All news with #data leak tag

npm Supply-Chain Worm 'Shai-Hulud' Compromises Packages

🛡️ CISA released an alert about a widespread software supply chain compromise affecting the npm registry: a self-replicating worm called 'Shai-Hulud' has compromised over 500 packages. The actor harvested GitHub Personal Access Tokens and cloud API keys for AWS, Google Cloud, and Azure, exfiltrating them to a public repository and using them to publish malicious package updates. CISA recommends immediate dependency reviews, credential rotation, enforcing phishing-resistant MFA, pinning package versions to releases before Sept. 16, 2025, hardening GitHub settings, and monitoring for anomalous outbound connections.

Stellantis Confirms Third-Party Cybersecurity Breach

🔒 Stellantis has confirmed unauthorized access to a third‑party service provider platform that supports its North American customer service operations. The group said affected customer information was potentially exposed but limited to contact details and did not include stored financial or other sensitive data. Stellantis activated incident response protocols, notified authorities and began informing impacted customers while warning them to expect phishing attempts. Security researchers and outlets linked the incident to claims by ShinyHunters and a recent series of Salesforce-related data breaches.

Jaguar Land Rover Extends Production Pause After Cyberattack

🚗 Jaguar Land Rover has extended a production shutdown until Wednesday 1 October 2025 after a major cyber incident that halted its Solihull, Halewood and Wolverhampton plants. The company said teams are working with cybersecurity specialists, the NCSC and law enforcement while it investigates, and warned the outage has already cost an estimated £120m in profits and £1.7bn in revenue. Unions have called for government-backed support for suppliers facing bankruptcy amid cascading supply-chain risk.

AAPB Fixes IDOR Bug That Exposed Restricted Media Files

🔒 A vulnerability in the American Archive of Public Broadcasting allowed protected and private media to be downloaded for years by abusing an IDOR flaw. A simple Tampermonkey script could alter media ID parameters in background fetch/XHR calls and bypass access controls, returning content instead of a '403 Forbidden'. The issue was reported to AAPB, confirmed by a spokesperson, and patched within 48 hours, but the full scope of prior access remains unknown.

Stellantis: Customer Contact Data Stolen in Salesforce Hack

🔒 Stellantis confirmed unauthorized access to a third-party platform supporting its North American customer service operations, and said attackers stole customer contact information. The company stated the compromised system did not contain financial or other sensitive personal data and that it activated incident response procedures and notified authorities. Reports link the incident to a broader wave of Salesforce-related intrusions claimed by ShinyHunters, and customers are being urged to watch for phishing attempts.

ComicForm and SectorJ149 Deploy FormBook via Phishing

🔒 Security researchers at F6 disclosed a phishing campaign by a previously undocumented group dubbed ComicForm that has been active since at least April 2025, targeting organizations in Belarus, Kazakhstan, and Russia. The attackers use RR archives containing Windows executables masquerading as PDFs to deploy an obfuscated .NET loader and a chain of DLLs culminating in the FormBook stealer. The malware creates scheduled tasks and adds Microsoft Defender exclusions, while some phishing sites mimic domestic document services and capture credentials by posting them to attacker-controlled domains.

SonicWall Advisory After MySonicWall Cloud Backup Incident

🔐 SonicWall released an advisory after identifying unauthorized access to a subset of customer cloud backup preference files stored via the MySonicWall portal. SonicWall’s investigation indicates a threat actor used brute force methods against MySonicWall.com to retrieve preference files that, while containing encrypted credentials, included other device-specific data that could enable access to SonicWall firewall devices. CISA urges customers to log into their accounts to verify exposures and to follow the advisory’s containment and remediation steps immediately.

Weekly Recap: Chrome 0-day, AI Threats, and Supply Chain Risk

🔒 This week's recap highlights rapid attacker innovation and urgent remediation: Google patched an actively exploited Chrome zero-day (CVE-2025-10585), while researchers demonstrated a DDR5 RowHammer variant that undermines TRR protections. Dual-use AI tooling and model namespace reuse risks surfaced alongside widespread supply-chain and phishing disruptions. Defenders should prioritize patching, harden model dependencies, and monitor for stealthy loaders.

Leaked Documents Reveal Business of Chinese Surveillance

🔍 Leaked documents reveal how Chinese companies build and sell censorship, surveillance, and propaganda systems, showing that firms such as Geedge work with universities, tailor offerings to different government clients, and even reuse competitors’ infrastructure. The account draws clear parallels with Western vendors that began as academic projects and commercialized via government contracts. These disclosures complicate the image of a purely top-down Great Firewall, highlighting corporate incentives and market dynamics behind tools of control.

Ransomware Still Evades Defenses Despite Protections

🔒 Picus Security's Blue Report 2025 shows ransomware continues to outpace defenses: overall prevention fell from 69% to 62% year-over-year, while data exfiltration prevention collapsed to just 3%. Both established families (BlackByte, BabLock, Maori) and emerging strains (FAUST, Valak, Magniber) bypass controls using credential theft, fileless techniques and staged execution. Picus recommends continuous Breach and Attack Simulation (BAS) to validate controls, deliver actionable fixes, and provide measurable evidence of readiness.

