Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 7th April and 13th April 2025.13th April
Chinese eCrime Hacker Group Attacking Users in 120+ Coutries to Steal Banking Credentials
Chrome 136 fixes 20-year browser history privacy risk
Cyber attack on Indian Air Force (IAF) aircraft involved in Myanmar quake relief operation
Cybercriminals are Targeting Binance Users With a New Phishing SMS Scam
HelloKitty Ransomware Resurfaced Targeting Windows, Linux, & ESXi Environments
Immutable storage is the best defense against ransomware: What it is and how it works
NASCAR Under Siege: Medusa Gang’s $4 Million Ransom Threatens Sports Giant
Over 130 Ransomware Attacks Every Minute as 33 Cyber Gangs Hit More Than 15 Industries Around the World
RansomHub Ransomware Group Compromised 84 Organization, New Groups Emerging
Tycoon 2FA Phishing Kit Employs New Evasion Techniques to Bypass Endpoint Detection Systems
Why Europe’s healthcare sector must build resilience to fight the threat of ransomware
12th April
201,617 Customer Records Allegedly from TheLotter Australia Found on BreachForums
AI-hallucinated code dependencies become new supply chain risk
Bank of America Discloses Data Breach After Customers’ Documents Disappear, Says Names, Addresses, Account Information and Social Security Numbers Affected
Debt collection company ScoreControl poorly protected customer data
Hacker claims major WooCommerce data breach
Hacker-proofing smart implants
Hackers Exploiting Domain Controller to Deploy Ransomware Using RDP
Hamilton: City was warned three years earlier about the risk of a cyber attack
HelloKitty Ransomware Returns, Launching Attacks on Windows, Linux, and ESXi Environments
Over one million impacted as laboratory service declares serious data breach
RansomHub Ransomware Group Hits 84 Organizations as New Threat Actors Emerge
RansomHub Ransomware-as-a-service Facing Internal Conflict as Affiliates Lost Access to Chat Portals
Ransomware Paralyzes IKEA Operator in EU
Sapphire Werewolf Enhances Toolkit With New Amethyst Stealer to Attack Energy Companies
Thailand Data Watchdog Investigates Bangchak Customer Data Breach
Tycoon2FA phishing kit targets Microsoft 365 with new tricks
United Airlines Flight Attendants Targeted with Fake Sites to Steal Salary
11th April
30% of charities experienced cybersecurity breaches or attacks last year
100,000+ WordPress Sites at Risk as SureTriggers Exploit Goes Live
Accounting giant Wolters Kluwer allegedly hit by data breach, threatening Fortune 500 firms
AI amplifies cyber threat; non-human identities at risk
AI-powered AkiraBot spams over 80,000 websites
AI-Powered Tax Scams Surge Amid Growing Sophistication of Cyber Threats
BentoML Vulnerability Allows Remote Code Execution on AI Servers
Black Basta-like Microsoft Teams phishing leads to novel backdoor
Black Friday IKEA ransomware attack cost company millions
Breach of American aircraft parts maker leaves thousands exposed
Charlton Athletic hit by 'cyber attack' in August
China secretly acknowledges Volt Typhoon attacks on US infrastructure: why?
Coloradans Should Watch for ‘Text/Email From Their Bank’ Scam
Cyber Attack Impacting Oregon Environmental Department
Cyber attack on Salus Group impacted members' personal information
Cyber breaches fall to 43% of UK businesses, but cybercrime remains high
Cyble Urges Critical Vulnerability Fixes Affecting Industrial Systems
Data breach at Dutch ministries caused by incorrect document uploading
Data exfiltration overtakes ransomware attacks in South Africa
Email phishing scam hides the link in a PDF to infect your computer
Ethical hacker intercepts $2.6M in Morpho Labs exploit
Foreign adversaries can no longer use commercial backdoors to access Americans’ data
Fortinet: Hackers retain access to patched FortiGate VPNs using symlinks
Fortinet Warns Attackers Retain FortiGate Access Post-Patching via SSL-VPN Symlink Exploit
Hacker forum "Cracked" is back online foiling FBI take down
Hackers accessed 150,000 emails from a government agency
Hackers exploit old FortiGate vulnerabilities, use symlink trick to retain limited access to patched devices
Hackers target Atomic and Exodus crypto wallets as supply chain risks grow
Hackers tried to sell Pembina Trails School Division student, staff info on dark web
How cybercriminals are using AI to power up ransomware attacks
Industrial sector experienced more than 1,400 ransomware attacks in 2024, study finds
Initial Access Brokers Shift Tactics, Selling More for Less
Initial access brokers target mid-sized businesses for ransomware
Inside the UK Government's Cyber Security Breaches Survey
iOS devices face twice the phishing attacks of Android
Ireland: Young Ferrybank man jailed for phishing scam
Ireland’s data regulator investigates X’s use of European user data to train Grok
IT worker faces jail for anti-Islam cyber attack on WiFi at London train stations
Judge unlikely to allow expert testimony for NSO as jury decides damages in WhatsApp case
Lab provider for Planned Parenthood discloses breach affecting 1.6 million people
Laboratory Services Cooperative Data Breach - 1.6 Million People Impacted
