Editor's Message

Welcome to DBD. 2024 was a tough year for me personally, and I'd like to thank every one of you who has supported me - you have been my light in times of darkness. 2024 saw the highest number of ransomware attacks on record, and there's no sign of these attacks slowing down as we head into the new year. Ransomware is a BIG problem that is NOT going away anytime soon, and this year could be just as catastrophic, if not worse, as cyber criminals continue to extort their victims with very little chance of being brought to justice. Wishing you all the very best for 2025. Stay safe. :)


“Data Breaches Digest and its PRiSM portal provide Dentons Global Security Team with valuable insights into the ransomware landscape, from the latest incidents to trends over time, as well as the ability to customize visual analytics. Timely reports and tracking by Data Breaches Digest help inform cyber intelligence for the world’s largest law firm and thus our cybersecurity posture across more than 80 countries worldwide.”
Dentons Senior Analyst, Washington DC



Monday, 13 January 2025

Data Breaches Digest - Week 3 2025

Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 13th January and 19th January 2025.


19th January

Blacon High School closed Monday and Tuesday following ransomware attack

Blacon High School forced to close after 'ransomware attack'

Hackers Claim Breach of Hewlett Packard Enterprise, Lists Data for Sale

Keewatin-Patricia District School Board responds to PowerSchool data breach

Star Blizzard hackers abuse WhatsApp to target high-value diplomats

The world’s first ransomware appeared 35 years ago — it was distributed on 5.25″ floppy disks

18th January

Department of Justice (DOJ) confirms arrested US Army soldier is linked to AT&T and Verizon hacks

Federal Trade Commission (FTC) orders General Motors (GM) to stop collecting and selling driver’s data

FlowerStorm “Phishing-as-a-Service” Attacking Microsoft Users With Fake Login Pages

Hong Kong Database Leak Raises Privacy Concerns

How victims of PowerSchool’s data breach helped each other investigate ‘massive’ hack

Information Commissioner’s Office (ICO) Confirms it’s Still Investigating Lyca Mobile UK’s 2023 Data Breach

Massive Leak of Online Loan User Data Raises Alarms

Minecraft Event Documents Leak Raises Data Security Concerns

NeutralPosture.com Data Breach Sparks Privacy Concerns

Online Loan Platform Data Leak Sparks Privacy Concerns

U.S. Sanctions Chinese Cybersecurity Firm Over Treasury Hack Tied to Silk Typhoon

17th January

61,000 Texans exposed to possible fraud amid data breach by state agency employees

380,000 customer medical records exposed by California cannabis chain breach

AT&T hack exposes agents’ call logs leaving FBI scrambling

Balancing usability and security in the fight against identity-based attacks

Belgium holds first trial of Russians for cybercrimes

Biotech Firm Settles Class Action Over Ransomware Attack for $7.5 Million

Blue Yonder investigating Clop ransomware threat linked to exploited Cleo CVEs

California Wildfires Spark Phishing Scams Exploiting Chaos

Canada: Northwest Territories (NWT) school boards hit by massive data breach, territory confirms

Canada: Several school boards in NWT hit by data breach

Change Healthcare Class Action Lawsuit Filed Over Data Breach That Allowed Hackers To Access Medical Information of 120M Patients

Chemeketa employees hit by retirement plan data breach

CISA warns of exploited Fortinet bugs as Microsoft issues its biggest Patch Tuesday in years

Costa Rica refinery cyberattack was first deployment for new US response program, ambassador says

Critical Flaws in WGS-804HPT Switches Enable RCE and Network Exploitation

Cyber pros skeptical of Biden’s last-minute cybersecurity executive order

Cybercriminals capitalize on LA wildfire chaos via fake GoFundMe’s and crypto coins

Data breach by Texas Health and Human Services employees affected 61,000 people

Data breach exposes 61,000 Texans after state employees improperly access info

Data breach hits company managing retirement for some Oregon school staff

Delaware’s Multistate Tax, Inc. Files Official Notice of Data Breach

Digital Operational Resilience Act (DORA) Takes Effect: Financial Firms Still Navigating Compliance Headwinds

Eindhoven University of Technology yet to recover from last week's cyber attack

EU Action Plan to Tackle Ransomware in Hospitals Lacks New Funding

EU takes decisive action on healthcare cybersecurity

European Privacy Group Sues TikTok and AliExpress for Illicit Data Transfers to China

Europol-led operation is going after criminals’ wallets

Federal Communications Commission (FCC) orders telecoms to secure their networks after Salt Tyhpoon hacks

Federal Trade Commission (FTC) hands General Motors (GM) a 5-year ban on selling sensitive driver info to data brokers

General Motors (GM) banned from sharing driving and location data with insurance companies

Get Texas Supplemental Nutrition Assistance Program (SNAP) benefits? Your information could be part of data breach. Here's what to do

