear new Federal Communications Commission (FCC) data breach rule as old hat

Texas adds data broker specializing in driver behavior to list of alleged privacy law violators

The Growing Importance of Secure Crypto Payment Gateways

Three-Quarters of Security Leaders Admit Gaps in Hardware Knowledge

Top Android apps vulnerable to reverse engineering tool Frida

Tracking Ransomware’s 35 Year Evolution

Treasury sanctions Chinese cybersecurity company over 2020 cyber attack

Trust exploited in widespread ongoing phishing operation

US Bitcoin ATM operator reports data breach of 58K customers

US Imposing Sanctions On Chinese Companies On Potentially Deadly Ransomware Attacks

US offers $5 million for info on North Korean IT worker farms

US Sanctions Chinese Cybersecurity Firm for Firewall Exploit, Ransomware Attacks

US Sanctions Chinese Firm Over 2020 Cyber Attack

US Sanctions Member of China's Cyber Hacker Army

Using Simulated Phishing Attacks to Turn Your Employees into Security Assets

We must adjust expectations for the CISO role

What's Up With All The Oddly Personal Phishing Texts?

WordPress Hunk Companion Plugin Flaw Exploited to Silently Install Vulnerable Plugins

11th December

Alleged Cyberattack on Danish Police Website Disrupts Services

Alleged Data Breach at MRG School Exposes User Information

Alleged Data Breach at SDA.edu.pe Exposes Sensitive User Information

Alleged Data Breach at Standard Capital Securities Exposes Back-Office Data

Alleged Data Breach Exposes Driver’s License Numbers and SSNs in the U.S.

Alleged Data Breach Exposes High Net Worth Individual (HNI) Information in Delhi NCR

Alleged Data Breach Exposes Sensitive Information About Israeli Government Officials

Alleged Data Breach in Ecuador Exposes Sensitive Company Log Data

Alleged Leak of 10 Million URL Login Credentials Raises Security Concerns

AMD Chip VM Memory Protections Broken by BadRAM

America’s favorite doughnut chain disrupted by cyberattack

AuthQuake Flaw Allowed MFA Bypass Across Azure, Office 365 Accounts

BadRAM: $10 hack unlocks AMD encrypted memory

Chinese EagleMsgSpy Spyware Found Exploiting Mobile Devices Since 2017

Chinese Hacker Pwns 81K Sophos Devices With Zero-Day Bug

Chinese provincial security teams used spyware to collect texts, audio recordings

Containers have 600+ vulnerabilities on average

Crypto scammers target victims via fake Telegram groups

Cyber Incident Disrupting Krispy Kreme Online Orders

Deloitte UK denies ransomware attack compromised over 1TB of data

Dozens of popular DDoS sites raided ahead of potential Christmas attacks

From Vulnerable to Resilient: Cutting Ransomware Risk with Proactive Attack Surface Management

Getting Better: Evolving Practices in API Security

Global Ongoing Phishing Campaign Targets Employees Across 12 Industries

Hackers target bigger game in their hunt for profits

Head Mare Targets Russian Orgs with Hidden LNK Files, Ransomware

Hunk Companion WordPress plugin exploited to install vulnerable plugins

Intrusions leveraging widespread Cleo zero-day underway

Iran's latest threat to Israel: 72-hour countdown to cyber attack

Ivanti Issues Critical Security Updates for CSA and Connect Secure Vulnerabilities

Kaspersky warns of phishing scams using Telegram Premium

Krispy Kreme Cyber Attack Disrupted Online Ordering in the US

Krispy Kreme cyberattack impacts online orders and operations

Krispy Kreme discloses cyberattack that is disrupting online orders

Lynx ransomware behind Electrica energy supplier cyberattack

Microsoft Azure MFA Flaw Allowed Easy Access Bypass

Microsoft December Patch Tuesday 2024: 71 Vulnerabilities Addressed, Including Critical Zero-Day Flaws

Microsoft Fixes 71 CVEs Including Actively Exploited Zero-Day

Microsoft Fixes 72 Flaws, Including Patch for Actively Exploited CLFS Vulnerability

Microsoft MFA AuthQuake Flaw Enabled Unlimited Brute-Force Attempts Without Alerts

