April 2025: Major Cyber Attacks, Ransomware Attacks and Data Breaches
Date: 1 May 2025

A massive cyber-attack on retail giant Marks and Spencer leads to postponed deliveries, halted online transactions, and frozen gift card processing. A large-scale phishing campaign compromises corporate email marketing accounts at Mailchimp, SendGrid, HubSpot, Mailgun, and Zoho. Car Rental Giant Hertz begins notifying customers of a massive breach of data.
And all of this is just the tip of the iceberg when it comes to the major cyber attacks, ransomware attacks and data breaches of April 2025.
- Ransomware Attacks in April 2025
- Data Breaches in April 2025
- Cyber Attacks in April 2025
- New Malware and Ransomware Discovered
- Vulnerabilities Discovered and Patches Released
- Advisories issued, reports, analysis etc. in April 2025
April was another brutal reminder that threat actors don’t pause—and neither should you. From aggressive ransomware groups crippling operations to stealthy supply chain breaches compromising trusted software, last month’s cyber attacks exposed just how fragile even the most well-funded defences can be. It’s not about if you’ll be targeted—it’s when, how fast, and how hard.
The organisations that survived April’s chaos with minimal damage weren’t just lucky—they were prepared. They didn’t rely on static PDFs or outdated protocols. They had battle-tested Cyber Incident Response Plans, and they drilled for failure with realistic, scenario-driven Cyber Tabletop Exercises. At Cyber Management Alliance, our NCSC Assured Cyber Incident Response training and cyber crisis simulations are designed for exactly this: building high-functioning IR muscle that doesn’t break under pressure.
So as you scan through this month’s major breaches, ask yourself—Would your team execute or freeze if your world went dark tomorrow morning? If there’s even a hint of doubt, it’s time to train like you’re next.
Ransomware Attacks in April 2025
Date |
Victim |
Summary |
Threat Actor |
Business Impact |
Source Link |
April 09, 2025 |
Tech manufacturer Sensata |
Industrial tech manufacturer Sensata says ransomware attack is impacting production |
Unknown |
The incident has temporarily impacted Sensata’s operations, including shipping, receiving, manufacturing production, and various other support functions. |
|
April 09, 2025 |
South African telecom provider, Cell C |
South African telecom provider serving 7.7 million confirms data leak following cyber attack |
RansomHouse |
South Africa’s fourth-largest mobile network operator, Cell C, has confirmed that its data was leaked on the dark web following a cyber attack last year. The hacker group responsible for the attack, RansomHouse, claimed to have breached 2TB of the company’s data. Cell C stated that the hackers gained unauthorized access to certain parts of its IT systems. |
Source: The Record Media |
April 14 and 25, 2025 |
DaVita |
Dialysis firm DaVita hit by ransomware attack, says patient care continues |
Interlock |
DaVita said it was hit by a ransomware attack that encrypted certain elements of its network, and some of its operations remained disrupted despite interim measures. The Interlock ransomware gang, which claims to have stolen 1.51 terabytes of data from Davita, posted samples of the stolen information. |
Source: Reuters |
April 22, 2025 |
Baltimore City Public Schools |
Thousands of Baltimore students, teachers affected by data breach following February ransomware attack |
Cloak Ransomware |
Thousands of students, teachers and administrators had information stolen from the Baltimore City Public Schools system during a ransomware attack in February as officials at Baltimore City Public Schools published a breach notice on Tuesday warning that a cyber incident on February 13 exposed certain IT systems within the network. |
Source: The Record Media |
April 25, 2025 |
Stadtwerke Schwerte GmbH |
Stadtwerke Schwerte GmbH falls victim to Nitrogen Ransomware |
Nitrogen Ransomware |
Hackers claimed to obtain sensitive employee data and financial documents belonging to Stadtwerke Schwerte as they carry sample screenshots on their dark web portal. |
Unverified info/source |
April 25, 2025 |
Saudi Binladin Group |
Saudi Binladin Group falls victim to SatanLock Ransomware |
SatanLock Ransomware |
Hackers’ group claimed to have the organization's data. |
Unverified info/source |
April 26, 2025 |
MDB Srl |
MDB Srl falls victim to RHYSIDA Ransomware |
RHYSIDA Ransomware |