Gezonderwinkelen.nl Faces Data Security Concerns After Reported Breach

Google Ads phishing scams target ad buyers

Hewlett Packard Enterprise (HPE) Data Reportedly Offered for Sale on Illicit Platforms

Homeowners are clueless about how smart devices collect their data

How Russian hackers went after NGOs’ WhatsApp accounts

Juneau student, school staff information may have been compromised in national data breach

KLSERVICE Shop Data Breach Reported in the USA

Lazarus Group Targets Developers in New Data Theft Campaign

Learning from 2024: An Unprecedented Exploitation of Remote Access Technologies

LinkedIn Job Scams Are the Latest Cyber Threat – Don’t Fall for Fake Recruiters

Malicious PyPi package steals Discord auth tokens from developers

Malware stole internal PowerSchool passwords from engineer’s hacked computer

Mortgage Investors Group Investigates Recent Data Breach Following Apparent Cyberattack

Mortgage Investors Group says cyber attack compromised customers' personal information

Multiple Oregon school districts hit by Carruth data breach

New 'Sneaky 2FA' Phishing Kit Targets Microsoft 365 Accounts with 2FA Code Bypass

No answers to when Wexford County will return to normal after November ransomware attack

NOYB Files GDPR Complaints Against TikTok and Five Chinese Tech Giants

Otelier data breach exposes info, hotel reservations of millions

Pachuca Hidalgo IT Department Faces Potential Data Breach

Pedro Paulet Educational Institution Faces Data Breach Concerns

Personal data stolen as council struck by cyber attack

‘Phantom Hacker’ Drains $20,000 From Bank of America Account – Now the Bank Refuses To Reimburse

'PowerSchool' hit by cyber attack

Python-Based Bots Exploiting PHP Servers Fuel Gambling Platform Proliferation

Ransomware Gangs Claimed More Than 5,000 Attacks in 2024

Researchers Warn of NTLMv1 Bypass in Active Directory Policy

Russian couple on trial for large-scale ransomware attacks

Russian Star Blizzard hackers exploit WhatsApp accounts to spy on nonprofits aiding Ukraine

Sanctions Imposed Amid Chinese Cyber Espionage Allegations

Scary Google Ads Phishing Scam

Scholastic investigates reports of cyber attack

Sensitive Data Exposure Reported at NetSe.in

‘Sneaky Log’ phishing kits slip by Microsoft 365 accounts

South Carolina Department of Education (SCDE) responds to PowerSchool data breach impacting South Carolina schools

Star Blizzard Targets WhatsApp in New Campaign

Summit County student, staff information may have been compromised in data breach

Suspected AI-Powered Python Backdoor Tapped for RansomHub Deployment

The Good, the Bad, and the Politics of Biden’s Cybersecurity Order

The Great Cannabis Hack - 380,000 Pot Users Impacted By Attack

The Netherlands: Another cyber attack against higher education contained

The QR code you got via WhatsApp hides a dark Russian secret

Treasury sanctions Salt Typhoon hacking group behind breaches of major US telecom firms

Trojanized images leveraged in separate malware campaigns

Twitter User Data Breach Raises Privacy Concerns

Two East Tennessee school districts affected by international data breach

U.S. cannabis supplier Stiiizy says data breach impacted over 380,000 customers

U.S. Sanctions North Korean IT Worker Network Supporting Weapons of Mass Destruction (WMD) Programs

U.S. Treasury Sanctions Singaporean Hacker Over Major Telecom Breach

UAE Cyber Security Council announces successful countering of ransomware attacks, identification of hackers

UAE thwarts nearly 200,000 daily ransomware attacks, identifies hackers

UK Home Office to ban government and critical infrastructure entities from making ransomware payments

UN Aviation Agency International Civil Aviation Organization (ICAO) Suffers Data Breach Impacting Nearly 12,000 People

US sanctions China-linked hacker Yin Kecheng over Treasury breach

US sanctions Chinese firm, hacker behind telecom and Treasury hacks

US Sanctions Chinese Hacker & Firm for Treasury, Critical Infrastructure Breaches

US sanctions hacker and company allegedly behind Treasury and telecom breaches

US to Ban Chinese and Russian Connected Car Technologies Over Security Risks

US Treasury Department imposes sanctions on Chinese company over Salt Typhoon hack

WazirX Freezes $3M in USDT in Cyber Attack Aftermath

What Does BlackBerry's Data Say About Cyberattacks in 2024?