Laboratory Services Cooperative data breach impacts 1.6 Million People
Laboratory Services Cooperative Data Breach Impacts 1.6 Million Planned Parenthood Patients
Large language models to become prime hacker targets
MarineMax settles data breach class action lawsuit for over $1 million
Meta whistleblower tells Senate that Zuckerberg offered Americans’ data to China
Microsoft Defender will isolate undiscovered endpoints to block attacks
Moroccan Hacking Group 'Atlas Lion' Abuses Cloud Systems to Steal Gift Cards
Morocco investigates major data breach allegedly by Algerian hackers
Mr. Beast sues insider threat who stole thousands of sensitive company files
National Vulnerability Database (NVD) Revamps Operations as Vulnerability Reporting Surges
Nepal: Cyber bureau warns internet users of rising cases of phishing
New Phishing Cyberattack Targets Spotify Users, Steals Credit Card Information
One Exploit, $2.6 Million Lost: MorphoBlue Hack Rattles DeFi Markets
Oracle Provides Case Study In How NOT To Handle A Data Breach
Oracle says "obsolete servers" hacked, denies cloud breach
OttoKit WordPress Plugin Admin Creation Vulnerability Under Active Exploitation
Palo Alto Networks Warns of Brute-Force Attempts Targeting PAN-OS GlobalProtect Gateways
Paper Werewolf Deploys PowerModul Implant in Targeted Cyberattacks on Russian Sectors
‘Phishing kits are a force multiplier': Cheap cyber crime kits can be bought on the dark web for less than $25 - and experts warn it’s lowering the barrier of entry for amateur hackers
'Phishing, smishing and brushing': USPS warns against scams following uptick in mail crimes
Planned Parenthood lab suffers data breach exposing 1.6 million people
Qilin takes credit for SK Group compromise
QuickBooks Phishing Campaign Targets Taxpayers
Ransomware attack cost IKEA operator in Eastern Europe $23 million
Ransomware attack disrupts operations at Sensata Technologies
Ransomware attack on IKEA operator costs €20 million
Ransomware attack on printing vendor exposes customer data at DBS and Bank of China
Ransomware criminals hammering UK more than ever as British techies complain the board just doesn't get it
Ransomware groups push negotiations to new levels of uncertainty
Ransomware Hackers Target Active Directory Domain Controllers
Ransomware negotiation: Does it work, and should you try it?
Ransomware Reaches A Record High, But Payouts Are Dwindling
Ransomware surge: Sensata Technologies, US state agencies targeted in widespread cyber incidents
Ransomware Surges as Third-Party Risks Expand Cyber Threat Landscape
Remote Access Tools Behind 4 of 5 Ransomware Attacks in 2024; Supply Chain-Driven Cyber Claims up 43%
Remote access tools most frequently targeted as ransomware entry points
Researchers warn about ‘Goffee’ spilling onto Russian flash drives
Russia’s Storm-2372 Hits Orgs with MFA Bypass via Device Code Phishing
SaaS Security Essentials: Reducing Risks in Cloud Applications
Sensata Technologies Breached: Ransomware Attacked Key Systems
Sensata Technologies Hacked – Ransomware Attack Disrupts Operations
Shetland Islands: No action taken against Shetland Islands Council (SIC) over Stuart Hill data breach
South African telecom Cell C confirms a RansomHouse ransomware attack
SpyNote, BadBazaar, MOONSHINE Malware Target Android and iOS Users via Fake Apps
St. Louis University reaches settlement with patients involved in data breach
Thailand and Malaysia Ramp Up Financial Cybersecurity Amid Escalating Threats
The whale, the hack and the psychological earthquake that hit HEX
Top 5 Priorities for Cybersecurity Leaders Today
Türkiye files charges against hacker ring over theft of 101 Million personal records
Tycoon 2FA Phishing Kit Uses Advanced Evasion Techniques to Bypass Endpoint Detection Systems
U.S. banking regulator confirms a major hacking of employee email accounts
UK cyber breach survey reveals boards deprioritising security
Ukraine has only restored half of railway services following cyber attack
US lab testing provider exposed health data of 1.6 million people
Western Sydney University discloses security breaches, data leak
Why remote work is a security minefield (and what you can do about it)
Why security culture is crypto’s strongest asset
10th April
64% of Australian Organizations Hit by Ransomware Were Forced to Halt Operations
10,000 students impacted by new Western Sydney University (WSU) data breach
AI Bot Akira Evades CAPTCHA, Spams 80,000 Websites in Major Cyber Attack
AI-Powered AkiraBot Evades CAPTCHA to Spam 80,000 Websites
AkiraBot Targets 420,000 Sites with OpenAI-Generated Spam, Bypassing CAPTCHA Protections
Ban ransomware payments? UK pitches new cyber rules
Bank of China and DBS confirms data breach through compromised printing partner
Berkshire Hathaway's NetJets detects data breach involving employee account
Beware the Tax Trap: Seasonal Urgency Drives a Spike in Tax-Related Phishing Scams
CatB Ransomware Abuses Microsoft Distributed Transaction Coordinator for Stealthy Payload Execution
CatB Ransomware Leveraging Microsoft Distributed Transaction Coordinator to Execute its Payload
