April 2025: Major Cyber Attacks, Ransomware Attacks and Data Breaches

Date: 1 May 2025

Featured Image

A massive cyber-attack on retail giant Marks and Spencer leads to postponed deliveries, halted online transactions, and frozen gift card processing. A large-scale phishing campaign compromises corporate email marketing accounts at Mailchimp, SendGrid, HubSpot, Mailgun, and Zoho. Car Rental Giant Hertz begins notifying customers of a massive breach of data.

And all of this is just the tip of the iceberg when it comes to the major cyber attacks, ransomware attacks and data breaches of April 2025. 

  1. Ransomware Attacks in April 2025
  2. Data Breaches in April 2025 
  3. Cyber Attacks in April 2025
  4. New Malware and Ransomware Discovered
  5. Vulnerabilities Discovered and Patches Released 
  6. Advisories issued, reports, analysis etc. in April 2025

April was another brutal reminder that threat actors don’t pause—and neither should you. From aggressive ransomware groups crippling operations to stealthy supply chain breaches compromising trusted software, last month’s cyber attacks exposed just how fragile even the most well-funded defences can be. It’s not about if you’ll be targeted—it’s when, how fast, and how hard.

The organisations that survived April’s chaos with minimal damage weren’t just lucky—they were prepared. They didn’t rely on static PDFs or outdated protocols. They had battle-tested Cyber Incident Response Plans, and they drilled for failure with realistic, scenario-driven Cyber Tabletop Exercises. At Cyber Management Alliance, our NCSC Assured Cyber Incident Response training and cyber crisis simulations are designed for exactly this: building high-functioning IR muscle that doesn’t break under pressure.

So as you scan through this month’s major breaches, ask yourself—Would your team execute or freeze if your world went dark tomorrow morning? If there’s even a hint of doubt, it’s time to train like you’re next.

Ransomware Attacks in April 2025

Date

Victim

Summary

Threat Actor

Business Impact

Source Link

April 09, 2025

Tech manufacturer Sensata

Industrial tech manufacturer Sensata says ransomware attack is impacting production

Unknown

The incident has temporarily impacted Sensata’s operations, including shipping, receiving, manufacturing production, and various other support functions.

Sensata ransomware attack

April 09, 2025

South African telecom provider, Cell C

South African telecom provider serving 7.7 million confirms data leak following cyber attack

RansomHouse

South Africa’s fourth-largest mobile network operator, Cell C, has confirmed that its data was leaked on the dark web following a cyber attack last year. The hacker group responsible for the attack, RansomHouse, claimed to have breached 2TB of the company’s data. Cell C stated that the hackers gained unauthorized access to certain parts of its IT systems.

Source: The Record Media

April 14 and 25, 2025

DaVita

Dialysis firm DaVita hit by ransomware attack, says patient care continues

Interlock

DaVita said it was hit by a ransomware attack that encrypted certain elements of its network, and some of its operations remained disrupted despite interim measures. The Interlock ransomware gang, which claims to have stolen 1.51 terabytes of data from Davita, posted samples of the stolen information.

Source: Reuters

April 22, 2025

Baltimore City Public Schools 

Thousands of Baltimore students, teachers affected by data breach following February ransomware attack

Cloak Ransomware

Thousands of students, teachers and administrators had information stolen from the Baltimore City Public Schools system during a ransomware attack in February as officials at Baltimore City Public Schools published a breach notice on Tuesday warning that a cyber incident on February 13 exposed certain IT systems within the network.

Source: The Record Media

April 25, 2025

Stadtwerke Schwerte GmbH

Stadtwerke Schwerte GmbH falls victim to Nitrogen Ransomware

Nitrogen Ransomware

Hackers claimed to obtain sensitive employee data and financial documents belonging to Stadtwerke Schwerte as they carry sample screenshots on their dark web portal.

Unverified info/source

April 25, 2025

Saudi Binladin Group

Saudi Binladin Group falls victim to SatanLock Ransomware

SatanLock Ransomware

Hackers’ group claimed to have the organization's data.

