All news with #data leak tag

Google: Cyber-Physical Attacks to Rise in Europe 2026

🚨 Google Cloud Security's Cybersecurity Forecast 2026 warns of a rise in cyber-physical attacks across EMEA targeting energy grids, transport and digital infrastructure. The report highlights increased state-sponsored espionage from Russia and China and anticipates these operations may form hybrid warfare combined with information operations to erode public trust. It also flags supply-chain compromises of managed service providers and software dependencies, and notes that cybercrime — including ransomware aimed at ERP systems — will remain a major disruptive threat to ICS/OT. Analysts further expect adversaries to increasingly leverage AI and multimodal deepfakes.

SonicWall Attributes September Backup Breach to State Actor

🔐 SonicWall has confirmed a state-sponsored threat actor was responsible for a September breach that exposed cloud-stored firewall configuration backup files. The company said the unauthorized access used an API call against a specific cloud environment and affected backups for fewer than 5% of customers. SonicWall engaged Google-owned Mandiant, implemented recommended mitigations, and released an Online Analysis Tool and a Credentials Reset Tool. Customers are advised to log in to MySonicWall.com to review devices and reset impacted credentials.

Hyundai AutoEver America: SSNs and IDs Exposed in Systems

🔐 Hyundai AutoEver America (HAEA) says hackers breached its IT environment, with the intrusion discovered on March 1, 2025. The investigation found unauthorized access dating back to February 22, 2025, and last observed activity on March 2, 2025. Affected data reportedly includes names and, according to the Massachusetts portal, Social Security numbers and driver's licenses. HAEA engaged external cybersecurity experts and law enforcement; the scope and number of individuals impacted remain unclear.

Half of Satellite Traffic Unencrypted, Exposing Data

🔭 Researchers at UC San Diego and the University of Maryland showed that a <$750 motorized satellite‑TV kit can intercept large volumes of geostationary traffic. They captured 3.7TB from 411 transponders across 39 satellites and found roughly half of sensitive streams — including VoIP, SMS, in‑flight Wi‑Fi and military telemetry — were unencrypted. Some operators patched rapidly, but many did not respond. Users should adopt VPNs, end‑to‑end messaging and prefer encrypted cellular services.

SonicWall: State-Sponsored Hackers Behind September Breach

🔒 SonicWall says a Mandiant-led investigation concluded that state-sponsored actors accessed cloud-stored firewall configuration backup files in September. The company reports the activity was isolated to a specific cloud environment and did not affect SonicWall products, firmware, source code, or customer networks. As a precaution, customers were advised to reset account credentials, temporary access codes, VPN passwords, and shared IPSec secrets. SonicWall also stated there is no connection between the breach and separate Akira ransomware activity.

Operation Chargeback: Dismantling Global Card-Fraud Rings

🔍 Operation Chargeback led to coordinated raids and arrests targeting three alleged international fraud and money-laundering networks that exploited stolen payment data from more than 4.3 million cardholders across 193 countries. Authorities executed 60 searches and 18 arrest warrants after nearly five years of investigation, seizing assets and digital evidence. Investigators say the groups generated roughly 19 million fraudulent subscription charges, abused payment-provider systems and used shell companies to launder proceeds while masking low-value recurring fees to avoid detection.

University of Pennsylvania Confirms Data Stolen in Breach

🔒 The University of Pennsylvania confirmed attackers used compromised credentials obtained via a sophisticated social engineering identity impersonation to access systems supporting development and alumni operations. The breach, discovered October 31, allowed exfiltration of approximately 1.71 GB of documents from SharePoint and Box and an alleged copy of a Salesforce donor marketing database of about 1.2 million records. Penn has engaged the FBI and CrowdStrike, revoked access, increased monitoring, and warned its community to be cautious of phishing and suspicious outreach while the investigation continues.

10 Promising Cybersecurity Startups CISOs Should Know

🔒 This roundup profiles ten cybersecurity startups founded in 2020 or later that CISOs should watch, chosen for funding, leadership, customer traction, and strategic clarity. It highlights diverse categories including non-human identity, software supply chain, data security posture, and AI agent security. Notable vendors such as Astrix, Chainguard, Cyera, and Drata have raised substantial capital and achieved rapid enterprise adoption. The list underscores investor enthusiasm and the rise of runtime‑focused and agentic defenses.

CrowdStrike: Rise in Physical Attacks on Privileged Users

🔒 CrowdStrike's 2025 analysis documents a sharp rise in physical attacks and kidnappings tied to cyber intrusions, concentrated in Europe. The report cites the January 2025 kidnapping of a Ledger co‑founder and records 17 similar incidents in Europe from January through September 2025, 13 of them in France. Consultants warn attackers increasingly pair cyber operations with real‑world violence, driving organizations to strengthen physical and executive security and adjust incident response playbooks.

Apache OpenOffice Denies Akira Ransomware Breach Claims

🔒 The Apache Software Foundation says there is no evidence that Apache OpenOffice was breached after the Akira ransomware gang claimed on October 30 that it had stolen 23 GB of corporate documents. The Foundation notes it does not maintain payroll-style employee records or the types of financial and identity documents described, and it has not received a ransom demand. An internal investigation so far has found no compromise and Akira has not published any of the alleged data.

