Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 17th March and 23rd March 2025.23rd March
After Windows, hackers target Mac users in new Apple ID phishing scam
Coinbase Initially Targeted in GitHub Actions Supply Chain Attack; 218 Repositories' CI/CD Secrets Exposed
FBI warnings are true - fake file converters do push malware
Hacker Claims Sale of 6 Million Records Stolen from Oracle Cloud Servers
Hacker steals 8.4 billion won ($5.7 million) in HYBE shares owned by BTS member Jungkook
Japan's NTT warns customers' data breach
OpenAI Operator can perform phishing attacks autonomously
Oracle Cloud says it's not true someone broke into its login servers and stole data
Oracle Denies Massive Data Breach as Hacker Claims to Sell Six Million Records
22nd March
A Windows phishing campaign made its way to Mac – here’s how to protect your data
Attack Update As FBI Warns Email And VPN Users - Activate 2FA Now
Costa Rica government's YouTube account suffers cyber attack
Costa Rican President's YouTube Regains Control After Cyber Attack
Cyber Attack Targets Costa Rican Presidency's YouTube Account
Exploiting Critical Authenticated Bypass Vulnerabilities to Gain Admin Access on GitLab
FBI Warning As iPhone, Android Users ‘Bombarded’ By Chinese Attack
Hacker claims responsibility for replacing NYU’s website with apparent test scores, racial epithet
How Cybercriminals Exploit Notification Channels
How Cybercriminals Exploit Public Info for Attacks: Understanding Risks and Prevention
Largest U.S. Sperm Bank Suffers Data Breach Exposing Personal Information
Microsoft Trust Signing service abused to code-sign malware
New PayPal Scam Uses Real Emails - Here’s How to Avoid It
New York University (NYU) Website Hacked to Display Racist Garbage
Oracle Denies Breach - But Did a Hacker Really Steal 6 Million Records?
Oracle Denies Breach Amid Hacker’s Claim of Access to 6 Million Records
Over 3 million applicants’ data leaked on New York University (NYU) website
Rakuten Securities Issues Warning Over Phishing Scams Leading To Unauthorized Trading
U.S. Treasury Lifts Tornado Cash Sanctions Amid North Korea Money Laundering Probe
Union County Investigating Ransomware Attack
VanHelsing RaaS: An Expanding Ransomware-as-a-Service Model
VMware Vulnerabilities Exploited Actively to Bypass Security Controls & Deploy Ransomware
YouTube account of Costa Rica's presidency back online after cyber attack
21st March
5 ransomware threats facing the financial sector – and 5 ways to respond
14% of security leaders balance data security and business objectives
53% of security teams lack continuous and up-to-date visibility
21,899 Bank Customers Affected As US Lender Suffers Cybersecurity Breach, Hacker Taps Social Security Numbers and Other Sensitive Information
AI will make ransomware even more dangerous
AI-driven phishing scams exploded last year. The trend continues in 2025
AI-powered phishing attacks rose sharply in the last 6 months
Albabat Ransomware Attacking Windows, Linux & macOS by Leveraging GitHub
Albabat Ransomware Evolves to Target Linux and macOS
Albabat Ransomware Group Potentially Expands Targets to Multiple OS, Uses GitHub to Streamline Operations
Albabat Ransomware Targets Windows, Linux, and macOS via GitHub Abuse
Apple Password Flaw Exposes Users to Phishing Scams – Urgent Security Alert!
Arrests in Tap-to-Pay Scheme Powered by Phishing
Attackers Use Fake CAPTCHAs to Deploy Lumma Stealer RAT
Baidu executive’s daughter leaks personal info, company denies data breach
California Cryobank Alerts Consumers to Data Breach
Canada: Someone in Nunavut was scammed out of $3 Million last year. Royal Canadian Mounted Police (RCMP) are still trying to find out who did it
CERT-UA Warns of Escalating Cyberattacks Targeting Ukraine’s Defense Sector with DarkCrystal RAT
Checkpoint ZoneAlarm Driver Flaw Exposes Users to Credential Theft
China Borrows From Feds' Anti-Hacker Psychological Playbook
China-Linked APT Aquatic Panda: 10-Month Campaign, 7 Global Targets, 5 Malware Families
City of Mission expects ransomware impact to last months
Clearview AI settles class-action privacy lawsuit worth an estimated $50 million
Coinbase was primary target of recent GitHub Actions breaches
College Hospital Costa Mesa discovers more patient info exposed in 2024 data breach
Concerns grow over cyber attack at DHR Health
Cost of data breach
Costa Rica government's Youtube account suffers cyber attack
Cyber resilience: A boardroom imperative
Cybercriminals Exploit CheckPoint Antivirus Driver in Malicious Campaign
Cybercriminals Feast: 3.2 Billion Credentials Stolen as Infostealers and Ransomware Run Wild
Dark Web Data Breaches: The Alarming State in 2025
Data breach refuted by Baidu after user info leak
Delhi Police bust hacker gang after retired Defence Research and Development Organisation (DRDO) scientist duped of Rs 40 lakh
Ex-Michigan, Ravens Football Coach Charged with Hacking Athlete Accounts
EZ Pass scam texts about unpaid tolls continue to spread. Here's what to do
Fake Meta support agent will steal your passwords
Fake Out: Babuk2 Ransomware Group Claims Bogus Victims
Fake Semrush ads used to steal SEO professionals’ Google accounts
FBI asks Android and iPhone users in US to delete these messages immediately
Floridacentral Credit Union Settles Member Data Breach Class Action Lawsuit
Fog ransomware publishes victim’s IP-addresses
Fortinet-Targeting Ransomware Attacks Leave Devices Patched
Google Maps yanks over 10,000 fake business listings - how to spot the scam
Hacker attack on Watcher Guru: X account hacked to spread fake news about Ripple
Hacker group claims to have knocked out comms on 116 Iranian vessels
Hacker Pulls Off $8.4M Theft from Zoth Protocol After Admin Access Breach
Hacker steals $8.4 Million from Real-World Asset (RWA) restaking protocol Zoth
Hackers Use Fake Meta Emails to Steal Ad Account Credentials
Has Merkur’s player data breach raised further questions on security?