China-based SMS Phishing Triad Pivots to Banks
Crypto-stealing malware found on SourceForge.net, too
Cyber-attack on Morocco’s CNSS: Initial Review of Leaked Documents Reveals Many are False, Inaccurate or Distorted
Cybersecurity company alarmed by ease of scam creation with Lovable website builder
Cybersecurity Firms Report Record-Breaking Quarter for Ransomware Attacks
DBS Bank and Bank of China impacted in third party vendor data breach
Department for Education (DfE) alerted to more than 50 school ransomware attacks in past three years
Domain controllers pose threat in ransomware attacks, Microsoft warns
Dual Reports Highlight Manufacturing as Leading Ransomware Target
EisnerAmper Sends Data Breach Letters Following 2023 Security Incident
Europol Arrests Five SmokeLoader Clients Linked by Seized Database Evidence
Extensive WooCommerce data breach claimed
First quarter of 2025 sets record for ransomware attacks and threat groups
Flaws and breaches plague DNA-testing services
Former University of Kentucky athlete victim of data breach by ex-Michigan football coach Matt Weiss
FortiSwitch vulnerability may give attackers control over vulnerable devices (CVE-2024-48887)
Four in 10 UK businesses hit by cyber attack or breach in the last year
From likes to leaks: How social media presence impacts corporate security
Gamaredon Uses Infected Removable Drives to Breach Western Military Mission in Ukraine
Hackers add email verification to hide phishing from researchers
Hackers Claim WooCommerce Breach Exposing 4.4 Million Customer Records
Hackers exploit WordPress plugin auth bypass hours after disclosure
Halifax and Metro Bank customers are the most at risk of phishing scams, according to new study
How Banking Trojan Grandoreiro is Evolving Tactics To Attack Victims in LATAM
How to find out if your AI vendor is a security risk
How to Recover Stolen Cryptocurrency with Proven Methods
Incomplete Patch in NVIDIA Toolkit Leaves CVE-2024-0132 Open to Container Escapes
Institute of Mass Information receives phishing emails from hackers affiliated with Russian intelligence
Lookout’s Annual Threat Landscape Report Reveals iOS Devices Are Exposed to Twice as Many Phishing Attacks Compared to Android
Lovable AI most likely to be harnessed in phishing
Major data breach affects multiple Dutch ministries, impact still unclear
Major data breach at Australian university exposes the personal details of up to 10,000 students as terrifying post emerges on dark web
Malicious npm Package Targets Atomic Wallet, Exodus Users by Swapping Crypto Addresses
Moroccan cybercrime group Atlas Lion hiding in plain sight during attacks on retailers
Morocco investigates cyber attack that leaked data of nearly 2 million people
New research identifies, analyzes an email bombing attack
North Korea becomes the world’s third-largest Bitcoin holder thanks to the activities of the hacker group Lazarus
npm Malware Targets Atomic and Exodus Wallets to Hijack Crypto Transfers
Number of ransomware victims increases 102 percent
Operation Endgame Continues with Smokeloader Customer Arrests
Operations of Sensor Giant Sensata Disrupted by Ransomware Attack
Oracle confirms data breach via outdated servers, denies cloud breach
Oracle still denying confirmed data breach
Oregon’s environmental agency shuts down network after cyberattack
Over 40% of UK Businesses Faced Cybersecurity Breaches in 2024
Pembina Trails ransomware fallout widens
Phishing kits and ‘Phishing-as-a-Service’ fuelling surge in data theft
Precision-Validated Phishing Expands Attack Precision and Evasion
Private photos of users from these 5 dating apps exposed to hackers: How it happened
Qilin Member Gives Two Days to South Korean Company SK Group for Ransom Payment
RansomHub RaaS in Disarray After Affiliate Chat Access Suddenly Revoked
Ransomware attack disrupts Sensata’s operations
Ransomware attack on Gooding County impacted residents' personal information
Ransomware gangs go whale hunting with Fortune 500 companies
Ransomware Groups Attacking Organizations to Exfiltrate Data & Blackmail via Leak Site Posts
Record-breaking ransomware attack prevalence in Q1 accompanied by declining payouts
Remote access behind 80% of ransomware attacks
Remote Access Tools Behind 4 of 5 Ransomware Attacks in 2024; Supply Chain-Driven Cyber Claims up 43%
Rethinking security for ransomware as a service
Russian APT Hackers Using Device Code Phishing Technique to Bypass MFA
Russian hackers attack Western military mission using malicious drive
Russian Threat Actor Launches Spear-Phishing Campaign Against Ukrainians
Security Alert: Companies Abandon VPNs as Ransomware Threats Surge 82%
Security concerns as almost a third of senior managers are not confident in their organisation’s ability to prevent a data breach
Sensata Technologies hit by ransomware attack impacting operations
Sensata Technologies’ operations disrupted by ransomware attack
Sensitive PII of millions leaked in historic Moroccan data breach
SK Group claimed by Qilin ransomware gang, 1TB stolen files
Smokeloader Users Identified and Arrested in Operation Endgame