Unverified info/source

April 26, 2025

MDB Srl

MDB Srl falls victim to RHYSIDA Ransomware

RHYSIDA Ransomware

The ransomware group claimed to have the organization's data and planned to publish it within a week.

Unverified info/source

April 26, 2025

Jordan Kuwait Bank

Jordan Kuwait Bank falls victim to Everest Ransomware

Everest Ransomware

Hackers said they obtained 11.7 GB of the organisation's data and planned to publish this stolen data within 2-3 days.

Unverified info/source

April 26, 2025

Sisnet Consultores

Sisnet Consultores falls victim to NightSpire Ransomware

NightSpire Ransomware

Hackers claimed to have obtained 30 GB of the organisation's data and intended to publish it within 1-2 days.

Unverified info/source

April 27, 2025

Diallog Telecommunications Corp

Diallog Telecommunications Corp falls victim to RALord Ransomware

RALord ransomware

Threat actors claimed to have obtained 50 GB of the organisation's data and intended to publish it in 7-8 days.

Unverified info/source

April 27, 2025

Hitachi Vantara

Hitachi Vantara takes servers offline after Akira ransomware attack

Akira ransomware

Hitachi Vantara said it has experienced a ransomware incident that has resulted in a disruption to some of its systems.

Hitachi Vantara ransomware attack


 
Back to Top 

caadf31e-29cc-449b-8f04-7d2bacd8e938

Data Breaches in April 2025

Date

Victim

Summary

Threat Actor

Business Impact

Source Link

April 02, 2025

Royal Mail, and Spectos GmbH

Royal Mail investigates data leak claims, no impact on operations

"GHNA" handle on BreachForums

​Royal Mail is investigating claims of a security breach after a threat actor leaked over 144GB of data allegedly stolen from the company's systems. A Royal Mail spokesperson said that the British postal service is aware of an incident at Spectos GmbH, a third-party data collection and analytics service provider. Spectos confirmed in a statement shared with BleepingComputer that its systems were breached on March 29, and the attackers gained access to customer data.

Source: Bleeping Computer

April 02, 2025

Port of Seattle

Port of Seattle ‘s August data breach impacted 90,000 people

Rhysida Ransomware

The Port of Seattle revealed that the ransomware attack impacted 90,000 people. The Port started notifying impacted individuals after their personal information was compromised. This incident was a “ransomware” attack by the criminal organisation known as Rhysida. 

Port of Seattle data breach update

April 02, 2025

Texas State Bar

Texas State Bar warns of data breach after INC ransomware claims attack

INC Ransomware 

The threat actors were able to steal information from the network, including full names and other data that is redacted in the public data breach notifications filed with Attorney Generals' offices. A notice given by the victim said through the investigation, we determined that there was unauthorised access to our network between January 28, 2025 and February 9, 2025.

Source: Bleeping Computer

April 03, 2025

The city of Lubbock, Texas

Texas city warns thousands of utility payment site breach

Unknown

At least 12,000 people had sensitive financial information stolen by hackers who secretly implanted malicious code into the utility payment website of the city of Lubbock, Texas. The city said the people impacted include anyone who made a utility payment between December 18, 2024, and January 6, 2025. That includes those who paid utilities bills for water, wastewater, storm water and solid waste. The hackers stole names, billing addresses, payment card numbers, CVVs and expiration dates.

Source: The Record Media

April 03, 2025

A multinational car-rental company Europcar Mobility Group

Europcar GitLab breach exposes data of up to 200,000 customers

Europcar (A breachforums name

A hacker breached the GitLab repositories of multinational car-rental company Europcar Mobility Group and stole source code for Android and iOS applications, as well as some personal information belonging to up to 200,000 customers. The actor tried to extort the company by threatening to publish 37GB of data that includes backups and details about the company’s cloud infrastructure and internal applications.

Source: Bleeping Computer

April 04, 2025

AustralianSuper, Hostplus, REST and Australian Retirement Trust, and Insignia Financial

Australian pension funds hit by wave of credential stuffing attacks

Unknown

A massive wave of credential stuffing attacks hit multiple large Australian super funds, compromising thousands of members’ accounts. Reuters learned from a source familiar with the matter that over 20,000 accounts were, allegedly, breached in this massive wave of attacks targeting Australia's superannuation industry, with some members reportedly losing some of their savings. 