Scattered Spider, LAPSUS$, and ShinyHunters: SLH Collective

🕸 The nascent Scattered LAPSUS$ Hunters (SLH) collective — a merging of Scattered Spider, LAPSUS$, and ShinyHunters — has repeatedly recreated its Telegram presence, cycling channels at least 16 times since August 8, 2025. The group markets an extortion-as-a-service offering to affiliates, targets organizations including those using Salesforce, and has teased a custom ransomware family called Sh1nySp1d3r. Trustwave SpiderLabs assesses SLH as blending financially motivated crime with attention-seeking hacktivism and sophisticated brand management.

Data Breach at Major Swedish Supplier Exposes 1.5M Records

🔒 Miljödata, an IT systems supplier for roughly 80% of Sweden's municipalities, disclosed an August 25 cyberattack that exposed personal data tied to 1.5 million people and included a 1.5 BTC extortion demand. The incident disrupted services across multiple regions and prompted immediate involvement from CERT‑SE, police and the Swedish Authority for Privacy Protection (IMY). Investigations will prioritize Miljödata's security and municipal data handling, with special attention to children's data and protected identities.

Nikkei Slack Compromise Exposes Data of 17,368 People

🔐 Nikkei disclosed that unauthorized actors accessed employee Slack accounts after an employee's computer was infected with malware and credentials were stolen. The breach exposed the names, email addresses, and chat histories of 17,368 registered users. Nikkei discovered the incident in September, enforced mandatory password resets, and voluntarily notified the Personal Information Protection Commission, stating that journalist sources and reporting data were not compromised.

Scattered LAPSUS$ Hunters Unite ShinyHunters Alliance

🔎 Trustwave SpiderLabs has identified a coordinated alliance now operating as Scattered LAPSUS$ Hunters (SLH), merging reputational capital from Scattered Spider, ShinyHunters and LAPSUS$. The collective presents a unified operational brand, complete with a named "Operations Centre," centralized narrative and affiliate-driven extortion model. Analysis attributes fewer than five core operators managing roughly 30 personas and highlights Telegram as a persistent command-and-branding hub. Trustwave warns this consolidation aims to fill the vacuum left by the collapse of BreachForums and to sustain public, intimidation-based extortion tactics.

DragonForce Emerges as Conti-Derived Ransomware Cartel

🛡️DragonForce, a ransomware operation built from leaked Conti source code, has restructured into a self-styled cartel that recruits affiliates and encourages branded variants. Researchers at Acronis report it retains Conti’s ChaCha20/RSA encryption, SMB-based network spreading, and multiple encryption modes while employing a hidden configuration system. Operators have pursued aggressive tactics — including defacing rival leak sites and aligning with access brokers like Scattered Spider — and have threatened victims with decryptor deletion and data leaks.

Ex-Incident Response Staff Indicted for BlackCat Attacks

🔒 Three former incident response employees from DigitalMint and Sygnia have been indicted for allegedly carrying out ALPHV/BlackCat ransomware attacks on five U.S. companies between May and November 2023. Prosecutors say the defendants accessed networks, exfiltrated data, deployed encryption malware, and demanded ransoms ranging from $300,000 to $10 million, with one victim paying $1.27 million. Two named defendants face federal extortion and computer-damage charges that carry up to 20 and 10 years in prison respectively.

Weekly Recap: Lazarus Web3 Attacks and TEE.Fail Risks

🔐 This week's recap highlights a broad set of high‑impact threats, from a suspected China‑linked intrusion exploiting a critical Motex Lanscope flaw to deploy Gokcpdoor, to North Korean BlueNoroff campaigns targeting Web3 executives. Researchers disclosed TEE.fail, a low‑cost DDR5 side‑channel that can extract secrets from Intel and AMD TEEs. Also noted: human‑mimicking Android banking malware, WSL‑based ransomware tactics, and multiple high‑priority CVEs.

Conti Suspect Appears in US Court After Extradition

🔒 A Ukrainian national extradited from Ireland has appeared in a US court, accused of conspiring to deploy Conti ransomware and manage stolen data and ransom notes. Authorities allege Oleksii Lytvynenko participated in attacks between 2020 and July 2022 that resulted in more than $500,000 in cryptocurrency extorted from victims in the Tennessee district and the publication of additional stolen data. He faces computer fraud and wire fraud conspiracy charges and could receive up to 25 years in prison if convicted.

European Ransomware Leak-Site Victims Spike in 2025

🔒 CrowdStrike's 2025 European Threat Landscape Report found a 13% year-on-year rise in ransomware victims across Europe, with the UK hardest hit. The study, covering leak sites from September 2024 to August 2025, identified 1,380 victims and noted that since January 2024 more than 2,100 organisations were named on extortion sites, with 92% involving file encryption and data theft. The report highlights Akira and LockBit as the most active groups and warns of persistent big-game hunting, growing vishing campaigns and an emerging Violence-as-a-Service threat landscape.

4th Circuit Lowers Proof Threshold in Data Breach Suits

🔒 In October the 4th U.S. Circuit Court of Appeals ruled that listing stolen consumer data on the dark web can be sufficient to let plaintiffs proceed in data-breach lawsuits. The panel determined that dark-web publication — paywalled or not — increases the risk of fraud and is therefore materially different from mere theft. CISOs should monitor dark-web exposure and preserve evidence of publicization to assess legal and financial risk.