Have You Been Hacked? Cybercrime & Identity Theft in South Pasadena is Serious
Hellcat Ransomware Group Hacked Ascom Technical Ticketing System
How Security Professionals Can Prepare for the CISO Role
Infosys Agrees to $17.5 Million Settlement Following 2023 Data Breach
Infosys to Pay $17.5M in Settlement for 2023 Data Breach
iPhone, Android Users ‘Bombarded’ By Chinese Attack - Do Not Ignore FBI Warning
It's time to update Chrome ASAP - again! - to fix this critical flaw
Japanese Telecom Giant NTT Suffers Data Breach Impacting Nearly 18,000 Corporate Customers
Kaspersky Links Head Mare to Twelve, Targeting Russian Entities via Shared C2 Servers
KnowBe4 Report Highlights Latest Phishing Threats
Lafayette Federal Credit Union Provides Notice of Data Breach Following September 2024 Cyberattack
Links to the “free” TradingView version hide crypto-stealing malware on Reddit
Mac users are being targeted by a vicious new phishing scam. Here’s how to stay safe
Mac Users Should Be on the Alert for This New Phishing Scheme
Major Hacker Group Surpasses Tesla in Bitcoin Holdings
Malicious ads target Semrush users to steal Google account credentials
Malicious VSCode extensions deploy ransomware, exposing security gaps
Massive Oracle Cloud data breach exposes six million records
Massive Keenetic data leak uncovered: 1 Million households could be exposed
MEDUSA Ransomware Deploys Malicious ABYSSWORKER Driver to Disable EDR
Medusa Ransomware Uses Malicious Driver to Disable Anti-Malware with Stolen Certificates
MEDUSA Ransomware Using Malicious ABYSSWORKER Driver to Disable EDR
Medusa ransomware using malicious driver as EDR killer
Meta settles UK ‘right to object to ad-tracking’ lawsuit by agreeing not to track plaintiff
Microsoft’s Store Let Ransomware Slip Through – Is Your VSCode Editor Safe?
NAKIVO Backup & Replication vulnerability exploited by attackers (CVE-2024-48248)
Nearly 22,000 impacted by Western Alliance Bank breach
New Attacks Exploit Year-Old ServiceNow Flaws – Israel Hit Hardest
New Phishing Scam Uses Fake Instagram Chatbot to Hijack Accounts
New scam freezes your Mac and then steals your Apple ID
New York Attorney General secures $975K settlement from Root Insurance over data breach
Nice Healthcare Files Notice of Data Breach with Federal Government
Nigeria Data Protection Commission (NDPC) investigating TikTok, Truecaller for alleged data breach
Northwest Retirement Plan Consultants Reports Data Breach Following August 2024 Cyberattack
Novel Betruger backdoor deployed by RansomHub affiliate
One-third of UK Critical National Infrastructure (CNI) organisations admit to paying ransomware
Ongoing Cyber Attacks Exploit Critical Vulnerabilities in Cisco Smart Licensing Utility
Oracle denies breach after hacker claims theft of 6 million data records
OrthoMinds Begins Sending Data Breach Following November 2024 Cybersecurity Incident
Over 300 Critical Infrastructure Organizations Hit by Medusa Ransomware Attacks
Parental-control app SpyX suffers data breach exposing 2 million users
Pennsylvania Teachers Union Admits Cyberattack That Hit 500,000 People in July
Phishing Attacks Target Mac Users With Sophisticated Scareware
Phishing campaign shifts focus to Macs after browsers enhance security on Windows
Phishing email attacks are getting smarter: Can AI-driven solutions keep up?