Mozilla removes ‘Do Not Track’ from Firefox because it was useless

New DCOM Attack Exploits Windows Installer for Backdoor Access

New EagleMsgSpy Android spyware used by Chinese police, researchers say

New Malware Technique Could Exploit Windows UI Framework to Evade EDR Tools

New York Attorney General and New York Department of Financial Services (NYDFS) Announce $11.3 Million Data Breach Settlement with GEICO and Travelers

Newly passed Take It Down Act will make posting deepfake revenge porn a federal crime

North Korean hackers behind $50 million crypto heist of Radiant Capital

Oasis Security Details MFA Security Flaw Found in Microsoft Cloud Services

Online ordering at Krispy Kreme disrupted by cyberattack

Open source malware up 200% since 2023

Operation PowerOFF: 27 DDoS platforms taken down just before the holidays

Operation PowerOFF shuts down 27 DDoS-for-hire platforms

Operation PowerOFF Takes Down DDoS Boosters

Patch Tuesday: Microsoft Patches One Actively Exploited Vulnerability, Among Others

People don’t care about data breaches, but they should

Ransomware Hackers Exploiting Cleo Software Zero-Day

Researchers uncover Chinese spyware used to target Android devices

Researchers Uncover Espionage Tactics of China-Based APT Groups in Southeast Asia

Russia claims to bust global scam network linked to Georgian ex-defense minister

Russian cyber spies hide behind other hackers to target Ukraine

Russian government spies targeted Ukraine using tools developed by cybercriminals

Rutherford County Schools confirms hacker claims to have employee data: 'Investigation is ongoing'

Sabre confirms employee data exposed in ransomware attack; information appears on Dark Web

Sabre Sends Data Breach Letter to Employees Announcing Leaked SSNs and More

Secret Blizzard Deploys Kazuar Backdoor in Ukraine Using Amadey Malware-as-a-Service

Secret Blizzard Targets Ukrainian Military with Custom Malware

Security arteries burst: 446K exposed in vein treatment center breach

Snowflake Pledges to Make MFA Mandatory

Sophisticated Scam Targets UAE Residents with Fake Police Fines

South Korea Takes Down Fraudulent Online Trading Network Used to Extort $6.3M

Teen hacker charged in Scattered Spider attacks

Termite ransomware group claims a major cyber attack on Blue Yonder

This phishing scam uses text messages pretending to be USPS with a delivery

Top 5 sectors targeted with subject customization techniques

Toronto Public Library concludes cyberattack investigation, reveals data breach impact

U.S. Charges Chinese Hacker for Exploiting Zero-Day in 81,000 Sophos Firewalls

US Sanctions Chinese Cybersecurity Firm for 2020 Ransomware Attack

US Sanctions Chinese Firm at Center of Global Firewall Hack

Zero Day in Cleo File Transfer Software Exploited En Masse

ZLoader Malware Returns With DNS Tunneling to Stealthily Mask C2 Comms

10th December

3AM Ransomware: What You Need To Know

82% of security leaders say AI may raise toxic combination challenges

After the fraud comes the fine, as Maynooth University hit for €40,000 following data breach

AI helping to engineer attacks against crypto users with fake meeting app

Alleged Data Breach at BestMebelShop Exposes Sensitive Customer Information

Alleged Data Breach at Biocrux.co.in Exposes Sensitive User Information

Alleged Data Breach at DUKCAPIL Madiun Exposes Sensitive Citizen Information

Alleged Data Breach at Empowerers.co Exposes Sensitive Information

Alleged Data Breach at Freeform.com Exposes Sensitive User Information

Alleged Data Breach at Plomienswiec.pl Exposes Sensitive User Information

Alleged Data Breach at Purity Formation Exposes Sensitive User Information

Alleged Data Breach Exposes Comprehensive Cars Database in Lebanon

Alleged Leak of 2019 U.S. Driver’s License Data Raises Privacy Concerns

Alleged Leak of Accounts from Instagram, Epic Games, and TikTok Raises Privacy Concerns

Attackers actively exploiting flaw(s) in Cleo file transfer software (CVE-2024-50623)

BadRAM: $10 security flaw in AMD could allow hackers to access cloud computing secrets

