Editor's Message

Welcome to DBD. 2024 was a tough year for me personally, and I'd like to thank every one of you who has supported me - you have been my light in times of darkness. 2024 saw the highest number of ransomware attacks on record, and there's no sign of these attacks slowing down as we head into the new year. Ransomware is a BIG problem that is NOT going away anytime soon, and this year could be just as catastrophic, if not worse, as cyber criminals continue to extort their victims with very little chance of being brought to justice. Wishing you all the very best for 2025. Stay safe. :)


“Data Breaches Digest and its PRiSM portal provide Dentons Global Security Team with valuable insights into the ransomware landscape, from the latest incidents to trends over time, as well as the ability to customize visual analytics. Timely reports and tracking by Data Breaches Digest help inform cyber intelligence for the world’s largest law firm and thus our cybersecurity posture across more than 80 countries worldwide.”
Dentons Senior Analyst, Washington DC



Monday, 20 January 2025

Data Breaches Digest - Week 4 2025

Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 20th January and 26th January 2025.


26th January

British Museum Exhibitions Closed After Alleged Cyber-Attack By Former Employee

Change Healthcare data breach exposed the private data of over half the U.S.

Data Breach Exposed Precise Location Information of Millions Using Popular Smartphone Apps

Hackers use GenAI to attack more frequently and effectively

Iranian hackers broadcast rocket sirens, odes to terrorism in 20 Israeli kindergartens

Japan: Cyber Attack Strikes Popular Theme Parks! What You Need to Know

Meta's Llama Framework Flaw Exposes AI Systems to Remote Code Execution Risks

Ransomware gang uses SSH tunnels for stealthy VMware ESXi access

UnitedHealth Confirms Data Breach Affects 190 Million

UnitedHealth now says 190 million impacted by 2024 data breach

UnitedHealth updates data breach impact to 190 million people, nearly doubling previous estimate

25th January

American National Insurance Company (ANICO) Data Leaked in MOVEit Breach

Anonymous: The cyberattack on public transport was carried out by Georgian hackers affiliated with the hacker group Anonymous - this is a warning to the oppressors

Budget Broadband ISP TalkTalk Probes Possible UK Data Breach

Cl0p ransomware gang lists Ampol, Linfox, and Steel Blue as victims

Crunchyroll Confirms User Data Breach — But Assures There's Nothing To Worry About

CSG Actively Assisting with Investigation into UK Connectivity Customer’s Data Breach; No Evidence CSG or its Platform Were the Cause

ICICI Bank data leaked? Ransomware Leak Site Claims

In wake of ransomware attack, Wood County IT director resigns, county hires consultant

Moniepoint Refutes Claims of Hacker Intrusion on Its Platform

Nigeria: Suspected Lagos hacker Ogar remanded in prison accused of N15m fraud

PayPal to pay $2 million settlement over 2022 data breach

TalkTalk investigates breach after data for sale on hacking forum

'There's No Evidence': Crunchyroll Denies Knowledge of Data Breach Following Viral Leaked Premium Logins Post

UnitedHealth Group Reports Largest U.S. Healthcare Data Breach

UnitedHealth Group’s Massive Data Breach Impacts 190 Million Americans

UnitedHealth says hack at tech unit impacted 190 million people

UnitedHealth updates number of data breach victims to 190 million

24th January

$4.88M was the average cost of a data breach in 2024

A New Wave Of Ransomware Campaigns Is Targeting Microsoft Teams

Are You Being Scammed? Phishing Emails Target Voter Registration

At least $69 million stolen from crypto platform Phemex in suspected cyberattack

BASHE Ransomware Allegedly Leaked ICICI Bank Customers Data

BASHE Ransomware Group Claims Attack on ICICI Bank: What We Know So Far

Black Kite Research Finds Certain Ransomware Groups Disproportionately Target Healthcare Organizations

Chinese firm Oppo ordered to investigate data breach in Thailand

Circle K’s largest US franchisee hit by data breach

CISA Adds Five-Year-Old jQuery XSS Flaw to Exploited Vulnerabilities List

Cloud-targeted attacks conducted by TRIPLESTRENGTH operation

Consumers hit Norwex, PowerSchool with data breach class actions

Cyber Attack Steals ₹2.34 Crore from Karnataka Bank via RTGS/NEFT Vulnerability

Cyber attack warning targeting routers and cameras in Bahrain

Cybersecurity Alert: Users Deceived By Fake Google CAPTCHA Pages

Deepfakes force a new era in fraud detection, identity verification

Department of Justice (DoJ) Indicts 5 Individuals for $866K North Korean IT Worker Scheme Violations