Practice Makes Perfect: Why Ransomware Resilience Can Save Millions
Qilin ransomware attack shut Cleveland Municipal Court for over three weeks
Ransomware Crisis Deepens: Government Targets, Data Theft, and EZ Pass Fraud Warnings
Remote ransomware rising: Attackers increasingly encrypting files out of sight
Rooting Android invites hackers: up to 3,000 times more vulnerable
Russian zero-day seller is offering up to $4 million for Telegram exploits
Scam involving ransomware called Medusa is going around to take personal information through emails
Scammers cash in on tax season
Scammers Just Made Binance Phishing Texts Nearly Impossible to Detect
Someone claiming to be the Cleveland Municipal Court hacker is demanding a $4 million ransom to stop release of stolen information
Steam pulls game demo infecting Windows with info-stealing malware
Tech Giant Baidu Denies Data Breach Allegations Following Controversy Over Executive’s Daughter
Telecom giant Orange refutes hacker group's claim of 4.5TB data theft
The Future of Healthcare: Hacker-Resistant Medical Implants
The hidden risk in SaaS: Why companies need a digital identity exit strategy
These phishing attacks are now targeting Mac browsers - how to protect yourself
Trump order on information sharing appears to have implications for DOGE and beyond
UAT-5918 Targets Taiwan's Critical Infrastructure Using Web Shells and Open-Source Tools
UAT-5918 Threat Actor Targets Critical Infrastructure Entities in Taiwan with Mimikatz
Ulrich Investment Consultants Files Notice of October 2024 Data Breach
US removes sanctions against Tornado Cash crypto mixer
US Treasury removes sanctions on Tornado Cash after appellate court loss
Valve removes video game demo suspected of being malware
VanHelsing Ransomware Attacking Windows Systems With New Evasion Technique & File Extension
VanHelsing Ransomware Targets Windows Systems with New Evasion Tactics and File Extension
Vista Point Mortgage Files Notice of Data Breach
Watcher Guru official X account compromised by hacker
Watsonville Community Hospital still hasn’t notified all those affected by a November data breach; employees are reporting tax refund fraud
Wesizwe delays audited numbers owing to cyber-attack
20th March
5 pitfalls that can delay cyber incident response and recovery
62% of businesses risk missing new PCI DSS Phishing compliance deadline by failing to implement DMARC
70% of leaked secrets remain active two years later
500,000 Impacted by Pennsylvania Teachers Union Data Breach
A single RTX 4090 managed to brute force crack an Akira ransomware attack in just 7 days
AI Drives Surge in Browser-Based Phishing Attacks
Arete’s Annual Crimeware Report Analyzes Ransomware and Extortion Data from 2024
Babuk Ransomware Group Claims Attack on Telecommunication Firm Orange
Babuk2 Ransomware Issues Fake Extortion Demands Using Data from Old Breaches
Be Aware of Ongoing Phishing, Phone, and Shredding Scams
Better update now – a critical security flaw found in Apache Tomcat
Black Basta ransomware leak reveals potential Kremlin ties
BlackLock Ransomware: What You Need To Know
Brand impersonation is 51% of browser phishing attempts
Britain has 10 years to prepare for encryption-breaking quantum cyberattacks
Browser-based phishing attacks surge due to AI
Browser Security Under Siege: The Alarming Rise of AI-Powered Phishing
California sperm bank says cyber attack compromised patients' data
CERT-UA Warns: Dark Crystal RAT Targets Ukrainian Defense via Malicious Signal Messages
China, Russia, North Korea Hackers Exploit Windows Security Flaw
China's Baidu denies data breach after executive's daughter leaks personal info
Chinese military-linked companies dominate US digital supply chain
CISA Adds NAKIVO Vulnerability to Known Exploited Vulnerabilities (KEV) Catalog Amid Active Exploitation
CISA tags NAKIVO backup flaw as actively exploited in attacks
Cisco Smart Licensing Utility Vulnerabilities Under Hacker Exploitation
Cottrill’s Specialty Pharmacy Announces Data Breach Following January 2025 Cyber Incident
Criminals are using a virtual hard disk image file to host and distribute dangerous malware
Critical Cisco Smart Licensing Utility flaws now exploited in attacks
Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120)
Cybercrime karma: Babuk 2 ransomware steals from fellow crooks, makes fraudulent claims
Cybersecurity experts urge email users to take steps to guard against vicious ransomware scheme
Cybersecurity under siege: How AI and ransomware are redefining threats in the Middle East
Dark Crystal trojan targets Ukrainians via Signal messages
Dark Web Profile: FSociety (Flocker) Ransomware
Data breach at Pennsylvania education union potentially exposes 500,000 victims