Ransomware Extortion Claim Targets BMW Group Servers

🔒 The BMW Group has been named on the darknet by the Everest ransomware group, which claims to have stolen critical BMW audit documents, according to screenshots reported by Cybernews. The gang placed two countdown timers on its onion site—one running to Sept. 14 and a second giving BMW 48 hours to make contact. BMW has not commented and the extortionists have not confirmed whether customer or personal data were taken; Cybernews researcher Aras Nazarovas advises waiting for a published sample to assess the scope.

Russia and China Target Germany's Economy: Survey Findings

🔍 A representative Bitkom survey of 1,002 German companies finds nearly three in four report rising attacks, estimating combined damage at €289 billion. 87% of executives said their organization experienced at least one attack in the past 12 months; 28% now suspect foreign intelligence involvement. Respondents most often pointed to China and Russia (46% each). Insurers report AI-generated false claims, prompting firms and authorities to adopt more holistic, AI-assisted defenses.

US Citizen Charged in Vastaamo Psychotherapy Data Extortion

🔒 Finnish prosecutors have charged 28-year-old US citizen Daniel Lee Newhard, an Estonia resident, with aiding and abetting the extortion tied to the notorious 2018 Vastaamo psychotherapy breach. Authorities say IP logs connected extortion infrastructure to an Estonian internet connection and to the suspect’s home address; Newhard denies the allegations. This development follows earlier convictions and ongoing appeals related to the broader Vastaamo scandal.

UK Arrests Two Teens Linked to Scattered Spider Hacks

🔒 UK law enforcement has arrested two teenagers allegedly tied to the Scattered Spider hacking group over an August 2024 cyberattack on Transport for London (TfL). Nineteen-year-old Thalha Jubair and 18-year-old Owen Flowers were detained; authorities say Jubair faces U.S. charges for dozens of intrusions, extortion and money laundering while Flowers faces additional charges linked to U.S. healthcare targets. Prosecutors allege the group extorted at least $115 million in ransoms and that law enforcement previously seized roughly $36 million in cryptocurrency tied to Jubair.

Top Dark Web Monitoring Tools for Threat Detection

🔎 The article explains why Dark Web monitoring is essential for CISOs and security teams, focusing on the discovery of leaked credentials, sensitive corporate data, and brand-abuse used in fraud and phishing. It profiles ten leading solutions and contrasts commercial Digital Risk Protection services with open-source intelligence platforms. The piece emphasizes integration with XDR/MDR, API access, takedown capabilities, and VIP and supply‑chain monitoring to prioritize responses and reduce business risk.

US and UK Charge Two Suspects in Scattered Spider Attacks

🔒 US and UK authorities have charged two UK-based teenagers linked to the Scattered Spider cybercrime group in connection with multiple high-profile intrusions. Thalha Jubair, 19, and Owen Flowers, 18, face US and UK charges including conspiracy to commit computer fraud, wire fraud, money laundering and offences under the UK Computer Misuse Act. Authorities allege extensive social engineering, ransomware extortion and transfers of victim cryptocurrency, with investigators attributing at least $115m in ransom payments to the group. The arrests follow a multinational probe and earlier detentions of other alleged members.

New York Blood Center Breach Exposes 194,000 Records

🔒 The New York Blood Center (NYBCe) confirmed that an unauthorized party accessed internal systems between January 20 and January 26, 2025, and copied files containing personal and health information for nearly 194,000 individuals. Compromised data includes names, Social Security numbers, driver's license or state ID numbers, bank account details for direct deposit, and health/test records. NYBCe says it moved quickly to contain the incident, is offering free identity protection through Experian, and has set up a call line for potentially affected people.

UK Arrests Teens Linked to Scattered Spider TfL Hack

🚨 Two teenagers have been arrested in the UK on suspicion of involvement in the August 2024 cyberattack against Transport for London; authorities say the suspects are believed to be members of the Scattered Spider collective. The National Crime Agency is prosecuting both on computer misuse and fraud-related charges, while U.S. prosecutors also filed charges against one suspect tied to multiple intrusions and extortion schemes. TfL reported that the breach disrupted internal systems and later confirmed customer data, including names and contact details, was compromised, causing operational disruption and financial losses.

SonicWall Urges Password Resets After Backup Files Exposure

🔒 SonicWall is urging customers to reset credentials after detecting suspicious activity that exposed firewall configuration backup files stored in MySonicWall cloud for under 5% of users. Although stored credentials were encrypted, the preference files contained information that could help attackers exploit related firewalls; the company says this was a series of brute-force accesses, not a ransomware event. Customers should verify backups, disable remote management and VPN access, reset passwords and TOTPs, review logs, and import the provided randomized preferences file that resets local passwords, TOTP bindings, and IPSec keys.

SonicWall: Cloud Backup Compromise Impacts 5% of Base

🔒 SonicWall has disclosed a security incident affecting its cloud backup service for firewalls, reporting that threat actors accessed stored preference files for roughly 5% of its install base. While credentials inside those files are encrypted, exposed metadata such as serial numbers could enable future targeting. SonicWall said this was not a ransomware event but a series of brute-force attempts. Impacted customers are asked to check MySonicWall, restrict WAN access, follow the vendor's remediation checklist, and import a supplied preferences file that randomizes local passwords and IPSec keys.