Department of Justice (DoJ) nabs five suspects in North Korean remote worker scheme

FalconFeedsio X Account Hacked, Promoting Fraudulent Crypto Scams

Federal Trade Commission (FTC) issues warning about dangerous deliveries: free gifts that contain identity theft

Game developer Big Cheese Studio targeted in cyber attack

GhostGPT: A Malicious AI Chatbot for Hackers

Google Cloud Security Threat Horizons Report - Evolving Ransomware and Data Theft Risks in the Cloud

Hacker infects 18,000 "script kiddies" with fake malware builder

Hacker Traps Newbie Cybercriminals With Malware Posing as Trojan Builder

Hackers use Windows RID hijacking to create hidden admin account

Hackers Use XWorm RAT to Exploit Script Kiddies, Pwning 18,000 Devices

Harrison County Schools Hit by Cyberattack, Investigation Underway

HCF Management healthcare facilities hit by ransomware attack; more than 70,000 patients affected

Healthcare cyberattacks caused financial damage for 69% of organizations

HellCat, Morpheus RaaS operations leverage similar payloads

Hellenic Bank warns customers against new phishing scams

How to avoid rewards scams

How to spot a phishing email

INC Ransom takes responsibility for Stark Aerospace compromise

Italian senator targeted by Russian hacker threats

Local schools impacted by massive PowerSchool data breach, lawsuit filed

Matagorda County declares disaster after cyber attack disrupts internal systems; Investigation underway

Microsoft, Apple Remain Most Imitated Brands for Scammers in Q4 2024

Millions Impacted by PowerSchool Data Breach

More than 2,000 SonicWall devices vulnerable to critical zero-day

Nearly half of CISOs now report to CEOs, showing their rising influence

New Ransomware Attacking VMware ESXi Hosts Via SSH Tunneling

North America Faced Majority of Ransomware Incidents in December 2024

North Korean Cyber Fraud Scheme Targets U.S. Firms, DOJ Indicts Five Individuals

North Korean IT workers are extorting employers, FBI warns

North Korean IT Workers Demands Ransomware By Stealing Companies Source Codes

North Korean IT Workers Holding Data Hostage for Extortion, FBI Warns

North Korean IT Workers Steal Companies Source Codes to Demand Ransomware

Oppo confirms data breach in Thailand, denies it was linked to loan app

Ottawa Catholic School says breach at tech vendor PowerSchool compromised students’ data

PayPal penalized $2 million over data breach involving 35K Social Security numbers

Phishing alert as Hong Kong workers warned to be wary of fake company emails

Phishing campaign mimics CAPTCHA to spread malware

Phishing is the Top Security Threat For Smartphone Users

PowerSchool Data Breach Affects Over 2.4 Million Canadian Students

Professional Finance Company Settles Class Action Data Breach Lawsuit for $2.5 Million

Purdue University officials say data breach claim on social media is unfounded

Quantum Computers Are Coming for Your Crypto Keys, But Not Yet

RANsacked: Over 100 Security Flaws Found in LTE and 5G Network Implementations

Ransomware Gangs Linked by Shared Code and Ransom Notes

Red Deer Public Schools (RDPS) provides update on PowerSchool data breach

Russian Scammers Target Crypto Influencers with Infostealers

Russian telecom company Rostelecom says vendor data breach compromised subscribers’ personal data

Singapore: Looking to buy Chinese New Year (CNY) goods? Beware of phishing and malware scams, police warn

Space Bears ransomware gang claims hack of Christian Community Aid

Subaru Starlink flaw let hackers hijack cars in US and Canada

The breach that probably isn't: The 'alleged' ICICI Bank data leak

The 'Phantom Hacker' Scam Currently Targeting Apple and Android Products

The Ransomware Groups Targeting Healthcare Organizations

The rising tide of ransomware and what it means for small and medium-sized businesses

The top 10 brands exploited in phishing attacks - and how to protect yourself

Top 10 cyber incidents revealed

UK Government Publishes Consultation on Proposals to Reduce the Threat of Ransomware Attacks

UnitedHealth confirms 190 million Americans affected by Change Healthcare data breach

UnitedHealth gave hackers easy access to Change data, new lawsuit claims

University of Texas at El Paso (UTEP) warns students after phishing attack targets accounts