What’s the real scope of crypto crime? Depends on who you ask

WhatsApp Accounts of Government Ministers Not Spared From Russian Hackers Thru Fake Email Invitation

WhatsApp spear phishing campaign uses QR codes to add device

Wolf Haldenstein Data Breach Impacts 3.4 Million People

Wolf Haldenstein reports data breach affecting 3.4M people

16th January

2024 US Healthcare Data Breaches: 585 Incidents, 180 Million Compromised User Records

Accelerated BlackBasta-like email attack examined

American cycling clothing brand hit by ransomware attack

Biden Cybersecurity Order Lays Out Ambitious Plan for Government Security

Biden signs executive order to bolster national cybersecurity

Biden Tightens Software Supply Chain Security Requirements Ahead of Trump Takeover

Biotech firm settles class action lawsuit over ransomware attack for $7.5 million

Black Basta Rapid-Fire Attack Blasted 1,165 Emails at 22 Target Mailboxes in 90 Minutes

California Wildfire Exploited By Hackers To Launch Phishing Attacks

Change Healthcare Ransomware Attack: Data Review “Substantially Complete”

City of West Haven takes IT systems offline following a major cyber attack

Clop Ransomware exploits Cleo File Transfer flaw: dozens of claims, disputed breaches

Clop ransomware gang names dozens of victims hit by Cleo mass-hack, but several firms dispute breaches

Clop Ransomware Gang Threatens Cleo Users With Data Exposure

Configuration files for 15,000 Fortinet firewalls leaked. Are yours among them?

Critical SimpleHelp vulnerabilities fixed, update your server instances!

Critical vulnerabilities remain unresolved due to prioritization gaps

Crypto Phishing on Telegram Surged 2,000% Since November 2024

Cyber attack on Conad: Lynx group claims theft of confidential data and demands ransom in crypto

Cybercriminals Impersonate Google Ads in Promoted Results to Exploit Advertiser Accounts

Digital Operational Resilience Act (DORA) Compliance Costs Soar Past €1m for Many UK and EU Businesses

Enzo Biochem Agrees to Settlement in Class Action Suit Related to Ransomware Attack

EU Steps Up Cyber Defense with Action Plan to Protect Critical Healthcare Infrastructure

EU To Launch New Support Centre by 2026 to Boost Healthcare Cybersecurity

Eyewear Wholesaler Data Breach Sparks Privacy Concerns

Federal Trade Commission (FTC) orders GoDaddy to fix poor web hosting security practices

Federal Trade Commission (FTC) scolds GoDaddy for neglecting basic cybersecurity

Federal Trade Commission (FTC) updates closely watched children’s online privacy rule

Florida State Database Breach Sparks Public Data Security Concerns

FunkSec Ransomware Dominating Ransomware Attacks, Compromised 85 Victims in December

GDPR complaints filed against TikTok, Temu for sending user data to China

GoDaddy Accused of Serious Security Failings by Federal Trade Commission (FTC)

Google OAuth flaw exposes millions to data breach risk

Google ‘Perpetual Hack’ Attack Steals Passwords And 2FA - Act Now

Google Search ads are being hacked to steal account info

Gravy Analytics Data Breach Sparks Privacy Concerns in the United States

Hackers Abusing Teams Chat For Remote Session And To Drop Black Basta Malware

Hackers Exploiting California Wildfire Sparks to Launching Phishing Attacks

Hackers Hide Malware in Images to Deploy VIP Keylogger and 0bj3ctivity Stealer

Hackers Target Google Ad Accounts - With Google Ad Phishing Scams

Hackers Use Image-Based Malware and GenAI to Evade Email Security

How CISOs can elevate cybersecurity in boardroom discussions

Huge “zombie” MikroTik router botnet spreads malware and obscures Russian hackers

Illicit crypto volumes grow

Jia Bo Sports Betting Platform Faces Potential Data Breach in China

July ransomware attack on OneBlood resulted in data heist

Liberty Public Schools notifies families of data breach to student information system

Major leak exposes 1.5 billion Weibo, DiDi, Shanghai Communist Party, and others’ records

Massive Data Breach Exposes Over 1 Million U.S. Personal Records

MetLife Data Breach Raises Privacy Concerns in the United States

Negotiating with a hacker: how do you do it?

New Hacking Group Leaks Configuration of 15,000 Fortinet Firewalls

New UEFI Secure Boot bypass vulnerability discovered (CVE-2024-7344)

New UEFI Secure Boot flaw exposes systems to bootkits, patch now

New UEFI Secure Boot Vulnerability Could Allow Attackers to Load Malicious Bootkits

New Zealand law firm Bell & Graham confirms ransomware attack

North Carolina schools may have had information exposed as part of data breach

Northborough-Southborough Public Schools (NSBORO) posts details on the PowerSchool data breach

One in ten AI prompts puts sensitive data at risk

Path of Exile 2 Confirms Data Breach

Path of Exile 2 Reveals Data Breach of Confidential Data

Personal data compromised in Gateshead Council cyber attack

Personal data stolen in cyber-attack on council

Phishers use malicious Google Ads to target advertisers globally

Purina Dog Food User Data Breach Sparks Privacy Concerns in Colombia

Python-Based Malware Powers RansomHub Ransomware to Exploit Network Flaws

Ransomware attack impacts over 61K Avery customers

Ransomware exposed more than 166 million records in 2024 in the U.S., research finds

