Welcome to DBD. On March 8th, DBD celebrated it's 5th anniversary and 
Dentons Senior Analyst, Washington DC
Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 5th May and 11th May 2025.13th May
AI vs AI: How cybersecurity pros can use criminals’ tools against them
Alabama: Potential data breach hits state systems; investigation ongoing
Alabama says ‘cybersecurity event’ could disrupt state government services
Alleged Breach of Everest Bank Customer Database
Apple Device Users Can File Claims in $95 Million Siri Spying Settlement
Australia’s Data Breach Reporting Numbers Highest in Half a Decade
Banking update glitch allowed users to view each other’s accounts
Black Kite Releases 2025 Ransomware Report, Revealing 123% Increase in Ransomware Attacks Over Two Years
Breaking down silos in cybersecurity
British supermarkets almost empty for a week after cyber attack
China-Linked APTs Exploit SAP CVE-2025-31324 to Breach 581 Critical Systems Worldwide
Chinese-speaking hackers disrupt drone supply chains in Taiwan, researchers say
Co-op was hit by hackers aligned with Kremlin’s agenda, researchers believe
Co-op working “around the clock” to resolve issues caused by cyber attack
Crypto-stealing malware now found on AI content generators
Curve Finance warns users of DNS hijack in second cyber attack this month
Customer data stolen in cyber attack, Marks and Spencer (M&S) confirms
Cyber attack disrupts Edinburgh school networks
Cyber-attack on the GlobalX Airline which was confined by Hackers
Cyber experts issue urgent advice to Marks & Spencer (M&S) customers after data breach
Dior confirms China data breach
DoppelPaymer ransomware suspect arrested
DPRK-Backed TA406 Targets Ukraine With Malware Campaigns
EU launches vulnerability database to tackle cybersecurity threats
EU Vulnerability Database Officially Launches Amid CVE Program Concerns
European Vulnerability Database Launches Amid US CVE Chaos
Europol busts up criminal organzation operating fake online trading platform
Forget software, researcher develops proof of concept ransomware that infects CPU
Fortinet fixes critical zero-day exploited in FortiVoice attacks
Hacker hype vs. real risks: Inside the true scale of India-Pakistan cyber clash
Hackers exploit SK Telecom incident, impersonate Korea Consumer Agency with phishing scams
Hong Kong Science and Technology Parks (HKSTP) Drug Safety Testing Center hit by ransomware attack
How did M&S and Co-Op become victims of a cyber attack?
iClicker Website Hacked with Fake CAPTCHA in ClickFix Attack
Ivanti EPMM vulnerabilities exploited in the wild (CVE-2025-4427, CVE-2025-4428)
Ivanti fixes EPMM zero-days chained in code execution attacks
Ivanti warns of critical Neurons for ITSM auth bypass flaw
JPGs: New Ransomware Trick Bypasses Antivirus Detection
Leaked LockBit chats reveal how professional ransomware group operates
LPL Financial Drops Data-Breach Defamation Suit Against Ameriprise
Malicious PyPI Package Posing as Solana Tool Stole Source Code in 761 Downloads
Marks & Spencer (M&S): FTSE 100 shares rise after major cyber attack update
Marks & Spencer (M&S) admits customer data was stolen by hackers in cyber attack
Marks & Spencer (M&S) admits customer data was stolen in cyber attack
Marks & Spencer Claims Customer Data Taken In Cyberattack
Marks & Spencer confirms consumer data stolen in cyber attack
Marks & Spencer (M&S) Confirms Customer Data Breach After Cyber-attack
Marks & Spencer confirms customer data stolen in cyber attack
Marks & Spencer (M&S) Confirms Customer Data Stolen in Cyber-Attack
Marks & Spencer confirms customer data stolen in cyberattack
Marks & Spencer confirms customers’ personal data was stolen in hack
Marks & Spencer (M&S) confirms customers' personal information was stolen during cyber attack
Marks & Spencer confirms some personal customer data was compromised in cyber-attack
Marks & Spencer (M&S) customer data stolen amid ongoing cyber attack
Marks & Spencer (M&S) customers' data was stolen in cyber attack
Marks & Spencer (M&S) cyber attack: Personal customer data stolen by hackers
Marks & Spencer (M&S) cyber attack: What data has been stolen? How long will the attack last?