US Charges Five in North Korean IT Worker Hiring Scam

US indicts five individuals in crackdown on North Korea’s illicit IT workforce

23rd January

9 Internal Data Breach Examples to Learn From

73% of Education Orgs Suffered a Cyber-attack in Past 5 Years

84% of healthcare organizations identified a data breach last year

A blueprint for fighting ransomware in 2025

Account Credentials for Security Vendors Found on Dark Web

AIDS vaccine non-profit suffers hacker attack

Allegheny Health Network reports a data breach involving IT vendor

Attackers Pose as IT Support, Hack Systems via Microsoft Teams Calls

Bad news - businesses who pay ransomware attackers aren’t very likely to get their data back

Battling Ransomware: How Healthcare Organizations Can Strengthen Cybersecurity to Protect Patient Data

BCP Council apologises over 'data breach' by officer

Beware: Fake CAPTCHA Campaign Spreads Lumma Stealer in Multi-Industry Attacks

Bookmakers Ramp Up Efforts to Combat Arbitrage Betting Fraud

Chained Vulnerabilities Exploited in Ivanti Cloud Service Appliances

Chinese PlushDaemon APT Targets S. Korean IPany VPN with Backdoor

Cisco fixes ClamAV vulnerability with available PoC and critical Meeting Management flaw

Cisco Fixes Critical Privilege Escalation Flaw in Meeting Management (CVSS 9.9)

Cisco Fixes Critical Vulnerability in Meeting Management

Cisco Warns of Critical Privilege Escalation Vulnerability in Meeting Management Platform

CISOs are juggling security, responsibility, and burnout

CISOs Dramatically Increase Boardroom Influence but Still Lack Soft Skills

Companies who pay off ransomware attackers rarely get their data back, survey shows

Custom Backdoor Exploiting Magic Packet Vulnerability in Juniper Routers

Cybercrooks impersonate Gravatar and ProtonMail to phish people

CyberMaxx Q4 2024 Ransomware Research Report reveals Q4 witnessed the most attacks in any single quarter to date

Data breach exposes information of 550,000 individuals: Oxfam's security lapses under scrutiny

Data breach hitting PowerSchool looks very, very bad

Data recovery after fulfilling ransomware attack demands mostly unlikely

Defense strategies to counter escalating hybrid attacks

Department of Defense (DoD) defense contractor Stark AeroSpace potentially breached by INC ransomware

Department of Justice (DOJ) indicts two Americans for running laptop farm used in North Korea IT worker scam

Did 4,677 emails from the Yachats city manager look odd? It was a “phishing” scheme — so delete it!

Entire Georgian country population exposed in a massive data leak

Evidence seized in high-profile Kitchener hacker case heads to U.S.

Experts Find Shared Codebase Linking Morpheus and HellCat Ransomware Payloads

FBI Agents’ Call And Text Logs Potentially Stolen In Data Breach

Four Critical Ivanti CSA Vulnerabilities Exploited - CISA and FBI Urge Mitigation

GhostGPT: Uncensored Chatbot Used by Cyber Criminals for Malware Creation, Scams

GhostGPT – New AI Black Hat Tool Used by Hackers to Generative Malware & Exploits

GhostGPT offers AI coding, phishing assistance for cybercriminals

Hacker Breaches Nasdaq’s X Account, Promotes Fake Memecoin

Hackers allegedly breach ICICI bank, demand ransom by January 24th

Hackers are abusing Zendesk to run brand impersonation scams

Hackers Deliver Ransomware on Windows Via Microsoft Teams Voice Calls

Hackers found a way to remotely unlock, start, and track millions of Subarus

Hackers imitate Kremlin-linked group to target Russian entities

Hackers still exploiting older Ivanti bugs to breach networks

Halton, Peel and Dufferin school boards reveal scope of data breach

Hanover County Public Schools impacted by data breach; student and teacher information accessed

Hanover County Public Schools’ student, staff information hacked in global data breach

Healthcare ransomware targets are shifting

HellCat and Morpheus: Two Brands, One Payload as Ransomware Affiliates Drop Identical Code

Hewlett Packard investigating a significant data theft by the IntelBroker hacker group

Hong Kong: Privacy watchdog records 30% rise in data breaches

Hong Kong workers most vulnerable to phishing emails, study reveals

How to better protect your data following Canada-wide school cyberattack

Hundreds of fake Reddit sites push Lumma Stealer malware

ICICI Bank Data Breach – BASHE Ransomware Group Allegedly Leak Bank Customers Data

ICICI Bank Faces Potential Data Breach; Suspected Ransomware Group ‘BASHE’ Involved