Sophisticated credential exfiltrating phishing kits with real-time validation emerge
South Africa: Updated POPIA compliance - data breach reporting must be online
South African telecom provider serving 7.7 million confirms data leak following cyberattack
SpyNote Malware Targets Android Users with Fake Google Play Pages
Sweeping SMB site targeting conducted by novel AkiraBot spamming tool
Tainted drive appears to be source of malware attack on Western military mission in Ukraine
Targeted phishing gets a new hook with real-time email validation
UK businesses are still getting hacked, but they are becoming smarter
Ukraine's railways restore half of IT services hit by cyber attack so far
US businesses are the top target for ransomware in 2025 so far
US sensor giant Sensata admits ransomware derailed operations
US to sign Pall Mall pact aimed at countering spyware abuses
Western Sydney University apologises as data of 10,000 students accessed in targeted cyber attack
Western Sydney University apologises as thousands of university students have personal information leaked in cyber attack
Western Sydney University data breach impacts 10,000 students
Who Is Medusa Ransomware? Meet the Infamous Cyber Threat Behind NASCAR’s Leaked $4 Million Worth Nightmare
Why Codefinger represents a new stage in the evolution of ransomware
Why defensive AI alone is not enough: the crucial role of a strong security culture
Windows Common Log File System (CLFS) Flaw Being Actively Exploited by Ransomware Group
WordPress becoming an increasingly interesting target for hackers
Your Bank’s Data Could Be for Sale - Hacker Offers Full CRM Access for Rs 25,000
9th April
$4 Million Ransom Deadline Approaches as NASCAR Remains Quiet on Alleged Ransomware Attack
5 Reasons Why You Should Use a Password Manager
5 simple ways to regain your data privacy online - starting today
5 ways to avoid spyware disguised as legit apps - before it's too late
17,000,000 GrubHub passwords and other data exposed, hackers claim
200 million social media records leaked in major X data breach
348 million Discord messages are allegedly up for sale
Adobe Patches 11 Critical ColdFusion Flaws Amid 30 Total Vulnerabilities Discovered
AI Now Outsmarts Humans in Spear Phishing, Analysis Shows
Algerian hackers leak sensitive data from Morocco's CNSS and Ministry of Employment
As spyware market continues to expand, diplomatic Pall Mall Process hits a pivot point
Black Basta chat log leaks show structure and discipline, claims research
Booking.com Phishing Scam Targets Hotel Staff, Puts Guest Data at Risk
Can AI Help Protect Passwords from Hackers?
Cell C alerts users after confirming data breach
Cell C confirms customer data leak after ransomware claim
Cell C confirms data breach, warns users to remain vigilant
CentreStack RCE exploited as zero-day to breach file sharing servers
CERT-In Flags Info Disclosure Flaw in TP-Link Tapo H200 Smart Hub
CISA and Experts Warn of Active Attacks on CrushFTP Vulnerability as Ransomware Gang Issues Threats
CISA Warns of CentreStack's Hard-Coded MachineKey Vulnerability Enabling RCE Attacks
Court document reveals locations of WhatsApp victims targeted by NSO spyware
Critical FortiSwitch flaw lets hackers change admin passwords remotely
Cyberattack delays convicted murderer’s case
Cybersecurity experts share how AI could enhance tax-related scams
Data privacy regulators lobby lawmakers to not draft federal legislation preempting state laws
DBS Bank and Bank of China customer records compromised in ransomware attack
DBS, Bank of China (BOC) Customer Data Stolen in Ransomware Attack
EU nations sign "Pall Mall" pact on intrusive spyware use, US nowhere in sight
Everest ransomware gang's dark web leak site hacked and taken offline
Explosive Growth of Non-Human Identities Creating Massive Security Blind Spots
FBI and INTERPOL investigate Oracle Health data breach
First quarter of 2025 sees record numbers of ransomware attacks
Germany links cyberattack on research group to Russian state-backed hackers
Global Cybersecurity Agencies Warn of Spyware Targeting Uyghur, Tibetan, and Taiwanese Communities
Governments identify dozens of Android apps bundled with spyware
Grandoreiro Strikes Again: Geofenced Phishing Attacks Target LATAM
Hacker Claims WooCommerce Data Breach, Selling 4 Million User Records
Hackers Claim Magento Breach via Third-Party, Leak CRM Data of 700K Users
Hackers exploit zero-day Common Log File System vulnerability to plant ransomware
Hackers Had Access to 150,000 Emails in U.S. Treasury Email Breach
Hackers target Server-Side Request Forgery (SSRF) bugs in EC2-hosted sites to steal AWS credentials
Hellcat Ransomware Updated It’s Arsenal to Attack Government, Education, and Energy Sectors
Hellcat Ransomware Upgrades Arsenal to Target Government, Education, and Energy Sectors
Hi-School Pharmacy Agrees to Settle Data Breach Lawsuit for $600,000
How cyberattackers exploit domain controllers using ransomware
How to prevent and protect against ransomware
How websites misused cookie banners: sometimes, they made them impossible to refuse
How Worried Are Brits About AI-Fuelled Phishing?