Black Basta Ransomware Uses MS Teams, Email Bombing to Spread Malware

Blue Yonder investigates ransomware attack as Termite claims responsibility

Breach of booking giant Sabre exposes tens of thousands

CERT-UA Warns of Phishing Attacks Targeting Ukraine's Defense and Security Force

Chinese hackers use Visual Studio Code tunnels for remote access

Cleo File Transfer Vulnerability Under Active Exploitation – Urgent Updates Required

Cloudflare: 6.5% of global traffic, 4.3% of emails potentially malicious

Court Ruling Provides Clarity on Appeals Against ICO Fines

CVE-2024-11205: WPForms Plugin Vulnerability Exposes 6 Million WordPress Sites to Financial Risk

Cybersecurity News Round-Up 2024: 10 Biggest Stories That Dominated the Year

Defunct pharmacy loses fresh £90k data breach appeal

Dell Urges Immediate Update to Fix Critical Power Manager Vulnerability

EU Cyber Resilience Act: What You Need to Know

EU cybersecurity rules for smart devices enter into force

Europol and Law Enforcement Crack Down on Multimillion-Euro Phishing Gang

Fake Recruiters Distribute Banking Trojan via Malicious Apps in Phishing Scam

French internet operator fined $53 million for unsolicited ads and tracking users without consent

Funko and BrandShield Deny Causing Itch.io Phishing Claim Shutdown

Hackers are exploiting a flaw in popular file-transfer tools to launch mass hacks, again

Hackers Exploit Misconfigurations in Public Websites With Improperly Exposed AWS Credentials

Hackers Target Job Seekers with AppLite Trojan Using Fake Job Emails

Hackers Weaponize Visual Studio Code Remote Tunnels for Cyber Espionage

Heart Device Maker Artivion Suffers Ransomware Breach

Heart surgery device maker's security bypassed, data encrypted and stolen

Ivanti warns of maximum severity CSA auth bypass vulnerability

Investigation into cyber attack at Pembina Trails School Division continues

Is Your QNAP NAS Secure? Critical Patches Released for Major Vulnerabilities

Major Drop in Cyber-Attack Reports from Large UK Financial Businesses

Medical Device Manufacturer Artivion Discloses Cyberattack Impacting Systems and Operations

Mexican fintech startup Kapital leaves client IDs and selfies leaking for months

Microsoft December 2024 Patch Tuesday fixes 1 exploited zero-day, 71 flaws

Microsoft fixes exploited zero-day (CVE-2024-49138)

Multiple Cleo file transfer products being exploited by hackers

New AppLite Malware Targets Banking Apps in Phishing Campaign

New guidance on ransomware-resistant backups

New Cleo zero-day RCE flaw exploited in data theft attacks

Phone Phishing Gang Busted: Eight Arrested in Belgium and Netherlands

Preventing data leakage in low-node/no-code environments

Ransomware attack hits data centre, around 16 brokers likely affected

Ransomware Disrupts Operations at Leading Heart Surgery Device Maker

Researchers bypass iPhone security controls to access sensitive data

Romanian energy supplier struck in ransomware attack in latest cybercrime assault

Scottish Parliament TV at Risk of Deepfake Attacks

Senators want to block data brokers from selling health and location data

ShinyHunters, Nemesis Linked to Hacks After Leaking Their AWS S3 Bucket

Strengthening security posture with comprehensive cybersecurity assessments

Termite Ransomware Attack on Blue Yonder: What You Need to Know

Termite ransomware gang claims it carried out Blue Yonder attack

Thousands of children exposed in major data breach — including names, addresses and social security numbers

UK: Three organisations targeted by cyber attack

US sanctions Chinese cyber firm for compromising ‘thousands’ of firewalls in 2020

US sanctions Chinese cybersecurity company for firewall compromise, ransomware attacks