Introducing GhostGPT - The New Cybercrime AI Used By Hackers

Juniper enterprise routers backdoored via “magic packet” malware

KnowBe4 report links cyber insurance to security needs

Korea fines Donghwakwon and SK Stoa over personal information breaches

Lawsuits filed after data breach hits central Ohio schools

Lawsuits Filed Following Massive PowerSchool Data Breach

LinkedIn lawsuit alleges secret use of private messages for generative AI training

LinkedIn sued for allegedly training AI models with private messages without consent

Meet GhostGPT: The Malicious AI Chatbot Fueling Cybercrime and Scams

Microsoft, Apple top most impersonated brands by scammers in Q4 2024

N.B. Liquor stopped attempted cyber attack, CEO says

Network security firm SonicWall warns about critical vulnerability affecting its gateways

New GhostGPT AI Chatbot Facilitates Malware Creation and Phishing

New Phishing-as-a-Service (PhaaS) kits boost phishing threats with advanced tools

New Supply Chain Attack Targeting Chrome Extensions to Inject Malicious Code

New York fines PayPal $2 million for shoddy security practices

Nnice Ransomware Attacking Windows Systems With Advanced Encryption Techniques

North Korea hack group possibly behind $70 million Phemex exploit, experts say

North Korean IT workers steal source code to extort employers

Ongoing Campaign Targeting Amazon Web Services S3 Buckets

Over 60 Million kids’ data may have been stolen: What you need to know

'Oxfam data breach due to outdated firewalls'

Palo Alto Firewalls Found Vulnerable to Secure Boot Bypass and Firmware Exploits

PayPal fined $2M for exposing New Yorker’s social security numbers

PFS Investments Inc. Files Notice of Recent Data Breach Leaking Confidential Information

Phishing Campaigns Became a Lot More Sinister in 2024

PowerSchool data breach: Explaining how it happened

PowerSchool data breach a ‘statewide issue,’ 300K+ teachers’ social security numbers exposed

PowerSchool Data Breach May Have Affected 62 Million Kids, 9.5 Million Teachers

PowerSchool data breach now at 2.4M Canadian kids. How to protect yourself

Powerschool partners with Experian to provide identity protection after data breach

QakBot-Linked BackConnect (BC) Malware Adds Enhanced Remote Access and Data Gathering Features

QNAP fixes six Rsync vulnerabilities in NAS backup, recovery app

RansomHub lays claim on American Standard, Grohe breaches

Record Number of Ransomware Attacks in December 2024

Red Deer Public Schools updates parents on data breach

Report highlights urgent need for cyber insurance

Rostelecom Investigates Suspected Cyberattack on Contractor

Russian Threat Groups Pose as Tech Help Services to Infiltrate Systems

Scammers really like to impersonate Microsoft

Senior Living Operator Settles Data Breach Impacting 61,000

SentinelOne report highlights shared tactics between HellCat and Morpheus ransomware groups

SonicWall SMA appliances exploited in zero-day attacks (CVE-2025-23006)

SonicWall Urges Immediate Patch for Critical CVE-2025-23006 Flaw Amid Likely Exploitation

SonicWall warns of SMA1000 RCE flaw exploited in zero-day attacks

Stealthy Chinese hackers target VPN users via infected installer

Stealthy 'Magic Packet' malware targets Juniper VPN gateways

Student records since 2005 caught up in data breach: York Region District School Board

Synnovis cyber attack caused two cases of severe patient harm

Taking a Threat Adapted Approach to Vulnerability Management

Texas probes four more car companies over how they collect and sell consumer data

The next major cyber attack is coming - are we prepared?

This devious phishing site repurposes legitimate web elements like CAPTCHA pages for malware distribution

Tornillo Independent School District cyber attack exposes student and teacher info to unauthorized foreign user

Toronto school district says vendor data breach impacted student data dating back 40 years

TRIPLESTRENGTH Hits Cloud for Cryptojacking, On-Premises Systems for Ransomware

TripleStrength targets cloud and on-premise systems

Trustwave outlines 80% rise in ransomware by 2025

Tycoon 2FA Phishing Kit Using Specially Crafted Code To Evade Detection

‘Tycoon 2FA’ phishing-as-a-service updated to ‘prevent security inspection’

Tycoon Phishing Service Adds New Capabilities

Ulster, New York, Grapples With Aftermath of Ransomware Attack

What Makes Bulletproof Hosting Providers a Growing Danger in Australia

Where are the Fortinet admins? Nearly 50K devices left unpatched and widely exploited

Why Amazon Web Services (AWS) S3 Buckets Are the New Target for Ransomware Campaigns