Source: Bleeping Computer

April 08, 2025

U.S. Office of the Comptroller of the Currency (OCC)

US banking regulator reports on ‘major’ cyber incident involving senior officials’ emails

Unknown

The OCC discovered that the unauthorised access to a number of its executives’ and employees’ emails included highly sensitive information relating to the financial condition of federally regulated financial institutions used in its examinations and supervisory oversight processes. A source said the unidentified hackers had access to the email accounts of about 100 senior officials and more than 150,000 emails dating back to June 2023.

Source: The Record Media 

April 10, 2025

Laboratory Services Cooperative (LSC)

US lab testing provider exposed health data of 1.6 million people

Unknown

Laboratory Services Cooperative (LSC) has released a statement informing it suffered a data breach where hackers stole sensitive information of roughly 1.6 million people from its systems.

Source: Bleeping Computer

April 10, 2025

Western Sydney University

Western Sydney University discloses security breaches, data leak

Unknown

Western Sydney University (WSU) announced two security incidents that exposed personal information belonging to members of its community. One of the incidents disclosed concerns the compromise of one of the University’s single sign-on (SSO) systems between January and February 2025. This breach has reportedly led to the unauthorized access of demographic, enrollment, and progression information for approximately 10,000 current and former students. The second cybersecurity incident concerns a leak on the dark web of personal information belonging to members of the University’s community as hackers published the data on November 1, 2024, WSU only became aware of it this year on March 24.

Source: Bleeping Computer

April 14, 2025

Govtech giant Conduent

Govtech giant Conduent confirms client data stolen in January cyber attack

Unknown

In a new FORM-8K filing with the SEC, Conduent has now confirmed that threat actors had stolen files containing information about the company's customers. As part of its ongoing investigation, the Company determined that the threat actor exfiltrated a set of files associated with a limited number of the Company's clients.

Source: Bleeping Computer

April 14, 2025

Hertz

Hertz says customers’ personal data and driver’s licenses stolen in data breach

Cl0p Ransomware 

Car rental giant Hertz has begun notifying its customers of a data breach caused by CL0P ransomware. The stolen data varies by region, but largely includes Hertz customers’ names, dates of birth, contact information, driver’s licenses, payment card information, and workers’ compensation claims.

Hertz data breach

April 14, 2025

Landmark Admin, Young Consulting

2.6 Million Impacted by Landmark Admin, Young Consulting Data Breaches

Unknown hacker was behind Landmark incident but BlackSuit claimed for Young Consulting  

More than 2.6 million individuals were impacted by two data breaches at insurance administrator Landmark Admin and software solutions provider Young Consulting, according to fresh filings with regulatory agencies.

Landmark Admin, Young Consulting data breach

April 16, 2025

Ahold Delhaize

Delhaize confirms data was stolen from its U.S. business systems during a November 2024 cyber attack

INC Ransomware

Food retail giant Ahold Delhaize confirms that data was stolen from its U.S. business systems during a November 2024 cyber attack. The firm said that based on its investigation to date, certain files were taken from some of their internal U.S. business systems.

Source: Bleeping Computer

April 17, 2025

Legends International 

Entertainment services giant Legends International discloses data breach

Unknown

Entertainment venue management firm Legends International warns it suffered a data breach in November 2024, which has impacted employees and people who visited venues under its management.

Source: Bleeping Computer

April 23, 2025

Yale New Haven Health

Yale New Haven Health data breach affects 5.5 million patients

Unknown

Yale New Haven Health (YNHHS) warned that threat actors stole the personal data of 5.5 million patients in a cyber attack earlier this month.

Source: Bleeping Computer

April 23, 2025

Frederick Health

Frederick Health data breach impacts nearly 1 million patients

Unknown

​A ransomware attack in January at Frederick Health Medical Group, a major healthcare provider in Maryland, has led to a data breach affecting nearly one million patients.

