All news with #data leak tag

Weekly Recap: Chrome 0-day, AI Threats, and Supply Chain Risk

🔒 This week's recap highlights rapid attacker innovation and urgent remediation: Google patched an actively exploited Chrome zero-day (CVE-2025-10585), while researchers demonstrated a DDR5 RowHammer variant that undermines TRR protections. Dual-use AI tooling and model namespace reuse risks surfaced alongside widespread supply-chain and phishing disruptions. Defenders should prioritize patching, harden model dependencies, and monitor for stealthy loaders.

Leaked Documents Reveal Business of Chinese Surveillance

🔍 Leaked documents reveal how Chinese companies build and sell censorship, surveillance, and propaganda systems, showing that firms such as Geedge work with universities, tailor offerings to different government clients, and even reuse competitors’ infrastructure. The account draws clear parallels with Western vendors that began as academic projects and commercialized via government contracts. These disclosures complicate the image of a purely top-down Great Firewall, highlighting corporate incentives and market dynamics behind tools of control.

Ransomware Still Evades Defenses Despite Protections

🔒 Picus Security's Blue Report 2025 shows ransomware continues to outpace defenses: overall prevention fell from 69% to 62% year-over-year, while data exfiltration prevention collapsed to just 3%. Both established families (BlackByte, BabLock, Maori) and emerging strains (FAUST, Valak, Magniber) bypass controls using credential theft, fileless techniques and staged execution. Picus recommends continuous Breach and Attack Simulation (BAS) to validate controls, deliver actionable fixes, and provide measurable evidence of readiness.

Ransomware Extortion Claim Targets BMW Group Servers

🔒 The BMW Group has been named on the darknet by the Everest ransomware group, which claims to have stolen critical BMW audit documents, according to screenshots reported by Cybernews. The gang placed two countdown timers on its onion site—one running to Sept. 14 and a second giving BMW 48 hours to make contact. BMW has not commented and the extortionists have not confirmed whether customer or personal data were taken; Cybernews researcher Aras Nazarovas advises waiting for a published sample to assess the scope.

Russia and China Target Germany's Economy: Survey Findings

🔍 A representative Bitkom survey of 1,002 German companies finds nearly three in four report rising attacks, estimating combined damage at €289 billion. 87% of executives said their organization experienced at least one attack in the past 12 months; 28% now suspect foreign intelligence involvement. Respondents most often pointed to China and Russia (46% each). Insurers report AI-generated false claims, prompting firms and authorities to adopt more holistic, AI-assisted defenses.

US Citizen Charged in Vastaamo Psychotherapy Data Extortion

🔒 Finnish prosecutors have charged 28-year-old US citizen Daniel Lee Newhard, an Estonia resident, with aiding and abetting the extortion tied to the notorious 2018 Vastaamo psychotherapy breach. Authorities say IP logs connected extortion infrastructure to an Estonian internet connection and to the suspect’s home address; Newhard denies the allegations. This development follows earlier convictions and ongoing appeals related to the broader Vastaamo scandal.

UK Arrests Two Teens Linked to Scattered Spider Hacks

🔒 UK law enforcement has arrested two teenagers allegedly tied to the Scattered Spider hacking group over an August 2024 cyberattack on Transport for London (TfL). Nineteen-year-old Thalha Jubair and 18-year-old Owen Flowers were detained; authorities say Jubair faces U.S. charges for dozens of intrusions, extortion and money laundering while Flowers faces additional charges linked to U.S. healthcare targets. Prosecutors allege the group extorted at least $115 million in ransoms and that law enforcement previously seized roughly $36 million in cryptocurrency tied to Jubair.

Top Dark Web Monitoring Tools for Threat Detection

🔎 The article explains why Dark Web monitoring is essential for CISOs and security teams, focusing on the discovery of leaked credentials, sensitive corporate data, and brand-abuse used in fraud and phishing. It profiles ten leading solutions and contrasts commercial Digital Risk Protection services with open-source intelligence platforms. The piece emphasizes integration with XDR/MDR, API access, takedown capabilities, and VIP and supply‑chain monitoring to prioritize responses and reduce business risk.

US and UK Charge Two Suspects in Scattered Spider Attacks

🔒 US and UK authorities have charged two UK-based teenagers linked to the Scattered Spider cybercrime group in connection with multiple high-profile intrusions. Thalha Jubair, 19, and Owen Flowers, 18, face US and UK charges including conspiracy to commit computer fraud, wire fraud, money laundering and offences under the UK Computer Misuse Act. Authorities allege extensive social engineering, ransomware extortion and transfers of victim cryptocurrency, with investigators attributing at least $115m in ransom payments to the group. The arrests follow a multinational probe and earlier detentions of other alleged members.

New York Blood Center Breach Exposes 194,000 Records

🔒 The New York Blood Center (NYBCe) confirmed that an unauthorized party accessed internal systems between January 20 and January 26, 2025, and copied files containing personal and health information for nearly 194,000 individuals. Compromised data includes names, Social Security numbers, driver's license or state ID numbers, bank account details for direct deposit, and health/test records. NYBCe says it moved quickly to contain the incident, is offering free identity protection through Experian, and has set up a call line for potentially affected people.