Immutable backup storage is the best defense against ransomware
Industrial tech manufacturer Sensata says ransomware attack is impacting production
iOS privacy app can’t keep secrets – and spills user notes with passwords
Lovable AI Found Most Vulnerable to VibeScamming — Enabling Anyone to Build Live Scam Pages
MarineMax resolves data breach case with $1 million settlement
Microsoft Fixes Over 130 CVEs in April Patch Tuesday
Microsoft fixes zero-day flaw exploited by cybercrooks to elevate privileges
Microsoft Patches 126 Flaws Including Actively Exploited Windows CLFS Vulnerability
Microsoft Warns: Active Ransomware Attacks Target Windows Vulnerability (CVE-2025-29824)
Microsoft Warns Ransomware Actors Exploiting Windows Flaw
Moroccan Ministry Confirms Cyber Attack But Data Safe
NASCAR Allegedly Targeted by Medusa Ransomware Group in $4 Million Extortion Attempt
NASCAR Faces $4 Million Ransom Threat: Medusa Hackers Expose Critical Vulnerabilities
NASCAR faces crisis as ransomware threat looms over $4,000,000 ultimatum
NASCAR massive data breach claimed by Medusa ransomware, over 1TB allegedly stolen
NASCAR, others purportedly hacked by Medusa ransomware gang
National Cyber Security Centre (NCSC) shares technical details of spyware targeting Uyghur, Tibetan and Taiwanese groups
National Cyber Security Centre (NCSC) Warns of Spyware Targeting Chinese and Taiwanese Diaspora
National Social Security Fund of Morocco Suffers Data Breach
NetJets says data breach impacted 'small number of owners'
New Adobe Security Update Fixes Critical Exploits - Don’t Delay Your Update
New AkiraBot Abuses OpenAI API to Spam Website Contact Forms
New Double-Edged Email Attack Steals Office 365 Credentials and Delivers Malware
New TCESB Malware Found in Active Attacks Exploiting ESET Security Scanner
NIST Deprioritizes Pre-2018 CVEs as Backlog Struggles Continue
Oracle Faces Mounting Criticism as It Notifies Customers of Hack
Oracle says "obsolete servers" hacked, denies cloud breach
Patch Tuesday comes with ransomware exploit and a fat Windows 10 delay
Phishing kits now vet victims in real-time before stealing credentials
Phishing threats and account takeover updates
Phishing, Deepfakes, and Social Engineering: The Growing Cyber Risks in Customer Interactions
Pilfered Jira credentials leveraged in HellCat ransomware attacks
PipeMagic Trojan Exploits Windows Zero-Day Vulnerability to Deploy Ransomware
Police detains Smokeloader malware customers, seizes servers
Polish ruling party targeted in cyberattack ahead of presidential election
Precision-Validated Phishing Elevates Credential Theft Risks
RansomHub affiliates scramble amid apparent internal conflict
Ransomware Attacks Hit All-Time High as Payoffs Dwindle
Ransomware Attacks Reach New Record in March 2025
Ransomware Groups Target Organizations to Exfiltrate Data and Blackmail via Leak Site Posts
Ransomware Reaches Historic High in Q1
RCE flaw in MSP-friendly file sharing platform exploited by attackers (CVE-2025-30406)
Recent version of Neptune RAT is spreading, stealing credentials
Remote Code Execution & Privilege Escalation: Two New Threats in CISA’s Known Exploited Vulnerabilities (KEV)
Rights group calls on Thai government to end alleged cyberattacks against civil society
Russian APT Hackers Use Device Code Phishing Technique to Bypass MFA
Scammers exploiting GetShared for phishing attacks
Scattered Spider Launches Sophisticated Attacks to Steal Login Credentials and MFA Tokens
Schools IT provider strengthens security after data breach
Senator warns China could obtain Americans’ genetic data through 23andMe sale
Seoul Metro employee gets passenger off the hook in voice phishing scam
Singapore's DBS, Bank of China (BoC) customer data at risk after ransomware attack on vendor
The Cost of Ransomware: Shutdowns & Extortion
The Invisible Data Battle: How AI Became a Cybersec Professional’s Biggest Friend and Foe
Threat actors use smishing to leverage toll payment services
Three-Quarters of IT Leaders Fear Nation-State AI Cyber Threats
Transforming cybersecurity into a strategic business enabler
Ukraine's railways restore half of IT services hit by cyber attack so far
US bank regulator’s email system breached
US banking regulator reports on ‘major’ cyber incident involving senior officials’ emails
WhatsApp vulnerability could be used to infect Windows users with malware (CVE-2025-30401)
Why CISOs are doubling down on cyber crisis simulations
Windows Common Log File System (CLFS) Vulnerability Could Lead to ‘Widespread Deployment and Detonation of Ransomware’
Windows Common Log File System (CLFS) zero-day exploited in ransomware attacks