US sanctions Chinese firm for hacking firewalls in ransomware attacks

US sanctions Chinese firm over potentially deadly ransomware attack

Utility Companies Face 42% Surge in Ransomware Attacks

WPForms bug allows Stripe refunds on millions of WordPress sites

You’ve been hit with ransomware. Think twice before you pay

9th December

8Base hacked port operating company Luka Rijeka

2023 Anna Jaques Hospital data breach impacted over 310,000 people

316,000 patients affected in Anna Jacques Hospital cyber attack

AI-Generated Phishing Report Pulls Indie Game Site Itch.io Offline

Alleged Data Breach at Amazon.com Exposes Sensitive User Information

Alleged Data Breach at Hotels.co.il Exposes Sensitive Customer Information

Alleged Data Breach at RemoteStaff.com.au Exposes 128,000 User Records

Alleged Data Breach at TourPay App Exposes Sensitive Information of 140,000 Users

Alleged Data Breach at TravelSale.com.ar Exposes Sensitive Customer Information

Alleged Data Breach at Universidad Peruana de Ciencias Aplicadas (UPC) Exposes Sensitive Information

Alleged Data Breach at Walae-cristal.com Exposes Sensitive User Information

Alleged Data Breach Exposes Citizen Database of Lima Puluh Kota Regency

Alleged Leak of 40GB of Logs Exposes Sensitive Information

Alleged Scattered Spider hacker arrested, indicted

Anna Jaques Hospital data breach exposes information of over 310,000 patients following ransomware attack

Anna Jaques Hospital Data Breach Impacts 316,000 People

Anna Jacques Hospital Ransomware Breach Hits 316K Patients

API Attacks Surge 3000%: Why Cybersecurity Needs to Evolve in 2025

Black Basta Ransomware Evolves with Email Bombing, QR Codes, and Social Engineering

Blue Yonder investigating data leak claim following ransomware attack

Blue Yonder investigating data theft claims after ransomware gang takes credit for cyberattack

Blue Yonder Probing Data Theft Claims After Ransomware Gang Takes Credit for Attack

"Bogus phishing report" from Funko takes indie game platform itch.io offline

Businesses plagued by constant stream of malicious emails

CERT-In Reports Security Flaw in Tinxy App: Upgrade Now to Stay Safe

Cheap Domains Driving Phishing Attacks: A Growing Threat to Online Security

Cipla Allegedly Hacked, Akira Ransomware Claims 70GB Data Stolen

Compromised AI Library Delivers Cryptocurrency Miner via PyPI

Critical Windows Zero-Day Alert: No Patch Available Yet for Users

Croatian port claimed to be breached by 8Base ransomware

Cyber-security leaders feel the strain of stress

Cyberattacks on Indian Government Jump 138% in Four Years

Cybercrime gang arrested after turning Airbnbs into fraud centers

Dark Web Profile: Ymir Ransomware

Datavant data breach impacts 11,000, including minors

Deloitte denied its systems were hacked by Brain Cipher ransomware group

Deloitte Responds After Ransomware Group Claims Data Theft

Deloitte responds to ransomware claims, says one client system involved

Electrica Group reports ongoing cyber attack

European Police Disrupt Phone Phishing Gang with Arrests

Experts say Chinese hacking campaign underscores value of mobile data

Federal Trade Commission (FTC) orders Marriott to implement information security program

From deepfakes to ransomware: The key trends which will shape IT security in 2025

From threat to shield: the future of the AI battlefield

Funko Pop Company Takes Down Indie Game Platform Itch.io With AI Report

Hacker group UAC-0185 attempts to attack Ukrainian defense enterprises

Hackers attacked Ukrainian defense enterprises

Hackers target Ukraine’s defence sector in new campaign

Hong Kong: Privacy Commissioner confirms data breach affecting 17,000 individuals by Electrical and Mechanical Services Department

How to Select Effective Security Controls

India Tops Global List for Mobile Malware Attacks

Indie game marketplace Itch.io goes down as it claims Funko Pop company used "AI-powered" brand protection to create "some bogus phishing report"

Indie Game Platform Itch.io Says Its Domain Was Nuked Due to ‘Trash AI-Powered’ Phishing Report

Indie games site Itch.io temporarily taken down by Funko, due to 'AI-powered' brand protection company that 'created some bogus phishing report'

Indie gaming platform itch.io temporarily unavailable: how artificial intelligence caused the entire site to shut down

Indie Marketplace Itch.io Taken Offline Due To "Bogus Phishing Report" From Funko