UK Arrests Teens Linked to Scattered Spider TfL Hack

🚨 Two teenagers have been arrested in the UK on suspicion of involvement in the August 2024 cyberattack against Transport for London; authorities say the suspects are believed to be members of the Scattered Spider collective. The National Crime Agency is prosecuting both on computer misuse and fraud-related charges, while U.S. prosecutors also filed charges against one suspect tied to multiple intrusions and extortion schemes. TfL reported that the breach disrupted internal systems and later confirmed customer data, including names and contact details, was compromised, causing operational disruption and financial losses.

SonicWall Urges Password Resets After Backup Files Exposure

🔒 SonicWall is urging customers to reset credentials after detecting suspicious activity that exposed firewall configuration backup files stored in MySonicWall cloud for under 5% of users. Although stored credentials were encrypted, the preference files contained information that could help attackers exploit related firewalls; the company says this was a series of brute-force accesses, not a ransomware event. Customers should verify backups, disable remote management and VPN access, reset passwords and TOTPs, review logs, and import the provided randomized preferences file that resets local passwords, TOTP bindings, and IPSec keys.

SonicWall: Cloud Backup Compromise Impacts 5% of Base

🔒 SonicWall has disclosed a security incident affecting its cloud backup service for firewalls, reporting that threat actors accessed stored preference files for roughly 5% of its install base. While credentials inside those files are encrypted, exposed metadata such as serial numbers could enable future targeting. SonicWall said this was not a ransomware event but a series of brute-force attempts. Impacted customers are asked to check MySonicWall, restrict WAN access, follow the vendor's remediation checklist, and import a supplied preferences file that randomizes local passwords and IPSec keys.

Zscaler ThreatLabz: Global Ransomware Surge 2024–2025

🔒 Zscaler's annual ThreatLabz Ransomware Report (April 2024–April 2025) warns of a marked rise in extortion-focused attacks: incidents increased 146% year-over-year while exfiltrated data grew 92%. The vendor attributes this to a strategic shift from pure encryption to data theft and public shaming, with criminals using stolen files as leverage. Researchers also report that generative AI is increasingly incorporated into attackers' playbooks to enable more targeted and efficient campaigns. The U.S. accounted for half of all recorded attacks, Germany saw a nearly 75% rise and is the EU's most affected country, and the most-targeted sectors were manufacturing, technology and healthcare.

Insight Partners Discloses 2024 Ransomware Breach Impacting

🔒 Insight Partners disclosed a ransomware attack that occurred around 25 October 2024 but was first detected on 16 January 2025. The firm says a sophisticated social engineering attack enabled a threat actor to exfiltrate data and encrypt servers before being expelled the same day. About 12,657 individuals may be affected; the firm offers free identity-theft protection and urges password resets and MFA.

Protecting SMBs From Ransomware: Trends and Defenses

🔒 Small and medium-sized businesses are increasingly targeted by ransomware gangs that exploit weak defenses, offer Ransomware-as-a-Service, and adapt tactics with AI-driven tools. RaaS industrialization and discoveries like ESET's PromptLock demonstrate how attackers can scale reconnaissance, exploitation and social engineering. SMBs face double-extortion, DDoS and coercive pressures while repeat payments remain an issue despite a decline in aggregate crypto payouts. Practical defenses—Zero Trust, timely patching, reliable backups, EDR/MDR and tested incident response—can materially reduce risk.

NCA to Lead Five Eyes Effort Against 'The Com' Networks

🔒 The UK's National Crime Agency will chair the Five Eyes Law Enforcement Group (FELEG) and concentrate on disrupting cybercrime, money laundering and online sexual abuse of children over the next two years. The NCA singled out loosely affiliated native-English networks known as 'The Com', which operate across messaging apps, gaming platforms and forums and share violent and child-abuse material. It also linked these groups to data-theft and extortion campaigns involving actors such as Scattered Spider, ShinyHunters and Lapsus$, citing incidents affecting retailers and luxury brands. FELEG has promoted the UK's Counter Terrorism Policing to full member status to strengthen responses to hybrid threats.

Pompompurin Resentenced: BreachForums Creator Jailed

🔒 Conor Brian Fitzpatrick, known online as "Pompompurin", has been resentenced to three years in prison after a U.S. appeals court overturned his earlier lenient term. He created and administered the notorious BreachForums, a marketplace for stolen data and hacking tools, and was arrested after the Department of Justice disrupted the site. Fitzpatrick had violated pretrial release conditions and pleaded guilty to hacking charges and possession of child sexual abuse material; the forum remains active under a new domain.

Brute-force Attacks Target SonicWall Cloud Backups

🔒 SonicWall warned that brute-force attacks against its firewall API used for cloud backups may have exposed preference files stored in customers' MySonicWall.com portals. The vendor has disabled the cloud backup capability and is urging admins to restrict or disable SSLVPN and Web/SSH management over the WAN, then reset passwords, keys, and secrets. Less than 5% of the install base had backups in the cloud, but that could still affect thousands of organizations. SonicWall has provided remediation guidance and will notify customers if their accounts show impacted serial numbers.

ShinyHunters Claims 1.5B Salesforce Records Stolen via Drift

🔒 The ShinyHunters extortion group claims they stole approximately 1.5 billion Salesforce records from 760 companies by abusing compromised Salesloft Drift and Drift Email OAuth tokens exposed in a Salesloft GitHub breach. The attackers reportedly accessed Account, Contact, Case, Opportunity, and User tables and searched exfiltrated data for secrets to pivot further. Google/Mandiant and the FBI are tracking the activity as UNC6040/UNC6395, and Salesforce urges customers to enable MFA, enforce least privilege, and manage connected apps carefully.