Windows PCs under threat from zero-day flaw used in ransomware attacks - update your computer right now
Windows under attack: 0-day vulnerability used by ransomware group
WK Kellogg Confirms Data Breach Tied to Cleo Software Exploit
WK Kellogg confirms that it suffered a Cleo-related data breach
You'll never guess who's behind Musk-themed crypto scam
8th April
11 cyber defense tips to stay secure at work and home
300,000 vehicles and millions of trips exposed in fleet manager’s data leak
Amazon EC2 Simple Systems Manager (SSM) Agent Flaw Patched After Privilege Escalation via Path Traversal
An insight into Russian ‘mature’ and ‘complex’ hacker groups
Around 11,200 DBS & Bank of China customer accounts potentially compromised after ransomware attack on print vendor
Bad luck, Windows 10 users. No fix yet for ransomware-exploited bug
Boards Urged to Follow New Cyber Code of Practice
Cannabis firm LFTD Partners buys $350K worth of USDC, loses it to hackers
CISA Adds CrushFTP Vulnerability to KEV Catalog Following Confirmed Active Exploitation
CISA Warns of CrushFTP Exploit Letting Attackers Bypass Authentication
CISA Warns of CrushFTP Vulnerability Exploitation in the Wild
CISA, experts warn of Crush file transfer attacks as ransomware gang makes threats
Cryptocurrency Miner and Clipper Malware Spread via SourceForge Cracked Software Listings
Cyber attack on Food For The Poor impacted over 50,000 individuals
Cyberattack takes down Everest ransomware leak site
Cyberattacks on water and power utilities threaten public safety
Czech prime minister says his X account was hacked ‘from abroad’
DBS and Bank of China customer data exposed after ransomware attack on printing vendor
DBS & Bank of China customers’ info extracted in ransomware attack, no log-in details compromised
DBS and Bank of China suffer ransomware attack, over 11,000 customers' data compromised
EncryptHub plays dual role as cybercriminal and Windows researcher
Europcar confirms data breach following GitLab repository compromise
Europcar data breach compromises 200K customer data
Everest ransomware group’s Tor leak site offline after a defacement
Excessive agency in LLMs: The growing risk of unchecked autonomy
Fake Microsoft Office add-in tools push malware via SourceForge
Food for the Poor Data Breach Affects Personal Information of 52,286 People
Fortinet Urges FortiSwitch Upgrades to Patch Critical Admin Password Change Flaw
Google Releases Android Update to Patch Two Actively Exploited Vulnerabilities
Google Releases April Android Update to Address Two Zero-Days
Hackers hacking hackers: Everest ransomware leak site defaced
Hackers lurked in Treasury OCC’s systems since June 2023 breach
Hackers on WhatsApp can spoof executables as images or other files
Half of Firms Stall Digital Projects as Cyber Warfare Risk Surges
HellCat Ransomware Hits 4 Firms using Infostealer-Stolen Jira Credentials
Hong Kong: Government cyber office requests ‘urgent’ precautionary review amid reports of Oracle Cloud data breach
How ASEAN Nations Are Adopting AI and Zero Trust to Combat Cybercrime
Kelloggs Data Breach - Hackers Breached the Servers and Stole Data
LinkedIn Scams Exploit Professionals: Fake Mentors, Phishing Attempts, and Job Offers on the Rise
Massive Data Breach Hits Australian Super Funds! Hackers Use Stolen Passwords to Access Accounts
Massive Data Breach Hits DBS Singapore and Bank of China: Customer Info Exposed in Toppan Ransomware Attack
Medusa Ransomware claims credit for NASCAR hack, offers massive ransom
Medusa Ransomware Claims NASCAR Breach in Latest Attack
Microsoft April 2025 Patch Tuesday fixes exploited zero-day, 134 flaws
Morphing Meerkat: A Phishing-as-a-Service (PhaaS) Utilizing DNS Reconnaissance to Generate Targeted Phishing Pages
New Mirai botnet behind surge in TVT DVR exploitation
New York Attorney General penalizes Root insurance, requires data security enhancements following cyber attack
National Institute of Standards and Technology (NIST) Defers Pre-2018 CVEs to Tackle Growing Vulnerability Backlog
Observability is security’s way back into the cloud conversation
Online Gaming Risks and How to Avoid Them
Oracle quietly confirms public cloud data breach, customer data stolen
Over 11,000 DBS and Bank of China Customers Affected by Ransomware Attack on Vendor
Pakistan: National Computer Emergency Response Team (NCERT) Issues Alert Over Phishing Campaign Impersonating PKCERT
Palm Coast man, known as 'King Bob,' pleads guilty in cryptocurrency and phishing scam
Phishing, fraud, and the financial sector’s crisis of trust