Marks & Spencer issue major update in wake of cyber attack that has crippled high street giant
Marks & Spencer issues warning to customers after cyber attack
Marks & Spencer reveals customer data taken by hackers after cyber attack
Marks & Spencer (M&S) reveals customers’ personal information was STOLEN in major cyber attack update
Marks & Spencer (M&S) reveals hackers accessed customer data, including names, addresses and phone numbers
Marks & Spencer (M&S) says customer data stolen in cyber attack
Marks & Spencer (M&S) says customers' personal data taken by hackers
Marks & Spencer Says Data Stolen in Ransomware Attack
Marks & Spencer (M&S) says some personal data was taken in cyber-attack
Marks and Spencer confirms customer data was stolen in Easter cyber attack
Marks and Spencer Cyber Attack Exposes Customer Data
Marks and Spencer cyber attack saga takes another twist as retailer admits customer data stolen
Marks and Spencer (M&S) cyber attack update as bosses warn customer information was stolen
Marks and Spencer Group (M&S) reveals personal customer data stolen during cyber attack
Marks and Spencer (M&S) issue 'important update' to customers following cyber attack
Marks and Spencer (M&S) issues cyber attack update as it confirms customer data was stolen
Marks and Spencer (M&S) says customer data stolen in cyberattack, forces password resets
Marks and Spencer says customer data was stolen in cyber attack
Marks and Spencer says customers' information stolen in cyber attack
Marks and Spencer (M&S) urges all customers to make one change after cyber attack exposes data
Meet the 7 Pakistani Hacker Groups That Tried to Breach India - and Failed Miserably
Microsoft May 2025 Patch Tuesday fixes 5 exploited zero-days, 72 flaws
Moldovan Police Arrest Key Suspect in €4.5 Million International Ransomware Case
Moldovan Police Arrest Suspect in €4.5M Ransomware Attack on Dutch Research Agency
Moldovan Police arrested a 45-year-old foreign man participating in ransomware attacks on Dutch companies
Netgain Technology Agrees to $1.9 Million Settlement to Resolve Data Breach Litigation
New Intel CPU flaws leak sensitive data from privileged memory
New VMware Tools Vulnerability Allows Attackers to Tamper with Virtual Machines, Broadcom Issues Urgent Patch
North Korean cyber spies hack Ukraine to measure Russia’s war needs
North Korean hackers target Ukrainian government in new espionage campaign
North Korean hackers, Konni APT, are targeting Ukraine
North Korean Konni APT Targets Ukraine with Malware to track Russian Invasion Progress
Nova Scotia Power is still not giving details about the cyber attack against the company
Pakistani hackers attacked 1.5 million-plus Indian websites after Operation Sindoor: Failure rate, names of 7 Pakistani hacker groups; techniques used and more
Personal data stolen in Marks & Spencer cyber-attack
PrepHero-Linked Database Exposed Data of 3 Million Students and Coaches
RansomHub tops Group-IB’s 2025 list of most prolific cybercriminal groups
Ransomware attack costs $2M for Lee Enterprises
Ransomware surge sees hackers demand up to USD $8.6 million
Ransomware Wreaks Havoc on Businesses Struggling to Bolster Digital Security Measures
Roblox Lawsuit Claims Hidden Tracking Used to Monetize Kids Data
SIM Swap Hacker Faces 2-Year Sentence for SEC X Account Hack
South Korean researchers uncover another cyber-espionage campaign from the North
Suspect arrested with links to €4.5M DoppelPaymer ransomware attacks
Suspected Dutch research agency attacker busted in Moldova
The Co-op, M&S, Harrods...You? Mitigating the Risk of Ransomware
Turkey-Aligned Hackers Targeted Iraq-Based Kurds with Zero-Day Exploit
Turkish Cyber Espionage Campaign Leverages Zero-Day in Output Messenger
Türkiye Hackers Exploited Output Messenger Zero-Day to Drop Golang Backdoors on Kurdish Servers
UK Considers New Enterprise IoT Security Law
UK's Marks and Spencer (M&S) says customer data was taken in cyberattack
US extradites Kosovo national charged in operating illegal online marketplace
VMware Tools vulnerability enables hackers to tamper with virtual machines
Was my data stolen in Marks and Spencer (M&S) cyber attack and when will it be back online?
What Every Business Needs To Know About Multi-Factor Authentication
What we know as Marks & Spencer (M&S) hackers steal customer data
Why do we still fall for phishing?