Source: Bleeping Computer

April 24, 2025

Blue Shield of California, Onsite Mammography, Kelly & Associates Insurance Group, Behavioral Health Resources, Hamilton Health Care System, Central Texas Pediatric Orthopedics and Medical Express Ambulance Service

Millions impacted by data breaches at Blue Shield of California, mammography service and more

Unknown

The sensitive healthcare information of millions in the U.S. has been leaked through data breaches that multiple insurance companies, clinics, hospitals and more reported recently. The largest involves Blue Shield of California, which informed the U.S. Department of Health and Human Services (HHS) of an incident impacting 4.7 million people. 

Source: The Record Media

April 25, 2025

Long Beach, California

Nearly 500,000 impacted by 2023 cyber attack on Long Beach, California

Unknown

More than a year after a cyber attack on the government of Long Beach, California, the city is informing residents that information on nearly half a million people was leaked. In breach notification documents filed in multiple states, the city said 470,060 people had sensitive data accessed by hackers who breached government systems during a cyber attack in November 2023.

Source: The Record Media

April 25, 2025

MTN Mobile

Mobile provider MTN says cyber attack compromised customer data

Unknown

African mobile giant MTN Group announced that a cybersecurity incident has compromised the personal information of some of its subscribers in certain countries.

Source: Bleeping Computer

April 28, 2025

Urban One

Media firm Urban One confirms data breach after cybercriminals claim February attack

Cactus ransomware 

Media conglomerate Urban One reported a data breach in recent days involving the personal information of employees and more. The media company said the cyberattack began on February 13 and was initiated through a sophisticated social engineering campaign.

Source: The Record Media


Back to Top 

 

Cyber Attacks in April 2025

Date

Victim

Summary

Threat Actor

Business Impact

Source Link 

April 02, 2025

A Native tribe in Minnesota; The Lower Sioux Indian Community

Native tribe in Minnesota says cyber incident knocked out healthcare, casino systems

RansomHub ransomware gang

The Lower Sioux Indian Community warned residents that a cyber attack caused disruptions for the local healthcare facility, government center and casino. Researchers from cybersecurity firm ESET said in a detailed report in the previous week that the group has gained prominence by developing a special type of malware — called EDRKillShifter — designed to terminate, blind or crash the endpoint detection and response (EDR) security products typically installed on a victim’s system.

Cyber attack on the Lower Sioux Indian Community

April 04, 2025

Corporate accounts at Mailchimp, SendGrid, HubSpot, Mailgun, and Zoho

PoisonSeed phishing campaign behind emails with wallet seed phrases

Unknown

A large-scale phishing campaign dubbed 'PoisonSeed' compromises corporate email marketing accounts to distribute emails containing crypto seed phrases used to drain cryptocurrency wallets. According to SilentPush, the campaign targets Coinbase and Ledger using compromised accounts at Mailchimp, SendGrid, HubSpot, Mailgun, and Zoho.

PoisonSeed phishing cyber attack

April 09, 2025

Oregon Department of Environmental Quality (DEQ)

Oregon’s environmental agency shuts down network after cyber attack

Unknown

Cyberattack forced officials at the Oregon Department of Environmental Quality (DEQ) to shut down the organisation’s network.

Source: The Record Media

April 21, 2025

The government of Abilene

Texas city takes systems offline after cyber attack

Unknown

The government of Abilene, Texas, has shut down some of its systems due to a cyber attack as the outages halted the card systems at government offices and forced people to pay with cash or checks.

Source: The Record Media

April 21, 2025

M&S

British retailer M&S confirms being hit by ‘cyber incident’ amid store delays

Scattered Spider

British retailer Marks and Spencer (M&S) disclosed the cyber incident as its customers have complained on social media that various electronic payments systems are not working, including card payments, gift cards and the retailer’s Click and Collect service.

Source: The Record Media

April 24, 2025

Aigües de Mataró, a Spanish water supplier

Cyber attack hits drinking water supplier in Spanish town near Barcelona

Unknown

Aigües de Mataró, a Spanish water supplier responsible for both drinking water and sewage systems, announced that its corporate computer systems and website were hit by a cyberattack.