Europol labels crypto and AI as a “money laundering cloak”
FBI issues alert on notorious ransomware group that targeted radiology practice
FBI urges Gmail, Outlook users to be on high alert for ransomware scheme
February 2025 Healthcare Data Breach Report
Federal judge blocks DOGE’s access to Social Security Administration’s banks of personal information
FishMonger APT Group Linked to I-SOON in Espionage Campaigns
Former Michigan football coach indicted in hacks of athlete databases of more than 100 colleges
From convenience to compromise: The rising threat of quishing scams
GitHub Action supply chain attack exposed secrets in 218 repos
Hackers are ramping up attacks using year-old ServiceNow security bugs to target unpatched systems
Hackers using AI agents more often for account takeover
HellCat hackers go on a worldwide Jira hacking spree
Hokkaido Jalan Website Shut Down Amid Suspected Cyber Attack
How to Protect Your Business from Cyber Threats: Mastering the Shared Responsibility Model
Infosys Pay $17.5M to Settle Data Breach Lawsuits
Israeli Spyware Graphite Targeted WhatsApp with 0-Click Exploit
Key Takeaways from the KnowBe4 2025 Phishing Threat Trends Report
Lake Washington Vascular Ransomware Attack Affects 21,500 Patients
Mac users beware - this Windows phishing scam is coming for you
Malware Madness: Check Point’s Report Unveils the Most Dangerous Cyber Threats of February
Maximum risk flaw affects major server remote management system MegaRAC
More Attacks Aimed at Android Devices Configured with Root Access
National Cyber Security Centre (NCSC) Sets 2035 Deadline for Post-Quantum Cryptography Migration
Nearly 2 Million hit by SpyX data breach
New custom malware Betruger backdoor used to carry out ransomware attacks
New KnowBe4 Report Reveals a Spike in Phishing Campaigns
New KnowBe4 Report Reveals a Spike in Ransomware Payloads and AI-Powered Polymorphic Phishing Campaigns
New LLM jailbreak technique can create password-stealing malware
Over Half a Million Hit by Pennsylvania Schools Union Breach
Parascript Announces Data Breach Following August 2024 Ransomware Attack
Pennsylvania State Education Association breach impacted over 500,000 educators
Phishing Attack Pivots to Mac After Windows Browser Defenses Improve
Phishing Attacks Abuse Microsoft 365 to Bypass Security Filters
Phishing Attacks Now Targeting Mac Browsers
Phishing campaign changes target from Windows to Mac users
Phishing campaign leverages Microsoft 365 infrastructure for attacks
Phishing-as-a-Service attacks rise in early 2025
RansomHub: Attackers Leverage New Custom Backdoor
RansomHub Affiliate Deploys New Custom Backdoor “Betruger” for Persistent Access
RansomHub affiliate leverages multi-function Betruger backdoor
RansomHub ransomware uses new Betruger ‘multi-function’ backdoor
Ransomware attacks are costing Government offices a month of downtime on average
Ransomware attacks surged 50% in February
Rooted Androids 3,000x More Likely to Be Breached, Even iPhones Not Safe
Rooted Devices 250 Times More Vulnerable to Compromise
Six Governments Likely Use Israeli Paragon Spyware to Hack IM Apps and Harvest Data
Spyware Maker SpyX Data Breach Exposes Nearly 2 Million Users Personal Data
SpyX Data Breach Exposes 2 Million Users, Including 17,000 Apple iCloud Credentials
SpyX Data Breach Exposes Personal Information of Nearly 2 Million Users
Taiwan critical infrastructure targeted by hackers with possible ties to Volt Typhoon
The Cyber Essentials Scheme’s 2025 Update and What it Means for Your Organisation
The State of Ransomware in 2025: The Growing Risk in Cloud Environments
This is one of the most sophisticated phishing attacks ever made against Mac users
Top 10 secrets iOS apps leak without you knowing
UK Critical National Infrastructure (CNI) Security Leaders Express Confidence in Cybersecurity, Despite 95% Breach Rate
UK Police Arrest 422 in Major Fraud Crackdown
UK sets timeline for country’s transition to quantum-resistant encryption
UK urges critical organizations to adopt quantum cryptography by 2035
VanHelsing ransomware uses double extortion on US, French government, manufacturing, pharma sectors
Veeam and IBM Release Patches for High-Risk Flaws in Backup and AIX Systems
Veeam RCE bug lets domain users hack backup servers, patch now
VenomRAT covertly distributed via VHD files
VSCode extensions found downloading early-stage ransomware
We can – and must – do better recovering from ransomware attacks
Western Alliance Bank admits cyber attack exposed 22,000 customers
Western Alliance Bank Data Breach Affects Nearly 22,000 Individuals
What is the average downtime for a ransomware attack on a government entity?