Ransomware incidents increased by 11% in 2024, says Check Point

Ransomware sanctions, software security among key points in new Biden executive order

Ransomware victim numbers hit an all-time high

Ransomware victims and threat groups have reached an ‘all-time high’

Researcher Uncovers Critical Flaws in Multiple Versions of Ivanti Endpoint Manager

Researchers Find Exploit Allowing NTLMv1 Despite Active Directory Restrictions

Russian Cyberspies Caught Spear-Phishing with QR Codes, WhatsApp Groups

Russian Star Blizzard Targets WhatsApp Accounts in New Spear-Phishing Campaign

Scammers Exploit California Wildfires, Posing as Fire Relief Services

Suspicious cyber activity addressed by University of Oklahoma amid Fog ransomware claims

Taking the ‘ransom’ out of ‘ransomware’ is a dangerous, possibly brilliant, idea

Telegram malware crypto scams rampant over traditional phishing

The $10 Cyber Threat Responsible for the Biggest Breaches of 2024

The current state of ransomware: Weaponizing disclosure rules and more

TikTok, Xiaomi, and other Chinese tech firms hit by EU privacy complaints

Trump’s Truth Social Users Targeted by Rampant Scams Online

UK mulls ransomware payment ban for public services

UK’s porn age checks to arrive in July, raising fears over security and privacy

Upper Canada District School Board (UCDSB) cyber attack not related to PowerSchool hack

Upper Canada District School Board (UCDSB) provides more details on “cyber attack” that has impacted area schools

US cracks down on North Korean IT worker army with more sanctions

US issues sanctions against companies in Laos, China tied to North Korean IT worker scheme

W3 Total Cache plugin flaw exposes 1 million WordPress sites to attacks

Wolf Haldenstein law firm says 3.5 million impacted by data breach

15th January

3 Actively Exploited Zero-Day Flaws Patched in Microsoft's Latest Security Update

5 Emerging AI Threats Australian Cyber Pros Must Watch in 2025

$675K Morrison Community Hospital data breach class action settlement

A Warning For Millions Of iPhone Users: Beware Of This Text Phishing Scam

AI email guardian hamstrung by powerful QR code and CAPTCHA combo cyberattack

Alliance Public Schools Reports Data Breach

Amazon Web Services (AWS) S3 Buckets Under Siege: New Ransomware Exploits SSE-C

BayMark Health Services says cyber attack compromised staff and patients' data

Black Basta-Style Cyberattack Hits Inboxes with 1,165 Emails in 90 Minutes

Bridgewater-Raritan school software provider targeted in global cyberattack

Canada: N.B. Liquor woes show hallmarks of ransomware attack, cyber expert says

Catholic school board impacted by data breach

Change This Setting to Avoid This Google Calendar Spoofing Attack

Chinese PlugX Malware Deleted in Global Law Enforcement Operation

Chrome 132 - Update Now Warning Issued To All Google Browser Users

CISA Launches AI Cybersecurity Playbook to Strengthen Collective Defense

CISA Launches Playbook to Boost AI Cybersecurity Collaboration

CISO responsibility is expanding beyond cybersecurity

Cl0p ransom gang says ‘contact us’ or we'll publish data of 59 Cleo victims

Cl0p Ransomware Group Releases List of Victims Compromised Using Cleo Vulnerability

Codefinger ransomware gang uses compromised AWS keys to encrypt S3 bucket

Critical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE Attacks

Cyberattack disclosed by Mortgage Investors Group after Black Basta claims

Cybersecurity Experts Urge Parents to Stay Alert After PowerSchool Data Breach

Cybersecurity Incident Targets San Nicolás, Nuevo León

Cybersecurity is stepping into a new era of complexity

Cyberstorm rising: China’s aggressive hacking on Taiwan’s infrastructure doubled in 2024

Dare County Schools provides update on recent online data breach

E-Benefit Solution Notifies Consumers of Recent Data Breach

Enhancing Health Care Cybersecurity: Bridging HIPAA Gaps with Innovation

EU unveils plans to tackle growing cyberattack threats on hospitals

Excelsior Orthopaedics says data breach compromised the data of 357,000 patients

Fake phishing alert sets security focused company on fire

FBI Confirms It Deleted Files From 4,258 U.S.-Based Computers

FBI Deletes PlugX Malware from 4,250 Hacked Computers in Multi-Month Operation

FBI Deletes PlugX Malware From Computers Infected by China Group

FBI removed PlugX malware from U.S. computers

FBI Removes PlugX Malware from 4,200 U.S. Computers in People’s Republic of China (PRC)-Linked Cyber Operation

Federal Trade Commission (FTC) cracks down on GoDaddy for cybersecurity failings

Fog Ransomware Group Claims University of Oklahoma Data Breach, Exfiltrates 91GB of Data