Source: The Record Media

April 29, 2025

Nova Scotia Power and Emera

Nova Scotia energy provider takes some servers offline following cyber incident

Unknown

Nova Scotia Power and its parent company Emera said a cyber attack has affected parts of its Canadian network and servers supporting portions of its business.

Source: The Record Media

April 29, 2025

Ukrainian retailer, Epicentr

Ukraine's largest home improvement retailer disrupted by cyber attack

Unknown

Epicentr, said the cyber attack that disrupted operations at dozens of its stores across the country and crippled key IT systems, including sales registers and logistics services.

Source: The Record Media

 

Back to Top 

 

New Ransomware/Malware Discovered in April 2025

New Ransomware

Summary

MOONSHINE and BADBAZAAR spyware

The U.K.’s National Cyber Security Centre and international cybersecurity and intelligence agencies on Wednesday said hackers are deploying two forms of previously identified spyware to snoop on Uyghur, Tibetan and Taiwanese individuals and civil society organizations. 

ResolverRAT malware

A new remote access trojan (RAT) called 'ResolverRAT' is being used against organizations globally, with the malware used in recent attacks targeting the healthcare and pharmaceutical sectors.


Sources for the above table:
Bleeping Computer and Recorded Future News

 Back to Top  

3a6f33d6-8d71-4dad-a82c-aa4aa5fa83fe

Vulnerabilities Discovered & Patches Released in April 2025

Date

New Flaws/Fixes

Summary

April 01, 2025

CVE-2025-2825/CVE-2025-31161

Attackers are targeting a critical authentication bypass vulnerability in the CrushFTP file transfer software using exploits based on publicly available proof-of-concept code. The security vulnerability (CVE-2025-2825) was discovered and reported by Outpost24 (which identifies it as CVE-2025-31161)

April 01, 2025

CVE-2025-24200, CVE-2025-24201

Apple has released security updates that backport fixes for actively exploited vulnerabilities that were exploited as zero-days to older versions of its operating systems.

April 03, 2025

CVE-2025-30065

A maximum severity remote code execution (RCE) vulnerability has been discovered impacting all versions of Apache Parquet up to and including 1.15.0. 

April 03, 2025

CVE-2025-22457

Ivanti has released security updates to patch a critical Connect Secure remote code execution vulnerability exploited by a China-linked espionage actor to deploy malware since at least mid-March 2025. 

April 08, 2025

CVE-2025-31161

Federal cybersecurity officials as well as incident responders at cyber companies say hackers are exploiting a vulnerability within the popular file transfer tool Crush.

April 08, 2025

CVE-2025-29824

Hackers used a recently-patched zero-day vulnerability to attack real estate companies in the U.S. and several other organisations in Saudi Arabia, Spain and Venezuela. 

April 10, 2025

CVE-2025-3102

Hackers started exploiting a high-severity flaw that allows bypassing authentication in the OttoKit (formerly SureTriggers) plugin for WordPress just hours after public disclosure. 

April 16, 2025

CVE-2025-31200, CVE-2025-31201

Apple released emergency security updates to patch two zero-day vulnerabilities that were used in an "extremely sophisticated attack" against specific targets' iPhones as the two vulnerabilities are in CoreAudio and RPAC

April 17, 2025

CVE-2021-20035

CISA warned federal agencies to secure their SonicWall Secure Mobile Access (SMA) 100 series appliances against attacks exploiting a high-severity remote code execution vulnerability.

April 17, 2025

CVE-2025-32433

A critical vulnerability in the Erlang/OTP SSH, tracked as CVE-2025-32433, has been disclosed that allows for unauthenticated remote code execution on vulnerable devices.

April 18, 2025

CVE-2025-20236

Cisco has released security updates for a high-severity Webex vulnerability that allows unauthenticated attackers to gain client-side remote code execution using malicious meeting invite links. 

April 18, 2025

CVE-2025-2492

ASUS is warning about an authentication bypass vulnerability in routers with AiCloud enabled that could allow remote attackers to perform unauthorized execution of functions on the device. 