22nd January

73% of UK Education Sector Hit by Cyber-Attacks in Past Five Years

84% of organizations say lack of AI transparency led to compliance issues

48,000+ internet-facing Fortinet firewalls still open to attack

Account Compromise and Phishing Top Healthcare Security Incidents

Amazon Web Services (AWS) Releases Best Security Practices To Mitigate Ransomware Attacks

Blacon High School cancels classes indefinitely to recover from a cyber attack

BreachForums Admin Conor Fitzpatrick (Pompompurin) to Be Resentenced

BreachForums admin to be resentenced after appeals court slams supervised release

Canadian e-commerce giant North Pole Company faces alleged data breach affecting over 500,000 customers

Chester high school remains closed as cyber attack probe 'ongoing'

China-aligned PlushDaemon APT compromises supply chain of Korean VPN

China-linked hacker group targets victims in East Asia with malicious VPN installers

Cisco warns of denial of service flaw with PoC exploit code

Class Action Lawsuit Attorneys Investigating Stiiizy Data Breach

Cloudflare Content Delivery Network (CDN) flaw leaks user location data, even through secure chat apps

Cloudflare Mitigates Massive 5.6 Tbps Mirai-Variant DDoS Attack

Cloudflare Mitigates Record-Breaking 5.6Tbps DDoS Attack

Conduent confirms cybersecurity incident behind recent outage

Conduent confirms outage was due to a cybersecurity incident

Critical infrastructure in crosshairs as ransomware attacks soar

Critical zero-days impact premium WordPress real estate plugins

Cyberattack Hits PowerSchool, Exposing Personal Data of Students and Staff

Data breach in Texas exposes personal information of over 61,000 residents

Default Teams configurations exploited in ransomware attacks

Email attacks surge in APAC, phishing up by 30% in 2024

Extensive data breach at Upper Canada District School Board (UCDSB)

Hackers Exploit Zero-Day in cnPilot Routers to Deploy AIRASHI DDoS Botnet

Healthcare Under Attack: Ransomware Groups Increasingly Target Hospitals and Clinics

Helldown Ransomware Exploiting Zyxel Devices Using Zero-Day Vulnerability

Hewlett Packard Enterprise (HPE) investigates alleged data breach by IntelBroker

IPany VPN breached in supply-chain attack to push custom malware

Keewatin-Patricia District School Board provides update on PowerSchool Data Breach

Major Cybersecurity Vendors' Credentials Found on Dark Web

Massive data breach at Minnesota Peace Officer Standards and Training (POST) Board exposes identities of undercover officers

Microsoft services exploited in separate ransomware campaigns

Microsoft's LinkedIn sued for disclosing customer information to train AI models

Mirai botnet behind the largest DDoS attack to date

Mirai Botnet Launches Record 5.6 Tbps DDoS Attack with 13,000+ IoT Devices

New proposals to counter ransomware

Newly emergent Nnice ransomware examined

Opioid Misuse treatment centre confirms a major cyber attack on its systems

Oracle Releases January 2025 Patch to Address 318 Flaws Across Major Products

Personal info, including banking details, exposed in Upper Canada District School Board (UCDSB) data breach

PlushDaemon APT Targeted South Korean VPN Software

PlushDaemon APT Targets South Korean VPN Provider in Supply Chain Attack

PowerSchool data breach hit nearly 1.5 Million past, present Toronto students

PowerSchool hacker claims they stole data of 62 million students

Preparing for evolving ransomware threats in 2025

Privacy professionals feel more stressed than ever

Ransomware Attacks Surge to Record High in December 2024

Restaurant booking platforms overrun with bots trying to steal data, study says

Rostelecom, Russia telecom giant, investigates leak of company data

Russian Spear-Phishing Campaign Targets WhatsApp Accounts

School boards say they can’t track former students in cybersecurity breach

Telegram captcha tricks you into running malicious PowerShell scripts

Threat Actors Delivering Ransomware Via Microsoft Teams Using Voice Calls

Threat of another cyber attack still ‘very significant’, Hackney Council warns

Two ransomware groups abuse Microsoft’s Office 365 platform to gain access to target organizations

Tycoon 2FA Phishing Kit Upgraded to Bypass Security Measures

Upper Canada District School Board (UCDSB) discloses extensive data breach from January 5th cyber attack

US experiences 47% of global utilities cyberattacks

What PowerSchool isn’t saying about its ‘massive’ student data breach

Zendesk exploit allows phishing scams, CloudSEK reports

Zendesk’s Subdomain Registration Exposed to Phishing, Pig Butchering Scams

21st January

7-Zip fixes bug that bypasses Windows Mark of the Web (MotW) security warnings, patch now