Fortinet Confirms Critical Zero-Day Vulnerability in Firewalls

Fortinet Vulnerability Exploited: Patch Now to Prevent Super-Admin Breaches

Gateshead Council suffers cyber attack and personal data stolen

Gateshead Council suffers cyber attack and personal data stolen by criminals

Global Data Breach Exposes 1.27TB of Sensitive Information

Google Ads Users Targeted in Malvertising Scam Stealing Credentials and 2FA Codes

Google Cloud Researchers Uncover Flaws in Rsync File Synchronization Tool

Government plans total ban on public sector bodies making ransomware payments

Government to consult on plans to tackle cybercrime

Granite School District reassures residents after data breach letter sparks scam fears

Hackers are stealing Google Ads accounts to publish fake ads in a perpetual cycle

Hackers are turning Amazon S3 bucket encryption against customers in new ransomware campaign – and they’ve already claimed two victims

Hackers boast of health workers visa data breach, sparking police probe

Hackers dupe 100 Massachusetts money managers, prompting payroll system shutdown

Hackers leak configs and VPN credentials for 15,000 FortiGate devices

Hackers Use CVE-2024-50603 to Deploy Backdoor on Aviatrix Controllers

Hackers use Google Search ads to steal Google Ads accounts

Home Office launches cyber crime protections for data centres

How Role-Based Identity Management Can Protect Against AD- And Entra ID-Related Risk

How scammers are tricking Apple iMessage users into disabling phishing protection

Illicit Crypto-Inflows Set to Top $51bn in a Year

Indiana University Health (IU Health) says patient data, Social Security numbers may have been exposed in data breach

KnowBe4 research confirms effective security awareness training significantly reduces data breaches

Label giant Avery says website hacked to steal credit cards

Lazarus Group Targets Web3 Developers with Fake LinkedIn Profiles in Operation 99

LuxTrust targeted by yet another cyber attack

Massive Data Breach Exposes Personal Information of 125,000 Egyptians

Microsoft Discovers macOS Flaw CVE-2024-44243, Bypassing SIP

Microsoft Patches Eight Zero-Days to Start the Year

Microsoft patches three exploited Windows zero-days and critical Outlook vulnerabilities

MikroTik botnet uses misconfigured Sender Policy Framework (SPF) DNS records to spread malware

Ministers consider ban on ransomware payments for UK public bodies

Mortgage Investors Group Confirms Data Loss After Black Basta Claims

Multi-Cloud Adoption Surges Amid Rising Security Concerns

Nationwide Data Breach Affecting Multiple Long Island School Districts

Nationwide data breach affects Vermont student, staff information

New Amazon Ransomware Attack - ‘Recovery Impossible’ Without Payment

New Critical Microsoft Windows Warning As 3 Zero-Day Attacks Underway

New proposals to protect UK businesses from ransomware attacks

New UK Cybersecurity Proposals Aim to End Ransomware Payments in Public Sector

New York Amends Data Breach Notification Law to Enhance Notification Requirements, Expand Definition of ‘Private Information’

No new funding in EU plan to tackle ransomware attacks against hospitals

Nominet subject of a data breach via the Ivanti zero-day flaw

North Carolina: Pitt County schools among several in the state impacted by data breach

North Korean crypto hackers have gotten so bad they forced an international warning

North Korean IT Worker Fraud Linked to 2016 Crowdfunding Scam and Fake Domains

North Texas school districts warned after PowerSchool data breach exposes student information

Northern Firm Rallies 15,000 Clients in Groundbreaking Lawsuit Against Microsoft and Google Over Data Breach

OneBlood Notifies Individuals Affected by July 2024 Ransomware Attack

OneBlood reports data breach to state regulators after ransomware attack

Over 660,000 Rsync servers exposed to code execution attacks

Patch Tuesday: January 2025 Security Update Patches Exploited Elevation of Privilege Attacks

Path of Exile 2 developer apologizes for breach where hacker accessed player accounts

Phishing campaign targeting iPhone users; Cyber Security Agency (CSA) warns against replying to unknown iMessage senders

Phobos Ransomware: A Persistent Threat to Healthcare and Beyond

PowerSchool breach FAQ: What to know about the data breach affecting North Carolina schools

PowerSchool data breach affects Cumberland County Schools

PowerSchool data breach exposed student Social Security numbers, grades

PowerSchool Data Breach Exposes Sensitive Records of Millions Nationwide

PowerSchool data breach prompts North Carolina schools to enhance cybersecurity measures

PowerSchool data breach impacted Washington students, staff

PowerSchool data breach impacts Lenoir County schools and beyond

PowerSchool data breach victims say hackers stole ‘all’ historical student and teacher data

Ransomware allegedly hits Indus Tower, hackers demand $500,000

Ransomware Leak Sites Suggest Attacks Reached Record High

Ridgefield, Connecticut, Schools Affected by Nationwide Data Breach

Rivers Casino Philadelphia Faces Proposed Class Actions as a Result of Data Breach

