Attack vector: Phishing campaign lobs malicious SVG attachments at Ukrainian government email addresses www.databreachtoday.com/phishing-cam...

Three companies - Flo Health, Google and Flurry - have each agreed to shell out millions to fund a nearly $60M settlement of a proposed class action lawsuit accusing Flo of using tracking codes that shared info with Google and Flurry without their consent. www.databreachtoday.com/google-flo-h...

Weekly Cryptohack Roundup: —PGI head pleads guilty to scam —Scattered Spider hacker breached Crypto[.]com employee account —Royal Canadian Mounted Police seize CA$56 million from TradeOgre —Eurojust coordinates op to stop €100 million euro crypto fraud www.databreachtoday.com/cryptohack-r...

Weekly data breach roundup: —China Chopper hackers hit U.S. federal agency —U.S. Department of Homeland Security leaves high-value system unsecured —Interpol helps seize $439 million in a global crackdown —Stellantis discloses breach www.databreachtoday.com/breach-round...

Man arrested in England as police probe ransomware attack that's disrupted multiple European airports that use check-in and boarding software known as Muse, developed by Collins Aerospace, a subsidiary of RTX Corporation, formerly Raytheon Technologies. www.databreachtoday.com/suspected-co...

Unexpected new use for AI: Hackers behind a phishing campaign appear to have used artificial intelligence-generated code to hide malware behind a wall of overly complex and useless code. www.databreachtoday.com/hackers-obfu...

Stuck in limbo: Extradition from UK to US of alleged RaidForums admin www.databreachtoday.com/us-extraditi...

Things that continue to elude scientific observation: the Loch Ness Monster, Bigfoot and the ransomware hacker who voluntarily chose retirement. www.databreachtoday.com/blogs/volunt...

Two clinics notify 700,000 patients of alleged BianLian ransomware hack attacks www.databreachtoday.com/2-clinics-no...

European airport outages: Ransomware behind disruption of U.S.-based Collins Aerospace's Muse software, says the EU's cybersecurity agency www.databreachtoday.com/ransomware-b...

BBC West Midlands Radio is devoting its entire breakfast show to reporting on the Jaguar Land rover cyber attack today. Incredible to hear about the enormous impact it's having on local people who rely on the plant for direct and indirect employment. www.bbc.co.uk/sounds/play/...

Teenage Scattered Spider suspect arrested in Las Vegas. The male juvenile has been tied to hack attacks against MGM Resorts and Caesars Entertainment www.databreachtoday.com/teenage-scat...

Russian nation-state hackers join forces to target Ukraine, as researchers spot first-ever malware tie-up between the FSB's Turla and Gamaredon cyberespionage and hacking groups. www.govinfosecurity.com/russian-nati...

FBI leadership is pushing back against scrutiny over cyber cuts and cyber vacancies, as the FBI's director claims that 'supremely qualified' but unnamed leaders have replaced cyber officials who have left, retired or reportedly been fired. www.databreachtoday.com/fbi-pushes-b...

CrowdStrike buys Pangea for $260M to guard enterprise AI use www.databreachtoday.com/crowdstrike-...

Call the (security) doctor: Study finds 1.2 million medical devices exposed on internet www.databreachtoday.com/interviews/s...

Weekly Cryptohack Roundup: —US sanctions Iran shadow banking network —Nemo blames $2.6M exploit on developer errors, weak governance —THORChain founder hacked —Denver court rules pastor's $3.3M project a fraud —NYDFS tells banks to use blockchain analytics www.databreachtoday.com/cryptohack-r...

Weekly Data Breach Roundup —Microsoft hit RaccoonO365 —Outages persist at Colt Technology Services —Finland charges U.S. citizen over psychotherapy center hack —RevengeHotels hackers used AI —Breached: Prosper, Gucci, Alexander McQueen, Balenciaga www.databreachtoday.com/breach-round...

Bootstrapped device posture management startup Remedio secures $65m to tackle patch and vulnerability gaps www.databreachtoday.com/remedio-secu...

Scattered Spider sting: 2 English teens charged with attacks www.databreachtoday.com/scattered-sp...

Let AI do the shopping, says Google, as it debuts its "agent payments protocol," which creates a framework for AI-driven purchases. www.databreachtoday.com/let-ai-do-sh...

NASA and Google testing AI 'doctor in a box' for space missions www.databreachtoday.com/interviews/n...

ShinyHunters counts 1.5 billion stolen Salesforce records, after group reportedly scanned Salesloft's source code on GitHub, recovered OAuth tokens www.databreachtoday.com/shinyhunters...

What's old is new again as Iranian hackers exploit macros www.databreachtoday.com/whats-old-ne...