37% of privacy professionals cite lack of resources as cause of stress

13,000 MikroTik Routers Hijacked by Botnet for Malspam and Cyberattacks

Addressing the intersection of cyber and physical security threats

Almost 10% of GenAI Prompts Include Sensitive Data

Android, iPhone Security Alert - Act Now, 24% Of All Users At Risk

AT&T data breach exposes FBI call logs, raising concerns over informant safety

Blood Donation Service Confirms July 2024 Ransomware Attack Resulted in Personal Data Breach

Canada's privacy commissioner in talks with PowerSchool over data breach

Cloudflare mitigated a record-breaking 5.6 Tbps DDoS attack

Computer Emergency Response Team of Ukraine (CERT-UA) Warns of Cyber Scams Using Fake AnyDesk Requests for Fraudulent Security Audits

Critical Mozilla Vulnerabilities Prompt Urgent Updates for Firefox and Thunderbird Users

Cyber attack on Lykke: theft of more than $22 million in cryptocurrencies and suspension of operations

Dangerous new Nnice ransomware laughs at victims by replacing file extensions with ‘.xdddd’

December 2024 Healthcare Data Breach Report

Delaware Valley School District Hit by Data Breach

Disciplinary and special education records of Toronto students may have leaked in PowerSchool breach

Ex-CIA Analyst Pleads Guilty to Sharing Top-Secret Data with Unauthorized Parties

Fake Homebrew Google ads target Mac users with malware

Forescout Report Details Hunters International Ransomware Gang Tactics

Gateshead Council investigating a major ransomware attack on its systems

GDPR Fines Total €1.2bn in 2024

Government IT contractor Conduent says 'third-party compromise’ caused outages

Govtech giant Conduent won’t rule out cyberattack as outage drags on

Hackers are abusing Zendesk to run brand impersonation scams

Hackers impersonate Ukraine’s Computer Emergency Response Team (CERT) to trick people into allowing computer access

Hewlett Packard Enterprise (HPE) Investigates After Alleged Data Breach

Hewlett Packard Enterprise Investigates Data Leak Claims on the Dark Web

Hewlett Packard Enterprise (HPE) Investigates Hacker’s Claim Of Selling Stolen Source Code

Hewlett Packard Enterprise Investigates Possible Breach, Source Code Theft

Hewlett-Packard Enterprise (HPE) confirms data breach probe after IntelBroker claims

Hewlett-Packard Enterprise (HPE) investigates possible data breach by IntelBroker

Hewlett-Packard Enterprise (HPE) investigating claims that hacker breached developer environments, source code

Hewlett-Packard Enterprise (HPE) investigating security breach after hacker claims theft of sensitive data

Hewlett-Packard Enterprise (HPE) probes hacker claim involving trove of sensitive company data

High school temporarily closes due to ransomware attack

High Severity Vulnerability Discovered in CP Plus Router: Immediate Attention Needed

IntelBroker claims responsibility for breach of Hewlett Packard Enterprise, selling sensitive data online

Is Your School Next? Ransomware Attack Forces UK High to Shut Down

Japan Forced to Deal with 210+ Cyber Breaches Linked to China’s MirrorFace Hackers