Room for error: European hotel chain exposes millions of guests' data

Rsync vulnerabilities allow remote code execution on servers, patch quickly

Russian espionage and financial theft campaigns have ramped up, Ukraine cyber agency says

SAP fixes critical vulnerabilities in NetWeaver application servers

Secureworks Exposes North Korean Links to Fraudulent Crowdfunding

STIIIZY Data Breach Affects an Estimated 380,000

Strengthening Cybersecurity: New Protections for Data Centres

Suspected Ukrainian hackers impersonating Russian ministries to spy on industry

Telefónica breached via infostealer, social engineering

The Top 8 Countries Leading the Cyber Defense Race in 2025

Tycon Medical Systems Confirms Recent Breach Affected 112,847 Victims

UK Considers Banning Ransomware Payments

UK Consults on Measures to Tackle Ransomware Attacks

UK could ban ransomware payments by the public sector and critical infrastructure companies

UK Expands Ban for Ransomware Payments

UK Government considers banning public sector bodies from making ransomware payments

UK proposes ban on ransomware payments in critical sectors

UK proposes banning ransomware payments to deter cybercriminals

UnitedHealth hid its Change Healthcare data breach notice for months

University of Oklahoma isolates systems after ‘unusual activity’ on IT network

University of Rwanda Faces Major Data Breach Concerns

University of the West of Scotland (UWS) targeted by Russian cyber gang amid time of financial scarcity for Scottish universities

Upper Peninsula public schools hit hard with data breach

US, Japan and South Korea urge crypto industry to take action against North Korean hackers

'We are incredibly sorry': Path of Exile 2 devs apologise for data breach that saw 66 accounts snatched and personal info potentially stolen

Website Breach Reported for Ahmad Al Mutawa Platform in UAE

Welcome Hall Mission Data Breach Sparks Privacy Concerns

What Is The UK Government Doing About Ransomware?

Williamsport Area School District warns of possible data breach

World Economic Forum spotlights growing gap in cyber readiness

York police warn of surge in email phishing scams involving fake compromising photos

Your favourite apps like Candy Crush Saga and Tinder are spying on you

14th January

60 Million Students and Teachers Targeted in PowerSchool Data Breach

Allstate car insurer sued for tracking drivers without permission

Apple vulnerability discovered: your camera and data could be at risk

Australian Government Agencies Failing to Keep Up With Cyber Security Change

Blockchain in cybersecurity: opportunities and challenges

Breach of Lebanese Intelligence Database Sparks Security Concerns

Browser-Based Cyber-Threats Surge as Email Malware Declines

Calgary Public Library Announces Full Service Restoration After Data Breach

CISA Adds Second BeyondTrust Flaw to Known Exploited Vulnerabilities (KEV) Catalog Amid Active Attacks

Connecticut city of West Haven assessing impact of cyberattack

Critical Infrastructure Urged to Scrutinize Product Security During Procurement

Cybersecurity experts warn parents after PowerSchool data breach

Data breach impacts personal info of students in more than half of Tri-Cities schools

Department of Justice (DOJ) confirms FBI operation that mass-deleted Chinese malware from thousands of US computers

Department of Justice (DOJ) deletes China-linked PlugX malware off more than 4,200 US computers

Eindhoven University of Technology (TU/e) cyber attack: education and exams postponed for the week

EncompassCare Files Notice of Data Breach Affecting Consumers’ Social Security Numbers

Extensive Personal Data Leak Reported in France

FBI wipes Chinese PlugX malware from over 4,000 US computers

Fortinet fixes FortiOS zero-day exploited by attackers for months (CVE-2024-55591)

Fortinet Under Cyber Attack: Zero-Day Vulnerability Suspected in FortiGate Firewalls

Fortinet warns of auth bypass zero-day exploited to hijack firewalls

Google OAuth flaw lets attackers gain access to abandoned accounts

Google OAuth Vulnerability Exposes Millions via Failed Startup Domains

Hackers are exploiting a new Fortinet firewall bug to breach company networks

Hackers use FastHTTP in new high-speed Microsoft 365 password attacks

Hackers Using Fake YouTube Links to Steal Login Credentials

Major cannabis brand Stiiizy faces customer data breach

Malicious actors’ GenAI use has yet to match the hype

Malicious Kong Ingress Controller Image Found on DockerHub

Manchester Law Firm Leads 15,000 to Sue Google and Microsoft over AI Data

Massive Data Leak Targets U.S. Mobile Homeowners

Microsoft fixes actively exploited Windows Hyper-V zero-day flaws

Microsoft January 2025 Patch Tuesday: 8 Zero-Days, 3 Actively Exploited

Microsoft January 2025 Patch Tuesday fixes 8 zero-days, 159 flaws

Microsoft Uncovers macOS Vulnerability CVE-2024-44243 Allowing Rootkit Installation

New Codefinger Ransomware Exploits AWS to Encrypt S3 Buckets

North Korea stole over $659M in crypto heists during 2024, deployed fake job seekers