Why rooting and jailbreaking make you a target
WordPress security plugin WP Ghost vulnerable to remote code execution bug
YouTube Game Cheats Spread Arcane Stealer Malware to Russian-Speaking Users
Zero-Hour Phishing Attacks Exploiting Browser Vulnerabilities Increases by 130%
Zero-Hour Phishing Attacks Exploiting Browser Vulnerabilities Surge by 130%
Zero-Hour Phishing Attacks Up 130% Last Year
19th March
5 Identity Threat Detection & Response Must-Haves for Super SaaS Security
11 Nation-State Hackers Exploit Unpatched Windows Flaw Since 2017
752,000 Browser Phishing Attacks Mark 140% Increase Year-over-Year
Advanced Cyber Attack Exploits Booking Websites to Deploy LummaStealer Malware
After Hindustan Aeronautics Limited (HAL) loses ₹55L to ‘phishing’ net, police reach out to Interpol
AI Crypto Bot AIXBT Loses $106,200 in ETH Through Dashboard Breach
AI Fraud Is a Crisis in the Making, $40B Losses Are Just the Start
AI-driven threats fuel rise in phishing and zero-day attacks
Alleged Data Breach of Mexican Citizen Information Exposed 1.8M Records
Apple Passwords App Bug Left Users Unprotected Against Phishing Attacks for Months
Apple Passwords App Bug Left Users Vulnerable to Phishing Attacks for Months Before Being Fixed
Apple Passwords was open to targeted phishing attacks, before patch
Apple reveals Passwords bug leaving users exposed to potential phishing
Apple's New Passwords App Left Users Exposed To Phishing Attacks For Months Due To Serious HTTP Flaw
Apple's Passwords App Had a Security Flaw That Exposed Users to Phishing Attacks for Three Months
Billions of credentials were stolen from businesses around the world in 2024
California Cryobank confirms year-old cyber attack
Canadian provincial police appear to be using advanced commercial spyware
Center for Digestive Health reports data breach, sensitive information compromised
ChatGPT hit with privacy complaint over defamatory hallucinations
Chicago accounting firm faces class-action lawsuits over 2024 data breach
CISA Warns of Active Exploitation in GitHub Action Supply Chain Compromise
CISA Warns of Exploited GitHub Action CVE-2025-30066 – Users Urged to Patch
ClearFake Infects 9,300 Sites, Uses Fake reCAPTCHA and Turnstile to Spread Info-Stealers
Click Profit blocked by the Federal Trade Commission (FTC) over alleged e-commerce scams
Clop ransomware impersonators extort numerous targeted firms
Critical mySCADA myPRO Flaws Could Let Attackers Take Over Industrial Control Systems
Cydome analyzes Lab Dookhtegan cyber attack on Iranian oil tankers, provides mitigation action
Data breach at stalkerware SpyX affects close to 2 million, including thousands of Apple users
Dual Russian And Israeli National Extradited To The U.S. For His Role In The LockBit Ransomware Conspiracy
Dutch intelligence agencies are secretly collecting more information
Education sector unprepared for evolving cyberattacks, research finds
ESHYFT Allegedly Leaves Database Exposed, Leading to Potentially Large-Scale Data Breach
Europol Warns of “Shadow Alliance” Between States and Criminals
FBI Warns Users of the Hidden Dangers Behind Free File Converters: You'll Be Fishing Malware Instead
Fortinet Vulnerability Exploited in Ransomware Attack, CISA Warns
Gartner Warns Agentic AI Will Accelerate Account Takeovers
German gambling giant Merkur exposed the data of over 1 million customers
Gmail & Outlook users need to watch out for Medusa ransomware
Government agencies face up to $96m recovery bills as ransomware hits record high
Hacked, leaked, exposed: Why you should never use stalkerware apps
Hacker breaks into AI crypto bot AIXBT’s dashboard to snatch 55 ETH
Hacker Exploits AI Crypto Bot AIXBT, Steals 55 ETH
Hacker Weaponizing Hard Disk Image Files To Deliver VenomRAT
Hackers are now going after crypto AI bots as well
Hackers claim Orange attack, threaten to leak 1TB of data
Hackers Exploit Severe PHP Flaw to Deploy Quasar RAT and XMRig Miners
Hackers exploit zero-day flaw in Western Alliance Bank data breach
Hackers Hide VenomRAT Malware Inside Virtual Hard Disk Image File
Half a million people impacted by Pennsylvania State Education Association data breach
Hazel Hawkins Memorial Hospital discovers ransomware threat is a hoax
Here’s how to make your email resistant to ransomware attacks
Insights from the front: Cyber security arms race picks up
Julius Caesar Linked To 890,000 New Phishing Attacks
Lake Washington Vascular Notifies Over 21,000 People of Recent Data Breach
Leaked Black Basta Chats Suggest Russian Officials Aided Leader's Escape from Armenia
Linux Foundation's trust scorecards aim to battle rising open-source security threats
Malware campaign 'DollyWay' breached 20,000 WordPress sites
‘Massive spike’ in phishing-as-a-service attacks in 2025
Moving beyond checkbox security for true resilience
New Arcane infostealer infects YouTube, Discord users via game cheats
New Ransomware Attacks are Getting More Personal as Hackers ‘Apply Psychological Pressure’
New Zealand Computer Emergency Response Team (CERT NZ) Warns of Critical Apache Tomcat Vulnerability (CVE-2025-24813) Under Active Exploitation
Overconfidence in cybersecurity increases risks for organizations
Pennsylvania education union data breach hit 500,000 people
Phishing attack targets nearly 12,000 GitHub repositories with fake security alerts
Phishing-based attacks have risen 140% year-over-year
Protecting your iCloud data after Apple’s Advanced Data Protection removal in the UK
Ransomware Gang Claims Breach of Telecom Giant Orange
Ransomware Top Predicted Cybersecurity Threat for 2025
Researchers name several countries as potential Paragon spyware customers
Researchers name six countries as likely customers of Paragon’s spyware
Researchers Use AI Jailbreak on Top LLMs to Create Chrome Infostealer
Residents' comments on Buckinghamshire Council planning applications removed after 'data breach'
Scam Alert: FBI ‘Increasingly Seeing’ Malware Distributed In Document Converters
Scareware Combined With Phishing in Attacks Targeting macOS Users
Serious HTTP Bug Leaves Apple’s Passwords Users Vulnerable to Phishing Attacks
Sneaky 2FA Joins Tycoon 2FA and EvilProxy in 2025 Phishing Surge
Sophisticated crypto address poisoning scams drain $1.2M in March
SpyCloud’s 2025 Identity Exposure Report Reveals the Scale and Hidden Risks of Digital Identity Threats
Stealthy Apache Tomcat Critical Exploit Bypasses Security Filters: Are You at Risk?