An apparent "Dune" aficionado is responsible for the first self-propagating attack on the npm JavaScript repository in what one security company has called one of the most severe JavaScript supply-chain attacks ever seen. www.databreachtoday.com/shai-hulud-b...

Rural healthcare alert in the USA: Under Trump's tax and spending law, the nation's 1,800 rural hospitals over the next 10 years could lose between $137 billion and $155 billion in Medicaid funding, posing IT and security concerns. www.databreachtoday.com/hhs-offers-5...

Delayed: The U.S. cybersecurity agency's new cyber incident reporting rule for critical infrastructure operators. www.databreachtoday.com/cisa-delays-...

Resentenced: Original BreachForums admin Conor Brian Fitzpatrick now given a 3-year prison sentence, after judge in January 2024 originally sentenced him to 17 days' worth of time served in jail and two decades of supervised release. www.databreachtoday.com/original-bre...

Scattered Spider tied to fresh attacks on financial services, undercutting the group's recent 'going dark' retirement claims. www.bankinfosecurity.com/scattered-sp...

Say hello to "SlopAds" fraud, so called because it relies on Android apps that a low-quality sheen indicative of content churned out by gen AI. www.databreachtoday.com/slopads-frau...

Vietnam probes breach of credit agency run by central bank, after cybercrime group ShinyHunters advertises 160 million stolen records www.bankinfosecurity.com/vietnam-prob...

Researchers spot copycat version of the infamous Petya/NotPetya malware that they've dub "HybridPetya." Not clear yet if it's in the wild or not. www.databreachtoday.com/hybridpetya-...

Data breach (recent) roundup: —Vidar infostealer = badder than ever —BlackDB admin pleads guilty —Akira ransomware hackers hack —Cursor flaw let hackers run code —Kazakhstan state oil company KazMunayGas denies hack —Wealthsimple and Hello Gym breached www.databreachtoday.com/breach-round...

Incident response lessons: Here's what blocks in-progress ransomware attacks the best www.databreachtoday.com/heres-what-b...

Attack that started with hack of Salesloft Drift's GitHub repository claims new victims in Tenable and Qualys www.databreachtoday.com/salesloft-dr...

Free the password, dude: Medical cannabis firm sued over health data exposure www.databreachtoday.com/medical-cann...

Burger King wants to have its way online by forcing a security researcher into taking down a blog post detailing security flaws allowing hackers to remotely eavesdrop on drive-through orders and access employees' personal information. www.databreachtoday.com/burger-king-...

Trump continues push for AI in schools as FTC probes risks chatbots pose to children's mental health www.databreachtoday.com/trump-contin...

The latest ISMG Editor' Panel probes: the Pentagon, Microsoft and Chinese Workers; other software supply chain risks; Cato's AI security buy. www.databreachtoday.com/ismg-editors...

Coding with AI assistants delivers faster performance but bigger flaws, necessitating robust security reviews of AI-generated code, study warns www.databreachtoday.com/coding-ai-as...

Agentic AI payments pose fresh fraud risks www.databreachtoday.com/another-risk...

Washington races to renew a critical cyber-threat sharing law, weeks before it expires www.databreachtoday.com/washington-r...

Sitecore warns that attackers exploited a now-patched zero-day vulnerability in the popular content management system that powers websites for companies including HSBC, L’Oréal, Toyota and United Airlines. www.databreachtoday.com/attackers-ex...

Sextortion risk alert sounded: Free, open source infostealer adds ability to grab webcam images when triggered by NSFW words displayed in browser www.databreachtoday.com/sextortion-r...

AI project stall-out: After billions of dollars in spending, 95% of enterprise projects never make it past pilots, MIT researchers have found. www.databreachtoday.com/most-ai-pilo...

Weekly Cryptohack Roundup —El Salvador splits its bitcoin reserve to mitigate quantum risks —Indian court jails cops over crypto kidnapping —Malvertising campaign hits Android users —Malware hides in npm packages using ethereum smart contracts for evasion www.databreachtoday.com/cryptohack-r...

Weekly Data Breach Roundup: —Teenage wasters behind Jaguar hack —Disney to settle U.S. child privacy case for $10 million —Texas sues PowerSchool —Spain scraps Huawei contract —PA AG confirms ransomware attack —Baltimore loses $1.5 million to BEC attack www.databreachtoday.com/breach-round...

European court preserves EU-US data privacy framework www.databreachtoday.com/eu-court-pre...

Hack of Dutch cancer screening lab is worse than first reported, as the count of victims balloons to 941,000 individuals www.databreachtoday.com/dutch-lab-ca...

Open to misuse: 1,000+ internet-connected servers running a tool that can deploy AI models locally www.databreachtoday.com/exposed-llm-...