PowerSchool data breach affects families from Lakeland area

Ransomware Campaign Targets Amazon S3 Buckets

Remediation Times Drop Sharply as Cyber Hygiene Take Up Surges

Russia's largest platform for state procurement hit by cyberattack from pro-Ukraine group

Russian-Linked Hackers Target Kazakhstan in Espionage Campaign with HATVIBE Malware

Sacramento-Area School District Waited Months to Disclose Data Breach

Sensitive Data Reportedly Exposed in Baghdad’s Al-Karkh Region

Software security awareness training is at an all-time low

Teacher social security numbers included in PowerSchool data breach impacting Carolinas, US

TechnoBoom User Database Leak Raises Privacy Concerns

Tennessee-based mortgage lender confirms December cyberattack

UK bans public sector from paying ransomware hackers

UK Considers Ban on Ransomware Payments by Public Bodies

UK plans to ban public sector organizations from paying ransomware hackers

UK Registry Nominet Breached Via Ivanti Zero-Day

Under Discussion: UK Mandatory Ransomware Incident Reporting

US government says North Korea stole over $659 million in crypto last year

What 2024 taught us about security vulnerabilties

WP3.XYZ malware attacks add rogue admins to 5,000+ WordPress sites

Zero-Day Vulnerability Suspected in Attacks on Fortinet Firewalls with Exposed Interfaces

13th January

3 Russians Indicted for Operating Blender.io and Sinbad.io Crypto Mixers

4.2 million impacted by Scholastic data beach

7 Million OpenSea Emails Exposed: Crypto Community on High Alert for Phishing Threats

250,000 Danish Consumer Records Exposed in Data Breach

A breach of Gravy Analytics’ huge trove of location data threatens the privacy of millions

AI revolutionizes phishing attacks, enables use of deepfake

AI-assisted Ransomware Group Claims 85 Victims in December

Ako Ransomware Abusing Windows API Calls To Detect Infected System Locations

Alert: Hackers Are Tricking iMessage Users Into Enabling Phishing Links

Alleged Blender, Sinbad cryptomixer operators arrested, indicted

Alleged Top Ransomware FunkSec Operators Appear to Develop Malware Using AI Help

Allstate abused driving data of 45 million Americans, new lawsuit claims

Apple iMessage Phishing Campaign Ask Users to Disable Built-in Protection by Replying to Texts

Attackers are encrypting AWS S3 data without using ransomware

CISA orders agencies to patch BeyondTrust bug exploited in attacks

Clicks on phishing links in the workplace almost tripled in 2024

‘Codefinger’ hackers encrypting Amazon cloud storage buckets

Crypto industry alarmed as 7 million OpenSea email users’ leak resurfaces

‘Crypto’ crime surged in 2024; billions stolen in phishing

Cyber Attack Hits Renowned University, Classes Suspended

Cyber chaos 2025: Why AI and deepfakes are pushing security to the brink

Cyberattack forces Dutch university to cancel lectures

Cybersecurity researchers discover malware targeting macOS users

Data breach compromises STIIIZY customers’ data

Data Breach For Both Golden Hills And Christ The Redeemer School Divisions

Dutch chipmaking giant ASML’s key feeder university, located just 5 miles away, suspends lessons after cyber attack

Dutch University shuts down network after cyber attack

Eindhoven University hit by cyber attack, perpetrators unknown

Eindhoven University of Technology (TU/e) cyber attack amid tensions around semiconductors

Eindhoven University shut on Tuesday after cyber attack

Employees clicked phishing links more often in 2024

EU law enforcement training agency data breach: Data of 97,000 individuals compromised

Everest ransomware gang lists Aussie company Evidn as a victim

Expired Domains Allowed Control Over 4,000 Backdoors on Compromised Systems

Extensive Indian Property Database Reportedly Leaked

Four Years of CISA: A Policy Review of U.S. Cybersecurity and Infrastructure Security

Furry Hacker Breaches Scholastic – Exposes Data of 8 Million People

Guardian.com Data Breach Exposes Millions of User Records

Hacker Broke into ‘Path of Exile 2’ Admin Account, Hijacked Wave of Characters

Hackers behind the TU Eindhoven cyber attack still unknown, no classes on Tuesday

Hackers Breach Telefonica Network, Leak 2.3 GB of Data Online

Hackers Exploit Aviatrix Controller Vulnerability to Deploy Backdoors and Crypto Miners

Hackers exploit critical Aviatrix Controller RCE flaw in attacks

Hackers with likely Kremlin ties target Kazakhstan in espionage campaign

Hackney Council still addressing 2020 cyber attack

How Barcelona became an unlikely hub for spyware startups

Huaxia School Student Records Breach Exposes 8,000 Students’ Data

iMessage text gets recipient to disable phishing protection so they can be phished

iMessage under attack from scammers sending phishing messages — don’t fall for it