Targeted Microsoft 365 Tenants: Attackers Exploit Billing Emails for Phishing
The sixth sense for cyber defense: Multimodal AI
These 10 weak passwords can leave you vulnerable to remote desktop attacks
Threat Actor Claims to Have 2 Million Stolen Credit Card Records
Threat Actor Sells Alleged South African and Angolan Government Emails
Toll road text scam tricks users into revealing payment details
Top 10 Passwords Hackers Use to Breach RDP – Is Yours at Risk?
Trump admin’s removal of Democratic Federal Trade Commission (FTC) commissioners could shift its privacy efforts
Ukraine’s IT Army keeps up attacks on Russia despite waning media hype
Ukrainian military targeted in new Signal spear-phishing attacks
US Sperm Donor Giant California Cryobank Hit by Data Breach
US teachers’ union says hackers stole sensitive personal data on over 500,000 members
Western Alliance Bank confirms data breach affecting over 21,000 customers
WhatsApp patched zero-click flaw exploited in Paragon spyware attacks
Windows Shortcut Flaw Exploited by 11 State-Sponsored Groups
Zero Trust’s Reality Check: Addressing Implementation Challenges
18th March
1 in 3 security leaders say AI will make ransomware a greater threat
$20 Billion loss estimated from potential March Madness hacks
AI crypto bot AIXBT lost $100,000 worth of ETH after hacker gained unauthorized 'dashboard access'
American Civil Liberties Union of Rhode Island, Rhode Island Public Transit Authority (RIPTA), UnitedHealthcare New England move toward settlement in data breach lawsuit
Another Day, Another 216,000 Social Security Numbers Stolen From an Accounting Firm
Apple has revealed a Passwords app vulnerability that lasted for months
Apple’s Passwords app was vulnerable to phishing attacks for nearly three months after launch
Ascom affected by cyber attack
BADBOX 2.0 Botnet Infects 1 Million Android Devices for Ad Fraud and Proxy Abuse
Bitdefender reveals grim milestone in ransomware history
BlackBasta Ransomware Ties to Russian Authorities Uncovered
Blockchain gaming platform WEMIX hacked to steal $6.1 million
Buckinghamshire Council reports data breach on planning site
China identifies Taiwanese hackers allegedly behind cyberattacks and espionage
China Names Four Hackers of Taiwan’s Cyber Army Targeting Beijing Critical Infrastructure
China-Linked MirrorFace Deploys ANEL and AsyncRAT in New Cyber Espionage Operation
CISOs Lack Visibility Into Flaws, Fear Ransomware the Most
Critical AMI MegaRAC bug can let attackers hijack, brick servers
Data Breach Allegedly Hits PTS News Website, Millions of Records Claimed Stolen
Data Breach Hits California Cryobank
DeepSeek created Chrome infostealer without hesitation, company remains silent
Developer breaks Akira ransomware encryption in hours using cloud GPUs
Extortion Reboot: Ransomware Crew Threatens Leak to Snowden
Fake DeepSeek AI Installers, Websites, and Apps Spreading Malware
FBI Warns Michigan Gmail & Outlook Users Of Ransomware Scheme
Flashpoint report highlights rising cyberthreats, with infostealers and ransomware leading the way
Fortinet firewall bugs are being targeted by LockBit ransomware hackers
Free file converter sites and tools deliver malware
GitHub Action hack likely led to another in cascading supply chain attack
GPUs Tapped For Akira Ransomware Encryption
Grede Holdings Sends Out Round of Data Breach Letters Following January 2025 Cybersecurity Incident
Hackers claim they’ve breached Orange and have “very detailed” information
Hackers know half of passwords entered online, Cloudflare finds
Hackers target AI and crypto as software supply chain risks grow
How a researcher with no malware-coding skills tricked AI into creating Chrome infostealers
How AI agents help hackers steal your confidential data - and what to do about it
How financial institutions can minimize their attack surface
How phishing attacks are hitting the supply chain – and how to fight back
How to guard against a vicious Medusa ransomware attack - before it's too late
Inside A Cyberattack: How Hackers Steal Data
Large-Scale Malicious App Campaign Bypassing Android Security
Lloyds Bank accidentally leaks customer data due to human error
Malicious Android 'Vapor' apps on Google Play installed 60 million times
Medusa ransomware: CISA issues email security warning
Medusa Ransomware Surge: 60 Victims in 3 Months - Are You Next?