Zero-day exploited to compromise Fortinet FortiVoice systems (CVE-2025-32756)
Zoom Fixes High-Risk Flaw in Latest Update
12th May - International Anti-Ransomware Day
10 Years of Ransomware-as-a-Service (RaaS) and the Making of a Billion-Dollar Business
23 Million New Credentials Leaked Online - What You Need To Know
161,359 Americans Warned Data Breach May Have Exposed Names, Social Security Numbers, Financial Records and More
A hacker is demanding money to keep your kids’ data safe. It won’t work
Abergavenny and Chepstow affected in job centre data breach last year
AI is giving phishing attacks an edge – here’s how to fight back
AI is Supercharging a Ransomware Boom
Airline carrying out deportation flights confirms cyberattack to Securities and Exchange Commission (SEC)
Allegedly Stolen Data from Brazilian Nuclear Company Nuclep Offered for Sale
Andy Frain Services breach exposes data of over 100,000 people
Anonymous Hackers Steal Flight Data from US Deportation Airline GlobalX
Ascension data breach exposes information of over 430,000 patients
ASUS DriverHub flaw let malicious sites run commands with admin rights
ASUS Patches DriverHub RCE Flaws Exploitable via HTTP and Crafted .ini Files
Avoiding double ransomware extortion and the price of one
Breaking Down Ransomware Encryption: Key Strategies, Algorithms and Implementation Trends
Compromised SAP NetWeaver instances are ushering in opportunistic threat actors
Council 'cannot say' when system will be fully back after cyberattack
CPU microcode hack could infect processors with ransomware directly
Criminal Proxy Network Infects Thousands of IoT Devices
Crypto wallet maker Ledger regains control of Discord after phishing attack
CVE-2024-26809: Critical nftables Vulnerability in Linux Kernel Could Lead to Root Access
Cyber attack: People 'turning up at farms' as Machynlleth Co-op shelves remain bare
Cyber attack disrupts South African Airways operations
Cyber resilience urged as ransomware costs hit AUD $3 billion
Cyber Security and Resilience Bill: going beyond compliance
Cyber Threat Escalates: PowerSchool Cybercriminal Returns to Extort Individual Schools Months After Massive Data Breach Purportedly Resolved
Cyber threat trends: a CISO guide to emerging risks
Cybercriminals Hide Undetectable Ransomware Inside JPG Images
Cybersecurity’s Early Warning System: How Live Network Traffic Analysis Detects The ‘Shock Wave’ Before the Breach ‘Tsunami’
'Dance of the Hillary': Intelligence agencies warn of massive cyber attack through social media
Data Exfiltration is the New Ransomware in Evolving Cyber Landscape
DaVita sued after data breach allegedly exposed 20TB of dialysis patient info
DBS Bank Introduces Mobile Wallet Toggle to Help Prevent Phishing-Linked Fraud
DBS Bank Introduces New “Mobile Wallets” Security Feature to Further Protect Customers From Phishing Frauds
Despite drop in cyber claims, Business Email Compromise (BEC) keeps going strong
DOGE Big Balls ransomware returns with updated payloads
EU Launches Free Entry-Level Cyber Training Program
Fake AI Tools Used to Spread Noodlophile Malware, Targeting 62,000+ via Facebook Lures
FakeUpdates, Remcos, AgentTesla Top Malware Charts in Stealth Attack Surge
FBI, Amsterdam police dismantle global cybercrime ring using hacked routers
Fears 'hackers still in the system' leave Co-op shelves running empty across UK
Federal Trade Commission (FTC) delays easy click-to-cancel, hints the rule may be weakened
Firewall Rule Bloat: The Problem and How AI can Solve it
Five new reasons not to pay ransoms
FreeDrain Phishing Scam Drains Crypto Hobbyists' Wallets
German Police Shutter “eXch” Money Laundering Service
Google hit with landmark $1.375 billion privacy settlement in Texas
Google to pay $1.375 billion to settle Texas data privacy violations
Google to pay Texas nearly $1.4 billion over alleged data privacy violations
Growing use of AI increases cyber security threat to critical infrastructure
Hacker on international wanted list detained in Moldova
Hackers Arrested for Ransomware Attacks on Dutch Firms, Causing €4.5 Million in Damages
Hackers Leverage JPG Images to Execute Fully Undetectable Ransomware
Hackers now testing ClickFix attacks against Linux targets
Hackers Target Ledger’s Discord Server with Phishing Attack that Extracts User’s Seed Phrases
Hacktivist Attacks on India Overstated Amid APT36 Espionage Threat
“Hello pervert” sextortion scam: how not to react
Henry County finds phishing scam behind sheriff’s missing pay
How ransomware became big business
iHeartMedia faces class action lawsuit over delayed notification in December 2024 data breach