Labels manufacturer Avery says ransomware attack impacted over 60,000 customers

Medusa Ransomware: What You Need To Know

Meta wants court to overturn ‘disproportionate’ €91m fine for data breach

Microsoft Teams abused in Russian email bombing ransomware campaign

Microsoft Teams vishing attacks trick employees into handing over remote access

Mirai Variant Murdoc_Botnet Exploits AVTECH IP Cameras and Huawei Routers

Most European Privacy Teams Are Understaffed and Underfunded

Nash County Public Schools affected by data breach

New Contacto Ransomware Evades AV Detection & Uses Windows Console For Execution

New Cyber Threat Exposed: Advanced Techniques Used to Target German Systems

New Mirai Variant Murdoc_Botnet Launches DDoS Attacks via IoT Exploits

New Mirai Malware Variant Targets AVTECH Cameras, Huawei Routers

New Russian campaign abuses Microsoft Teams to exfiltrate data

North Pole Company data breach exposes details on half a million users

Oracle To Address 320 Vulnerabilities in January Patch Update

Ottawa Catholic School Board students' data accessed in cyber attack

Phishing Risks Rise as Zendesk Subdomains Facilitate Attacks

Phishing scams were 2024’s most common smartphone security threat

Phishing YouTube channels and links are stealing credentials

PNGPlug Loader Delivers ValleyRAT Malware Through Fake Software Installers

PowerSchool data breach exposed student data from 1985 to 2024

Ransomware Attack Forces UK Blacon High School to Close Doors for Students

Ransomware Attack Forces UK Brit High School to Close Doors For Students

Ransomware attackers are “vishing” organizations via Microsoft Teams

Ransomware gangs pose as IT support in Microsoft Teams phishing attacks

Ransomware groups pose as fake tech support over Teams

Redline, Vidar and Raccoon Malware Stole 1 Billion Passwords in 2024

Rivers Casino class action claims data breach exposed customers’ personal info

Russian Ransomware Groups Deploy Email Bombing and Teams Vishing

Russian Ransomware Hackers Impersonate IT Support on Microsoft Teams

Russian ransomware hackers increasingly posing as tech support on Microsoft Teams

Russian telecom giant Rostelecom investigates suspected cyberattack on contractor

Scam Yourself attacks: How social engineering is evolving

Scholastic data breach reportedly affects 8 million

Several Swiss municipalities and banks hit by cyberattack

Several Swiss websites affected by hacker attacks

‘Sneaky Log’ Microsoft Spoofing Scheme Sidesteps Two-Factor Security

Student information dating back to 1998 affected by data breach at Ottawa Catholic School Board

Student names, addresses exposed in cyber attack on Mississauga, Brampton schools

Students, Educators Impacted by PowerSchool Data Breach

Teen hacks oil tankers for fun, Italy doesn’t get the joke

Texas State Office Fires 7 Employees After Data Breach

Threat actors abusing Microsoft Teams in ransomware attacks

Toronto school district says 40 years of student data stolen in PowerSchool breach

Tunneling Flaws Put VPNs, CDNs and Routers at Risk Globally

Two-factor authentication phishing kit targets Microsoft 365 accounts

UK high school disrupted by ransomware intrusion

UK High School Shuts for Two Days Following Ransomware Attack

UK wants to ban ransomware payments from public institutions

UK’s New Digital IDs Raise Security and Privacy Fears

Ukraine’s state register restored after Russian cyber attack

20th January

50 Million Potentially Compromised In PowerSchool Data Breach

A gotcha with iMessage scams, powered by Chinese phishing kit

Achieving rapid threat analysis and response

AI-driven insights transform security preparedness and recovery

Allegheny Health Network Files Official Notice of Data Breach Following Cybersecurity Incident at Vendor

Belsen Group Leaks 15,000+ FortiGate Firewall Configurations

BianLian Hacker Group Claims ‘MassDevelopment’ Breach, Exfiltrating 4TB of Sensitive Data

Canada’s privacy watchdog ‘concerned’ about students’ personal info after data breach

Canada's privacy watchdog 'concerned' about students' personal info after data breach

Canada’s Privacy Watchdog Raises Concerns Over PowerSchool Data Breach

Canadian cities are only one cyber attack away from catastrophe

Chester high school forced to shut after cyber attack

Computer Emergency Response Team of Ukraine (CERT-UA) warns against “security audit” requests via AnyDesk

Cryptocurrency fraud on Telegram exceeds traditional phishing attacks

Cyber attack cost Synnovis estimated £32.7 million in 2024

Cyber attack on New York law firm impacted close to 3.5 million individuals

Cyber incident at Ontario’s largest school board involves data going back to 1985

Cybersecurity agency recommends list of apps to guard against malware, phishing attacks

Cybersecurity cases in Hong Kong hit 5-year high in 2024, aided by AI

Data Breach Exposes 61,000 Texans After State Employees Improperly Access Info

Data on Half a Million Hotel Guests Exposed After Otelier Breach

Decentralization is happening everywhere, so why are crypto wallets “walled gardens”?

Delaware Valley School District (DVSD) suffers data breach

DoNot Team Linked to New Tanzeem Android Malware Targeting Intelligence Collection

Emerging Cybersecurity Trends to Keep an Eye On in 2025

Enzo Biochem to pay $7.5 million to settle data breach class action lawsuit

FBI and CISA alert software vendors: stop hardcoding secrets, use secure cryptography

Fintech Bill Pay Platform “Willow Pays” Exposes Over 240,000 Records

Former CIA Analyst Pleads Guilty to Sharing Top Secret Files

FunkSec Ransomware Dominating Ransomware Attacks, Compromised 85 Victims In December

Government consultation considers measures to disrupt ransomware payments

GuidePoint warns of Python backdoor used in ransomware

Hackers Can Now Disable iMessage Anti-Phishing Protection, Posing Serious Risks

Hackers Deploy Malicious npm Packages to Steal Solana Wallet Keys via Gmail SMTP

Healthcare Data Breach Statistics

Hewlett Packard Enterprise (HPE) data breach could be a nightmare for its customers