April 22, 2025

CVE-2025-42599

An Active! Mail zero-day remote code execution vulnerability is actively exploited in attacks on large organisations in Japan.

April 23, 2025

CVE-2024-54085

ASUS has released security updates to address CVE-2024-54085, a maximum severity flaw that could allow attackers to hijack and potentially brick servers.

April 25, 2025

CVE-2025-31324

SAP has released out-of-band emergency NetWeaver updates to fix a suspected remote code execution (RCE) zero-day flaw actively exploited to hijack servers. 

Source for the above table: Bleeping Computer 

 Back to Top

c99714b6-f4d7-429f-b358-1e013f552f67-1

Warnings/Advisories/Reports/Analysis

News Type

Summary

Warning

As thousands were laid off from the Department of Health and Human Services during the Trump administration, Congress held a hearing on medical device cybersecurity where experts raised concerns about the ramifications of the firings.

Report

The European Commission announced its intention to join the ongoing debate about lawful access to data and end-to-end encryption while unveiling a new internal security strategy aimed to address ongoing threats.

Report

In a policy statement, the British government set out what its forthcoming Cyber Security and Resilience Bill will include when it is introduced to parliament later this year.

Report

A significant spike in scanning activity targeting Palo Alto Network GlobalProtect login portals has been observed, with researchers concerned it may be a prelude to an upcoming attack or flaw being exploited.

Report

Autorité de la concurrence, France's antitrust watchdog, has fined Apple €150 million ($162 million) for using the App Tracking Transparency privacy framework to abuse its dominant market position in mobile app advertising on its devices.

Report

Oracle has finally acknowledged to some customers that attackers have stolen old client credentials after breaching a "legacy environment" last used in 2017.

Report

The Hunters International Ransomware-as-a-Service (RaaS) operation is shutting down and rebranding with plans to switch to data theft and extortion-only attacks.

Warning

CISA, the FBI, the NSA, and international cybersecurity agencies are calling on organisations and DNS providers to mitigate the "Fast Flux" cybercrime evasion technique used by state-sponsored threat actors and ransomware gangs.

Report

A Maryland pharmacist installed spyware on hundreds of computers at a major teaching hospital and recorded videos over the course of a decade of staff pumping breastmilk and breastfeeding, a class-action lawsuit alleges.

Report

Hackers are impersonating Ukrainian drone manufacturers and state agencies to infect targeted systems with information-stealing malware, according to new government research.

Report

An Australian corporate regulator is pulling the plug on 95 companies registered in the country that are believed to be illegitimate, with many of them having suspected links to online scams.

Report

The Cybersecurity and Infrastructure Security Agency is firming up plans to slash staffing and spending amid increased scrutiny from the White House, which is still chafing over what it sees as CISA’s role in suppressing conservative viewpoints.

Report

Researchers have discovered a novel tactic used by Moroccan cybercrime group Atlas Lion to attack big-box retailers, apparel companies, restaurants and more. The group was observed using stolen credentials to enroll its own virtual machines (VMs) into an organisation’s cloud domain as this act essentially allows the group to act like its cybercrime infrastructure is a legitimate part of a company’s network.

Report

Artificial Intelligence has supercharged an array of tax-season scams this year, with fraudsters using deepfake audio and other techniques to intercept funds and trick taxpayers into sending them financial documents.

Report

Fourlis Group, the operator of IKEA stores in Greece, Cyprus, Romania, and Bulgaria, has informed that the ransomware attack it suffered just before Black Friday on November 27, 2024, caused losses estimated to €20 million ($22.8 million).

Report

Swiss cybersecurity firm Prodaft has launched a new initiative called 'Sell your Source' where the company purchases verified and aged accounts on hacking forums to spy on cybercriminals.

Report

Atlassian users experienced degraded performance amid an 'active incident' affecting multiple Jira products.

Report

Over 16,000 internet-exposed Fortinet devices have been detected as compromised with a new symlink backdoor that allows read-only access to sensitive files on previously compromised devices.