India: Beware of phishing scams, fake news and malicious links
Insight Partners breach exposes staff and partner data
International Anti-Ransomware Day 2025: Cyber leaders call for resilience against rising ransomware threats
Japanese Account Hijackers Make $2 Billion+ of Illegal Trades
Kimsuky Hacker Group Employs New Phishing Tactics & Malware Infections
KnowBe4 Predicts Agentic AI Ransomware Is Imminent on International Anti-Ransomware Day
Law enforcement takes down proxy botnets used by criminals
Ledger Recovers Discord Server After Phishing Scam Hits Moderator
Ledger secures Discord after hacker bot tried to steal seed phrases
Ledger Shuts Down Discord Server After Phishing Bot Targets Crypto Users
Lee Enterprises spent $2M for ransomware recovery
LockBit Ransomware Group Got Hacked
LockBit ransomware hacked, data on affiliates leaked
Major Retail Chains Suffer Data Breaches Amid Rising Cyber Threats to Consumer Trust
Majority of Browser Extensions Pose Critical Security Risk, A New Report Reveals
Marks & Spencer (M&S) and Co-op: What we know weeks after cyber attacks
Massive Alleged Steam Data Breach Results in Over 89 Million Records for Sale
Memphis-Shelby County Schools (MSCS) files suit against software company after data breach leaked info to hackers
Memphis-Shelby County Schools (MSCS) sues over PowerSchool hack, says 500,000 students had personal information accessed
Memphis-Shelby County Schools (MSCS) sues PowerSchool for data breach, court docs show
Microsoft spots zero-day use in spy campaign against Kurdish military in Iraq
Mobile Threat Management in 2025: What Enterprise Security Teams Miss
Moldova arrests suspect in ransomware attacks targeting Dutch firms
Moldova arrests suspect linked to DoppelPaymer ransomware attacks
More Organizations Are Using Software-Based Pentesting
New Phishing Attack Abusing Blob URLs to Bypass Secure Email Gateways (SEGs) and Evade Analysis
New SEO Poisoning Campaign Targeting IT Admins With Malware
Nitrogen Ransomware Exploits Antirootkit Driver File to Disable AV & EDR Tools
Nonprofits: 11 Crucial Steps To Take After A Data Breach Or Cyberattack
Output Messenger flaw exploited as zero-day in espionage attacks
Phishing Campaign Uses Blob URLs to Bypass Email Security and Avoid Detection
PowerSchool Attackers Extorting Teachers, Security Leaders Respond
Proof-of-Concept (PoC) of CPU-level ransomware attack raises alarm
Ransomware Can Attack Your CPU, Not Just Your OS: How to Be Prepared
Ransomware can now run directly on the CPU, researcher warns
Ransomware groups continue to cause havoc, despite disruptions
Rocky View Schools issues updated advisory with regard to PowerSchool data breach
Rounding Up the DNS Traces of RA World Ransomware
Russia’s aviation personnel's health data leaked en masse
Russian hacker claims UK has 'no idea' how to launch cyber attack on Putin's country
Scotland: Criminal investigation launched into cyber attack on schools
Scotland: Students attended school on weekend after centres hit by phishing attack
Sheffield: Co-op shoppers met with empty shelves due to devastating cyber-attack
SK Telecom (SKT) uncertain about financial impact of data breach
South Korea: Data breach triggers shift to eSIMs, boosting device innovation
Tennessee Attorney General’s Consumer Protection Division warns Tennesseans of phishing toll scams
Texas Attorney General Paxton Takes on Google - and Wins $1.375 Billion in Privacy Case
The Evolution of AI in Phishing Attacks
The Persistence Problem: Why Exposed Credentials Remain Unfixed - and How to Change That
This Microsoft 365 phishing campaign can bypass MFA - here's what we know
Thousands of Edinburgh Pupils Attend School on Saturday After Phishing Attack
Thousands of Node developers compromised by malware in popular npm packages
Threat actors target Brazil execs in phishing campaign
Türkiye-linked Hackers Exploit Output Messenger Zero-Day in Targeted Espionage Campaign
UEFI Ransomware Is So Last Year, Now It’s CPU Ransomware We Need To Worry About
UN Introduces New Cyber-attack Assessment Framework
UNC3944 (Scattered Spider) slows down but remains a threat
Unending ransomware attacks are a symptom, not the sickness
Upgraded crypto wallet drainer Inferno stole $9m in six months
US prosecutors recommend 2 years for Securities and Exchange Commission (SEC) hacker
Why security teams cannot rely solely on AI guardrails
You think ransomware is bad now? Wait until it infects CPUs
Your old router could be a security threat - here's why and what to do
Your password manager is under attack: How to defend yourself against a new threat
Zero Trust in the Age of Digital Transformation: The New Cybersecurity Paradigm