Hewlett Packard Enterprise (HPE) investigates breach as hacker claims to steal source code

Hewlett Packard Enterprise (HPE) Investigating Breach Claims After Hacker Offers to Sell Data

Hewlett Packard Enterprise (HPE) is investigating IntelBroker’s claims of the company hack

Hewlett Packard Enterprise (HPE) Launches Investigation After Hacker Claims Data Breach

High school forced to close after cyber attack

Hongkongers victimized in record high phishing scams of 2024

Houses of Parliament blocks more than 46 million email attacks over three years

How Star Blizzard Exploits WhatsApp in Spear Phishing Campaign

HPE’s sensitive data exposed in alleged IntelBroker hack

Iannuzzi Manetta & Co. Notified Current and Former Customers of Recent Data Breach

Indian APT Group DONOT Misuses App for Intelligence Gathering

Irish companies 'a mixed bag' of readiness on tough new EU cyber attack laws

Law firm counts cost of cyber attack

Lessons learnt from web security in 2024 - and why we must stay vigilant

LifeBridge Health Posts Notice of 2024 Data Breach Affecting Patient SSNs and Medical Info

Luxembourg: Warning of fraudulent parking meter stickers

Massive data breach hits Otelier, exposing millions of hotel guests' personal information

Massive National Bureau of Investigation (NBI) Data Breach Exposes Millions of Users Records Online

Millions of hotel guest reservations leaked in Otelier data breach

Money Message ransomware gang lists Queensland medical clinic

Morrison Community Hospital Agrees to $675K Settlement to Resolve Ransomware Lawsuit

Novel Adversary-in-the-Middle (AiTM) Phishing Kit Sets Sights on Microsoft 365 Accounts

Omdia survey finds phishing attacks top smartphone security concern for consumers

One in ten GenAI prompts puts sensitive data at risk

Otelier data breach exposes sensitive hotel guest information across major brands

Philippines arrests Chinese national suspected of spying on critical infrastructure

Phishing Attacks Are the Most Common Smartphone Security Issue for Consumers

Phishing Campaign Attempts to Bypass iOS Protections

PowerSchool data breach: Toronto public school students from 1985 to 2024 impacted

PowerSchool Faces 23 Lawsuits Over Schools' Mega Data Breach

Privacy czar concerned about students' personal info as scope of data breach revealed

Probation for hacker who cracked 14,000 meconnect accounts to watch HBO for free

Ransomware attack forces British high school to shut doors

Ransomware Hit Causes School to Close

Russian Hackers Employ QR Code Phishing Campaign

Russian hackers target global officials with WhatsApp phishing campaign

School board data breach could include 40 years of student records

Smishing Scams Impersonating Toll Roads Rising Due to Enhanced Phishing Kits Sold by Hackers

Sterling Bank Loses N1.2 Billion In Major Cyber Attack On Its System

Survey finds phishing attacks top smartphone security concern for consumers

Telegram-Based “Sneaky 2FA” Phishing Kit Targets Microsoft 365 Accounts

Texas Health and Human Services Commission announces privacy breach impacting 61,000 people

The critical state of identity security

The danger of new AI-powered ransomware

The impact of the cyber insurance industry in resilience against ransomware

The Philippines National Bureau of Investigation (NBI) Data Breach Exposes Millions of Records on Cloud-Sharing Platforms

The U.K. is considering prohibiting ransom payments. It’s a difficult issue

This Sophisticated Scam Can Trick You When Booking a Hotel

Threat Actors Abuse Google Translate to Craft Phishing Links

Ukraine restores state registers after suspected Russian cyberattack

Ukraine's State Registers Restored Following Cyber-Attack

U.S. Sanctions Chinese Cyber Actors Behind Treasury Breach and Salt Typhoon Attacks

UAE Cyber Security Council announces successful countering of ransomware attacks, identification of hackers

Ukrainian state registers resume operations after cyberattack by Russia

Unsecured Tunneling Protocols Expose 4.2 Million Hosts, Including VPNs and Routers

US Sanctions Chinese Hackers for Treasury, Telecom Breaches

US Treasury sanctions Chinese cybersecurity firm and hacker behind US network breaches

US Treasury Sanctions Hacker and Sichuan Company Linked to Salt Typhoon Cyberattacks

Wolf Haldenstein data breach impacts about 3 Million individuals

Yubico Warns of 2FA Security Flaw in pam-u2f for Linux and macOS Users