Indie RPG/Gaming Site Itch.io Taken Down By Funko and AI Brand-Protection Software

Itch.io Allegedly Taken Offline By "Bogus Phishing Report" From Funko

Itch.io back online after temporarily takedown by "bogus phishing report" from Funko

Itch.io falls prey to 'trash AI' as 'bogus' phishing claim darkens site for hours

Itch.io goes offline following reports of phishing by Funko

Itch.io marketplace goes offline after alleged phishing report by Funko

Itch.io platform briefly goes down to “AI-driven” anti-phishing report

Itch.io says it was taken down by Funko

Itch.io Taken Offline for Several Hours Over "Bogus" Funko Phishing Claim

Itch.io Website Allegedly Taken Down by Funko

Itch.io went offline due to a ‘trash AI-powered’ phishing report

Key electricity distributor in Romania warns of ‘cyber attack in progress’

Major hospital ransomware breach exposed data of 300,000 patients

Malware at work: are your bad habits to blame?

Mandiant devised a technique to bypass browser isolation using QR codes

Matrix hacker operates a DDoS botnet operation affecting countries

Mauri Ransomware Exploiting Apache ActiveMQ Vulnerability

Maximizing SAP Security: How AI and Human Intervention Work

Medical device company says shipping processes disrupted by ransomware attack

Medical Device Maker Artivion Scrambling to Restore Systems After Ransomware Attack

New cyber attack against defense enterprises and the military: hackers send phishing emails on behalf of the Ukrainian Union of Industrialists and Entrepreneurs

New ransomware gang claims Blue Yonder cyber attack

New ‘Termite’ ransomware group claims responsibility for Blue Yonder cyberattack

New York Attorney General secures $550K settlement with health care operator over massive data breach

North Tyneside Council Apologises for Sensitive Data Breach

One email to expose them all: single user breach exposes data of 11K children

OpenWrt Sysupgrade flaw let hackers push malicious firmware images

Over 585K compromised in Atrium Health breach

Password reuse and the problems that come with it

Phishers Impersonating Police Arrested in Multi-Million Euro Scam

Phishing Scam Targets Ukrainian Defense Companies

Public Reprimands, an Effective Deterrent Against Data Breaches

Quantum Computing: An Impending Threat to the Current Public Key Infrastructure (PKI) Systems

Radiant Capital Suffers $50M DeFi Hack Tied to North Korean Hacker Group

Radiant links $50 million crypto heist to North Korean hackers

Ransomware attack hits leading heart surgery device maker

Ransomware attack on Electrica

Ransomware impacts more than 310K Anna Jacques Hospital patients

Ransomware risk rises during holidays, warns Semperis

Researchers Uncover Prompt Injection Vulnerabilities in DeepSeek and Claude AI

Romanian energy supplier Electrica hit by ransomware attack

Russian hacktivists increasingly attacking US water and energy, researchers warn

Socks5Systemz Botnet Powers Illegal Proxy Service with 85,000+ Hacked Devices

Starbucks, BIC must brace for Blue Yonder hack fallout

Suspected Russian hackers target Ukrainian defense enterprises in new espionage campaign

Termite ransomware gang claims responsibility for Blue Yonder cyber attack

The Persistent Ransomware Threat: 2024 Trends And High-Profile Attacks

The Role of USB Security in Combating Insider Threats

Toshiba Global Commerce Solutions reports data breach impacting consumer information

UK hospital Alder Hey Children’s NHS Foundation Trust confirms INC Ransom cyber attack

UK urged to prioritise reform against cyber attack risks

Ukraine says Russian hackers are targeting country’s defense contractors

Ultralytics AI Library with 60 Million Downloads Compromised for Cryptomining

Unmasking Termite, the Ransomware Gang Claiming the Blue Yonder Attack

Unpatched vulnerabilities: The powder keg fueling ransomware attacks

US medical device giant Artivion says hackers stole files during cybersecurity incident

US subsidiaries of Japanese water treatment company, green tea maker hit with ransomware

WhatsApp fixes bug that let users bypass ‘View Once’ privacy feature

When Should Enterprises Use Application Security or Application Security Posture Management?

Who handles what? Common misconceptions about SaaS security responsibilities