PoisonSeed campaign targets crypto users via bulk spam
Ransomware attack exposes customer data at DBS, Bank of China Singapore
Ransomware attack on printing vendor affects DBS and Bank of China customer data
Ransomware Group Actively Exploits Windows Common Log File System (CLFS) Zero-Day Vulnerability
Salus Group Confirms Data Breach Following October 2024 Cybersecurity Incident
Sarcoma ransomware gang claims hack of The ToolShed
Scattered Spider stops the Rickrolls, starts the RAT race
Singapore: More than 11,000 DBS, Bank of China customers’ information compromised after data attack on vendor
Singapore Banks Hit By Ransomware Data Breach
South Africa: The Information Regulator (InfoReg) takes data breach reporting online
The high-stakes world of Russian-speaking cybercriminals
The State Bar of Texas Suffered an INC Ransomware Data Breach That Leaked Sensitive Information
Third-party ransomware attack jeopardizes DBS Group, Bank of China Singapore data
Threat Actor Leaked Data from Major Bulletproof Hosting Medialand
UAC-0226 Deploys GIFTEDCROOK Stealer via Malicious Excel Files Targeting Ukraine
UK’s Request to Keep Apple Privacy Case Secret Rejected
University of Maryland Medical Center (UMMC) facing class action lawsuit for enabling cyberstalking campaign
Up to 200,000 Europcar users affected in GitLab security breach
US food giant WK Kellogg confirms data breach linked to Cleo zero-day attacks
Vishing: The voice scam you need to know about
WhatsApp flaw can let attackers run malicious code on Windows PCs
WhatsApp for Windows Flaw Could Let Hackers Sneak In Malicious Files
Windows Common Log File System (CLFS) zero-day exploited by ransomware gang
WK Kellogg confirms Cleo attack-related breach
WK Kellogg confirms data breach amid Clop ransomware incidents
Xanthorox AI: New Automated Hacking Tool Surfaces on Hacker Forums
Zero-day bug used in ransomware attacks on US real estate firms
7th April
20-Year-Old Scattered Spider Hacker Pleads Guilty in Major Ransomware Case
20-Year-Old Scattered Spider Hacker Pleads Guilty Of Sophisticated Ransomware Attacks
23andMe Data Breach: A Wake-Up Call for Consumer Privacy and Corporate Accountability
90,000 Individuals Impacted by the 2024 Port of Seattle Ransomware Attack
AI Surpasses Elite Red Teams in Crafting Effective Spear Phishing Attacks
AI Turned My Face Into a Cartoon - Hackers Turned It Into a Weapon
AI-powered deepfakes fuel extortion wave in Vietnam
Alleged Data Breach Claims Surface Against Boulanger on Dark Web Forum
Alleged Data Breach Targets Yucatán Government Website
Almost 90K compromised in Port of Seattle ransomware attack
Apple appealing against UK 'back door' order
As the Tax Deadline Looms, Cybercriminals Ramp Up Phishing Attacks
Australian Organisations Urged to Patch Ivanti Products Amid Exploited RCE Vulnerability
Australian Pension Savers Hit with Wave of Credential Stuffing Attacks
Australian regulator pulls licenses of 95 companies in effort to crack down on investment scams
Brothers Behind Rydox Dark Web Market Extradited to US
Cargills data breach: Bank warned of security lapses in 2024
CISA and FBI Warn Fast Flux is Powering Resilient Malware, C2, and Phishing Networks
CISOs battle security platform fatigue
CRM, Bulk Email Providers Targeted in Crypto Phishing Campaign
Darknet’s Xanthorox AI Offers Customizable Tools for Hackers
Data breach at Europcar: GitLab hack affects up to 200,000 customers
Data breach exposes Australian super fund accounts
DBS customer data may be compromised as vendor suffers ransomware attack
DBS, Bank of China Singapore customers' data extracted after printing vendor hit by ransomware attack
DBS’, Bank of China’s printing vendor hit by ransomware attack; more than 11,000 customers affected
DBS, Bank of China’s printing vendor hit by ransomware attack; over 11,000 customers’ data stolen
DeepSeek Breach Yet Again Sheds Light on Dangers of AI
EncryptHub's dual life: Cybercriminal vs Windows bug-bounty researcher
Ethereum-inspired address poisoning attacks now occurring on bitcoin too
Europe preparing to ‘ease the burden’ of landmark data privacy law
Everest Ransomware Gang Leak Site Hacked and Defaced
Everest Ransomware Gang’s Leak Site Hacked and Defaced
Everest ransomware group’s darknet site offline following defacement
Everest ransomware's dark web leak site defaced, now offline
Evolve bank to pay $11.9 million in data breach settlement
Explaining AI's impact on ransomware attacks and security
Extremely dangerous malware spreading via YouTube: it comes with a password stealer
Fast Flux is the New Cyber Weapon - And It’s Hard to Stop, Warns CISA