Microsoft identifies new RAT targeting cryptocurrency wallets and more
Microsoft Warns of StilachiRAT: A Stealthy RAT Targeting Credentials and Crypto Wallets
Municipalities in four states are struggling with cyberattacks limiting services
New Ad Fraud Campaign Exploits 331 Apps with 60M+ Downloads for Phishing and Intrusive Ads
New Critical AMI BMC Vulnerability Enables Remote Server Takeover and Bricking
New Report Highlights Common Passwords in RDP Attacks
New 'Rules File Backdoor' Attack Lets Hackers Inject Malicious Code via AI Code Editors
New trojan can spy, steal crypto and mask itself to avoid detection
New Windows zero-day exploited by 11 state hacking groups since 2017
Orange purportedly compromised by Babuk ransomware gang
Over 16.8 Billion Records Exposed as Data Breaches Increase 6%
Over 50 U.S. schools impacted in retirement service provider breach
Over 320K Medicare applications exposed, revealing patients’ health data
“Pay me or I tell Snowden:” are cybercriminals getting more desperate?
Phishing attacks and data breaches biggest threats for consumers
Poisoned Windows shortcuts found to be a favorite of Chinese, Russian, N. Korean state hackers
RansomHub using FakeUpdates scheme to attack government sector
Scammers Sneak 300+ Ad Fraud Apps onto Google Play with 60 Million Downloads
Security Researcher Proves GenAI Tools Can Develop Google Chrome Infostealers
Sperm donation giant California Cryobank warns of a data breach
Stealthy StilachiRAT steals data, may enable lateral movement
Take These Steps Now to Protect Your Data From Medusa Ransomware
Third of UK Supply Chain Relies on “Chinese Military” Companies
Threat Actor Claims Access to UAE Power Company’s Network
Threat Actor Claims to Possess 10GB of Stolen Login Credentials
U.S. Agencies Warn on Medusa Ransomware
Unpatched Windows Zero-Day Flaw Exploited by 11 State-Sponsored Threat Groups Since 2017
Western Alliance Bank notifies 21,899 customers of data breach
Western Alliance Bank says nearly 22,000 impacted by file transfer software breach
Western Alliance Bank says October cyber attack impacted 22,000 customers
17th March
£1 Million Lost as UK Social Media and Email Account Hacks Skyrocket
AI Module Security Flaws in Drupal: MyCERT Urges Immediate Patching
AI-supported spear phishing threatens APAC e-commerce
All your Alexa recordings will go to the cloud soon, as Amazon sunsets Echo privacy
Alleged LockBit developer extradited to the US
Amazon’s Controversial Change to Echo’s Privacy Settings Takes Effect Soon
Apache Tomcat Vulnerability Actively Exploited Just 30 Hours After Public Disclosure
As Medusa Ransomware Attack Surges, FBI Issues Critical Warning to Gmail & Outlook Users
Automated brute forcing tool leveraged in Black Basta ransomware intrusions
BlackLock Ransomware Hacked 40+ Organizations Within Two Months
BlackLock Ransomware Strikes Over 40 Organizations in Just Two Months
Brydens Lawyers investigating cyber incident that compromised client data
Bumble heightens safety measures with new ID verification feature
Chinese threat actor resided in US electric grid for almost one year
Coinbase users received mass-phishing emails from scammers over the weekend
Critical RCE flaw in Apache Tomcat actively exploited in attacks
Crypto exchange OKX shuts down tool used by North Korean hackers to launder stolen funds
Customers of “China‘s Amazon” had their passwords stolen, hackers say
Cyber ransomware: A growing threat in the digital age
Cyberattacks on Major Consumer Brands in 2024: Key Takeaways
Cybercriminals Exploit CSS to Evade Spam Filters and Track Email Users' Actions
Cybersecurity Officials Warn Against Potentially Costly Medusa Ransomware Attacks
DeepSeek can develop malware, cyber experts are sharing the risks
Department of Government Efficiency (DOGE) staffer violated Treasury rules by emailing unencrypted personal data
Do you use Gmail or Outlook? FBI, CISA issue warning about Medusa ransomware
Don’t Take the Bait: Coinbase & Gemini Exchange Users Targeted by Phishing Attack
FBI and CISA warn of a new wave of ransomware attacks
FBI has a ‘hacker’ warning for Gmail, Microsoft Outlook users
FBI issues national security warning to Gmail, Outlook email users
FBI Issues urgent warning: Secure your Gmail against rising ransomware & hacking threats
FBI Issues Warning: Scammers Target Gmail and Outlook Users with Deceptive Ransom Demands
FBI issues warning to Gmail, Outlook users about recent ransomware attacks
FBI Sounds Alarm on Medusa Ransomware Cyberattack: Here's How Organizations Can Protect Themselves
FBI Warning Issued for Medusa Threat: Everything You Need to Know
FBI warns Gmail, Outlook, and VPN users as Medusa ransomware attacks escalate
FBI, CISA Issue Warning To Gmail, Outlook And VPN Users About Medusa Ransomware Scheme
FBI, CISA Sound Alarm on Medusa Ransomware Surge
February 2025 reports record spike in ransomware attacks
Fog ransomware group claims a major data theft from radiology firm UDMI's systems