INBAL Database Breach Raises Concerns Over Cultural Institution Security

Indian EdTech platform Wissenhive targeted by ransomware group

International Civil Aviation Organization (ICAO) says nearly 12,000 impacted by recruitment data breach

Ivanti Rolls Out Patches to Mitigate Exploits in Connect Secure, Policy Secure, and ZTA Gateways

Leaked OpenSea user emails now public, SlowMist warns of phishing risks

Lyons Specialty Co. Data Breach Sparks Concerns Over Business Security

macOS bug lets hackers install malicious kernel drivers

Major cyberattack hits Slovakian land registry

Major Data Breach Reveals Exact Locations of Users from Popular Applications

Major location data broker reports hack to Norwegian authorities

Maryland reaches multistate $20 million settlement with mortgage servicing company over data breach

Maryland Secures $564K in Settlement Over Data Breach Impacting Thousands

Massive Data Breach at Gravy Analytics Exposes Location Data of Millions, Raising Privacy Concerns

Massive Data Breach Exposes Personal Information of 328,000 Australians

Massive data breach exposes precise locations for users of popular apps

Medusind Data Breach Exposes Over 360,000 Individuals’ Healthcare Info

Meet FunkSec: A New, Surprising Ransomware Group, Powered by AI

Meet FunkSec: The AI-Powered Ransomware Group Redefining Cyber Threats

Netherlands’ Eindhoven University Hit by Cyberattack, Network Shut Down

New Amazon Ransomware Attack - ‘Recovery Impossible’ Without Payment

New iPhone Attack Warning - Do Not Reply To This Message

New Ransomware Group Uses AI to Develop Nefarious Tools

No sign of data theft after ASML-backed university takes network offline

'Obsessive' Snapchat hacker stole women's intimate images and 'traded them like football cards'

OneBlood confirms personal data stolen in July ransomware attack

OpenSea email breach puts crypto users at $1 Billion phishing risk

OpenSea Email Leak Sparks Warning Over Phishing Attacks

Oppo, Realme phone brands in hot seat for data breach

Over 7 Million OpenSea Emails Leaked Online, Sparking Scam Concerns

PayPal Phishing Attack; Cybercriminals Exploit Platform Features in Sophisticated Scam

PayPal phishing attacks: how it works, identifying threats and precautions to take

Peterborough Police warn residents about phishing scam targeting online users

Phishing Attacks Use This Simple Trick to Defeat iPhone Message Security

Phishing campaign targeting Apple iMessage

Phishing campaign targets developers with fake CrowdStrike job offers

Phishing Click Rates Triple in 2024 as Cybercriminals Exploit AI

Phishing click rates tripled in 2024 despite user training

Phishing texts can disable iMessage protection on your iPhone

PowerSchool data breach: What to know, how students are impacted

PowerSchool Data Breach May Affect Southwestern Pennsylvania Schools

Pro-Palestine Hacktivist Group ‘Mr. Hamza’ Claims MI6 DDoS Attack to Show Power

Quishing – The Rising Threat of QR Code Phishing in Cybersecurity

Ransomware abuses Amazon AWS feature to encrypt S3 buckets

Ransomware crew abuses Amazon Web Services (AWS) native encryption, sets data-destruct timer for 7 days

Ransomware developers are now using AI assistance

Ransomware Gangs weaponize Windows Defender Application Control (WDAC) to disable EDR products

Ransomware on ESXi: The mechanization of virtualized attacks

Russian Malware Campaign Hits Central Asian Diplomatic Files

Russian Pharmacy Platform Data Breach Sparks Privacy Concerns

Scammers have a new phishing trick for iPhone users – here’s how to avoid falling victim

Scholastic suffers data breach exposing 8 million people, report says

Shocking Data Breach: PowerSchool’s Security Fails Students! Immediate Action Required

Stolen Path of Exile 2 admin account used to hack player accounts

SuperDraft data breach exposes more than 300,000 customer records

Telefonica Breach Hits 20,000 Employees and Exposes Jira Details

Texas sues Allstate, alleging it violated data privacy rights of 45 million Americans

Three Cryptomixer Masterminds Charged Processing Ransomware Payments

Three Russians Charged with Crypto Mixer Money Laundering

Turks and Caicos recovering from pre-Christmas ransomware attack

UK domain giant Nominet confirms cybersecurity incident linked to Ivanti VPN hacks

UK domain registry Nominet confirms breach via Ivanti zero-day

UK proposes banning hospitals and schools from making ransomware payments

Ukrainians in Portugal complain about data breach

UN aviation agency confirms nearly 12,000 affected by data breach

UN Aviation Agency Says ICAO Data Breach Impacted Nearly 12,000 Individuals

US attacks ransomware supply chain with indictment of three cryptocurrency mixer operators

US cannabis company hacked, customers’ passports exposed

US Executive Order Aims To Shore Up Cyber-Defences

WordPress Skimmers Evade Detection by Injecting Themselves into Database Tables