FBI Warning - Stop These Calls On Your iPhone And Android Phone
Fidelity Life Files Notice of Data Breach Affecting Consumers’ Medical Information
Flaw in ESET security software used to spread malware from ToddyCat group
Food giant WK Kellogg discloses data breach linked to Clop ransomware
Global data breaches lead to nearly $4.5 million in average losses
Google and Facebook’s inaction fuels deepfake fraud
Google fixes Android zero-days exploited in attacks, 60 other flaws
Hackers are pretending to be drone companies and state agencies to spy on Ukrainian victims
Hamilton County Data Breach Also Affected City of Chattanooga, Tennessee
HellCat, Rey, and Grep Groups Dispute Claims in Orange and HighWire Press Cases
How to Keep Your Crypto Wallet Safe from Phishing Attacks
Human hacking: When cyber criminals target you
Kellogg discloses data breach, but it's not super cereal
Kent healthcare provider which suffered cyber attack says most issues now resolved
Leak site of ransomware gang Everest has been hacked
Malicious Microsoft VS Code Extensions Used in Cryptojacking Campaign
Malicious VSCode extensions infect Windows with cryptominers
Massive Europcar data breach affects around 200,000 customers
Massive PoisonSeed phishing campaign seeks extensive crypto theft
MGM Resorts reaches $45 million settlement with FTC over 2023 data breach
More than 11,000 DBS and Bank of China (BOC) customers' data potentially extracted after cyber attack on printing vendor
Mysterious Messages and Cyber Chaos: The Humbling Fall of the Everest Ransomware Titans
Neptune RAT Variant Spreads via YouTube to Steal Windows Passwords
New Black-Hat Automated Hacking Tool Xanthorox AI Advertised in Hacker Forums
Pennsylvania Teachers Union Members Sue After Cyberattack Exposes Personal Data
Phishing in cybersecurity: A persistent threat
Phishing scheme costs Jefferson Parish Sheriff’s Office more than $1 million
Phishing, smishing and vishing: could you spot the signs of these common scams?
PoisonSeed Exploits CRM Accounts to Launch Cryptocurrency Seed Phrase Poisoning Attacks
PoisonSeed targets Mailchimp, Mailgun, and Zoho to phish high-value accounts
Port of Seattle notifies 90,000 people about data breach
Port of Seattle Notifies Individuals Affected by August 2024 Data Breach
Port of Seattle ransomware breach exposes data on around 90,000 people
Port of Seattle Says 90,000 People Impacted by Ransomware Attack
Ransomware Trends: The Most Notable Attacks of the Last Six Months
Ransomware Underground Faces Declining Relevance
Rhysida ransomware behind major Port of Seattle data breach
Scammers are exploiting tax season panic with convincing new email traps
Scattered Spider member pleads guilty to identity theft, wire fraud charges
Singapore: DBS clients’ data at risk after Toppan Next Tech ransomware attack
Singapore: Joint Monetary Authority of Singapore (MAS)-Cyber Security Agency of Singapore (CSA) media release on Ransomware Attack on Toppan Next Tech
Singapore's DBS, Bank of China customer data at risk after ransomware attack on vendor
Six arrested for AI-powered investment scams that stole $20 million
Smishing Triad Fuels Surge in Toll Payment Scams in US, UK
Someone hacked ransomware gang Everest’s leak site
SpyCloud Research Shows that Endpoint Detection and Antivirus Solutions Miss Two-Thirds (66%) of Malware Infections
Suspected Scattered Spider Hacker Pleads Guilty
The shift to identity-first security and why it matters
Threat Actor Claims to Leak 600K Records from Spanish Robinson Database
Threat Actors Weaponize Windows Screensavers Files to Deliver Malware
Twilio denies claims of SendGrid breach amid hacker allegations and data leak
U.S. Toll Text Scam Skyrockets: Tips to Dodge Phishing
UK court lifts secrecy veil, confirms Apple is suing British government over ‘backdoor’ request
UK Data Regulator Fines NHS Services Software Provider Over $3 Million for 2022 Ransomware Attack
UK’s demand for Apple backdoor should not be heard in secret, says court
Ukrainian military innovation hubs have been under attack by ransomware programs since early February
Upgraded Phishing-as-a-Service Platform Drives a Wave of Smishing Attacks
US E-ZPass Toll Payment Systems Phishing Attempts Surge Again
Vodafone Urges UK Cybersecurity Policy Reforms as SME Cyber-Attack Costs Reach £3.4bn
Widespread cyber attack exposes superannuation system weaknesses
WinRAR Mark of the Web (MotW) bypass flaw fixed, update ASAP (CVE-2025-31334)
WK Kellogg Confirms Employee Information Leaked as a Result of Cleo Data Breach
Xanthorox AI Surfaces on Dark Web as Full Spectrum Hacking Assistant