GitHub Action Compromise Puts CI/CD Secrets at Risk in Over 23,000 Repositories
GitHub project maintainers targeted with fake security alert
GitHub restores code following malicious changes to tj-actions tool
Gmail Users Get Urgent Warning From FBI As Hackers Spread Ransomware Attack
Google may also have received a Technical Capabilities Notice (TCN) from the UK government
Hackers are exploiting Fortinet firewall bugs to plant ransomware
Hackers claim major Chinese online shopping platform Taobao
Hackers claim they’ve breached Orange and have “very detailed” information
Hackers Exploit ChatGPT with CVE-2024-27564, 10,000+ Attacks in a Week
Hackers exploit fake audio issues to spread malware in virtual meetings
Here’s how to win the ransomware battle
How Economic Headwinds Influence the Ransomware Ecosystem
Identities of 12 million people in France potentially leaked in cyberattack: how to protect yourself
Indian CERT Flags Severe Vulnerabilities in Rising Technosoft Software
Infosys agrees to pay US$17.5 Million in data breach settlement
Investigation launched into Fakenham council's data breach
It's been 3 weeks. Cleveland Municipal Court is still not back to normal after cyber attack
Jaguar Land Rover Breached by HELLCAT Ransomware Group using Jira Credentials
Jaguar Land Rover Hit by HELLCAT Ransomware Using Stolen Jira Credentials
Lehigh Valley Health Network Agrees to Pay $65 Million Class Action Settlement to Patients after Ransomware Attack
LockBit ransomware developer extradited to the US
LockBit ransomware developer extradited to the USA
Malicious Code Hits ‘tj-actions/changed-files’ in 23,000 GitHub Repos
Mandatory Cyber Extortion Reporting: Why We Need It Now
Medusa Ransomware Hits Critical Infrastructure
Medusa Ransomware Strikes 300+ Targets: FBI & CISA Urge Immediate Action to #StopRansomware
Medusa Ransomware Warning: CISA and FBI Issue Urgent Advisory
Merkur Information Leak Raises Concern Over Data Protection
Microsoft 365 accounts are under attack from new malware spoofing popular work apps
Microsoft 365 environments exploited in business email attacks
'Mora_001' ransomware gang exploiting Fortinet bug spotlighted by CISA in January
New Akira Ransomware Decryptor Leans on Nvidia GPU Power
New decryptor targets Akira ransomware with GPU technology for Linux systems
New Phishing Scam Targets Coinbase, Gemini Users, Urging Transition to Self-Custody Wallets
New RAT malware used for crypto theft, reconnaissance
OKX Suspends DEX Aggregator After Lazarus Hack Attempt
OKX suspends DEX aggregator after Lazarus hackers try to launder funds
One of the most powerful ransomware hacks around has been cracked using some serious GPU power
OpenAI's AI Agent Exploitable in Phishing
Over 120,000 patients impacted in Florida hospital data breach
Phishing and data leaks: the biggest digital threats
Phishing campaign attacks 12,000 GitHub users with rogue OAuth app
Phishing campaign targets 12,000 GitHub repositories with fake security alerts
Ransomware hits record high, Australia among top targets
Researcher releases free GPU-Based decryptor for Linux Akira ransomware
Researchers Confirm BlackLock as Eldorado Rebrand
Rise in Phishing Attacks Fuels Growth in Passwordless Security
Scammers Impersonate Cl0p Ransomware in Fake Extortion Schemes
Scammers Pose as Cl0p Ransomware to Send Fake Extortion Letters
Secret-printing code, phishing attempts flagged on GitHub
Security Database Aims to Empower Non-Profits
SingCERT Alerts Public on Fraudulent Emails Impersonating Cyber Security Agency of Singapore (CSA) and Singapore Police Force (SPF)
SocGholish Exploits Compromised Websites to Deliver RansomHub Ransomware
SocGholish Leveraging Compromised Websites To Deploy RansomHub Ransomware
Sperm bank California Cryobank confirms data breach
StilachiRAT Exploits Chrome for Crypto Wallets and Credentials
Supply chain attack on popular GitHub Action exposes CI/CD secrets
Tata Technologies Hit by 1.4TB Data Breach; Ransomware Gang Demands Ransom for 730,000 Files
Temu’s sister company allegedly hit by ransomware, 700 Million users at risk
Texas man faces prison for activating ‘kill switch’ on former employer’s network
TFE hotels group suffers severe operational disruption following a cyber attack
Threat actors rapidly exploit new Apache Tomcat flaw following PoC release
TikTok rolls out a ‘Security Checkup’ tool to help users secure their accounts
Tj-actions Supply Chain Attack Exposes 23,000 Organizations
Unpatched Edimax Camera Flaw Exploited for Mirai Botnet Attacks Since Last Year
Upstate school district remains offline after data breach
US extradites alleged LockBit developer
US Legislators Demand Transparency in Apple's UK Backdoor Court Fight
Warning! FBI Alerts Gmail, Outlook Users of Sneaky New Hacker Trick
Weirdest Threat Group Names: The Funny, Scary and Just Plain Weird
Why SharpRhino Malware is Leaving Victims Thunderstruck
Widespread Coinbase phishing attack uncovered