Report

In a keynote address at the Vanderbilt University Summit on Modern Conflict and Emerging Threats, the chair of the House Homeland Security Committee said his panel was prepared to take on pressing cyber policy challenges, like an estimated cyber workforce shortage of 500,000 professionals and burdensome digital compliance.

Report

The House Oversight Committee has launched an investigation into the privacy and security risks associated with the bankruptcy of genetic testing company 23andMe and has asked its former CEO to testify at a hearing planned for early May.

Warning

CISA warned of heightened breach risks after the compromise of legacy Oracle Cloud servers earlier this year and highlighted the significant threat to enterprise networks.

Warning

A set of 57 Chrome extensions with 6,000,000 users have been discovered with very risky capabilities, such as monitoring browsing behavior, accessing cookies for domains, and potentially executing remote scripts.

Report

China accused three alleged employees of the U.S. National Security Agency of carrying out cyberattacks on the Asian Winter Games in February.

Report

The MITRE Corporation said on Tuesday that its stewardship of the CVE program — which catalogs all public cybersecurity vulnerabilities — may be ending this week because the federal government has decided not to renew its contract with the nonprofit.

Report

A Chinese state-owned company that was previously sanctioned by the U.S. for facilitating human rights abuses against Uyghurs is now training police officers in Tibet on hacking techniques and digital forensics, according to a watchdog organization.

Report

A British law firm has been fined £60,000 ($80,000) after cybercriminals accessed the company’s case management system and published sensitive information on the dark web, something the company only learned about after being contacted by the National Crime Agency.

Report

The airport retail company Paradies Shops is close to finalizing a $6.9 million settlement to resolve a class-action lawsuit on behalf of employees whose personal information was stolen in a ransomware attack in 2020.

Report

The FBI warned that scammers impersonating FBI Internet Crime Complaint Center (IC3) employees offer to "help" fraud victims recover money lost to other scammers.

Report

The Interlock ransomware gang now uses ClickFix attacks that impersonate IT tools to breach corporate networks and deploy file-encrypting malware on devices.

Report

An alleged operator of the SmokeLoader malware is now facing federal hacking charges in Vermont after accusations that he stole personal information on more than 65,000 people.

Warning

Japanese regulators published an urgent warning about hundreds of millions of dollars worth of unauthorized trades being conducted on hacked brokerage accounts in the country.

Report

A research report said the operators behind the DragonForce and Anubis ransomware-as-a-service schemes are launching new business models to attract affiliates.

Warning

South Korea's largest mobile operator, SK Telecom, warned that a malware infection allowed threat actors to access sensitive USIM-related information for customers.

Report

Cloudflare and other internet monitoring organizations like NetBlocks have tracked dozens of internet shutdowns or specific website bans globally for years, with multiple throughout 2024 related to contentious elections or military conflict. Some have persisted since they began, including years-long internet throttling in dictatorships like Myanmar.

Report

A proof-of-concept attack called "Cookie-Bite" uses a browser extension to steal browser session cookies from Azure Entra ID to bypass multi-factor authentication (MFA) protections and maintain access to cloud services like Microsoft 365, Outlook, and Teams.

Analysis

According to researchers at Verizon, an examination of thousands of data breaches last year found that ransomware was involved in 44% of incidents.

Report

North Korean IT workers illicitly gaining employment at U.S. and European tech companies are increasingly using generative artificial intelligence in a variety of ways to assist them throughout the job application and interview process.

Report

The FBI said cybercriminals have stolen a record $16,6 billion in 2024, marking an increase in losses of over 33% compared to the previous year.

Report

In a recent espionage campaign, the infamous North Korean threat group Lazarus targeted multiple organizations in the software, IT, finance, and telecommunications sectors in South Korea.

Report

A new Android malware has been discovered hidden inside trojanized versions of the Alpine Quest mapping app, which is reportedly used by Russian soldiers as part of war zone operational planning.

Report

The French foreign ministry blamed the APT28 hacking group linked to Russia's military intelligence service (GRU) for targeting or breaching a dozen French entities over the last four years.

Sources: Bleeping Computer and Recorded Future News

Back to Top 

22abfdd6-3b5a-4872-a198-8524c7dca87b-2