The ransomware group claimed to have the organization's data and planned to publish it within a week. |
Unverified info/source |
April 26, 2025 |
Jordan Kuwait Bank |
Jordan Kuwait Bank falls victim to Everest Ransomware |
Everest Ransomware |
Hackers said they obtained 11.7 GB of the organisation's data and planned to publish this stolen data within 2-3 days. |
Unverified info/source |
April 26, 2025 |
Sisnet Consultores |
Sisnet Consultores falls victim to NightSpire Ransomware |
NightSpire Ransomware |
Hackers claimed to have obtained 30 GB of the organisation's data and intended to publish it within 1-2 days. |
Unverified info/source |
April 27, 2025 |
Diallog Telecommunications Corp |
Diallog Telecommunications Corp falls victim to RALord Ransomware |
RALord ransomware |
Threat actors claimed to have obtained 50 GB of the organisation's data and intended to publish it in 7-8 days. |
Unverified info/source |
April 27, 2025 |
Hitachi Vantara |
Hitachi Vantara takes servers offline after Akira ransomware attack |
Akira ransomware |
Hitachi Vantara said it has experienced a ransomware incident that has resulted in a disruption to some of its systems. |
Data Breaches in April 2025
Date |
Victim |
Summary |
Threat Actor |
Business Impact |
Source Link |
April 02, 2025 |
Royal Mail, and Spectos GmbH |
Royal Mail investigates data leak claims, no impact on operations |
"GHNA" handle on BreachForums |
Royal Mail is investigating claims of a security breach after a threat actor leaked over 144GB of data allegedly stolen from the company's systems. A Royal Mail spokesperson said that the British postal service is aware of an incident at Spectos GmbH, a third-party data collection and analytics service provider. Spectos confirmed in a statement shared with BleepingComputer that its systems were breached on March 29, and the attackers gained access to customer data. |
Source: Bleeping Computer |
April 02, 2025 |
Port of Seattle |
Port of Seattle ‘s August data breach impacted 90,000 people |
Rhysida Ransomware |
The Port of Seattle revealed that the ransomware attack impacted 90,000 people. The Port started notifying impacted individuals after their personal information was compromised. This incident was a “ransomware” attack by the criminal organisation known as Rhysida. |
|
April 02, 2025 |
Texas State Bar |
Texas State Bar warns of data breach after INC ransomware claims attack |
INC Ransomware |
The threat actors were able to steal information from the network, including full names and other data that is redacted in the public data breach notifications filed with Attorney Generals' offices. A notice given by the victim said through the investigation, we determined that there was unauthorised access to our network between January 28, 2025 and February 9, 2025. |
Source: Bleeping Computer |
April 03, 2025 |
The city of Lubbock, Texas |
Texas city warns thousands of utility payment site breach |
Unknown |
At least 12,000 people had sensitive financial information stolen by hackers who secretly implanted malicious code into the utility payment website of the city of Lubbock, Texas. The city said the people impacted include anyone who made a utility payment between December 18, 2024, and January 6, 2025. That includes those who paid utilities bills for water, wastewater, storm water and solid waste. The hackers stole names, billing addresses, payment card numbers, CVVs and expiration dates. |
Source: The Record Media |
April 03, 2025 |
A multinational car-rental company Europcar Mobility Group |
Europcar GitLab breach exposes data of up to 200,000 customers |
Europcar (A breachforums name |
A hacker breached the GitLab repositories of multinational car-rental company Europcar Mobility Group and stole source code for Android and iOS applications, as well as some personal information belonging to up to 200,000 customers. The actor tried to extort the company by threatening to publish 37GB of data that includes backups and details about the company’s cloud infrastructure and internal applications. |
Source: Bleeping Computer |
April 04, 2025 |
AustralianSuper, Hostplus, REST and Australian Retirement Trust, and Insignia Financial |
Australian pension funds hit by wave of credential stuffing attacks |
Unknown |
A massive wave of credential stuffing attacks hit multiple large Australian super funds, compromising thousands of members’ accounts. Reuters learned from a source familiar with the matter that over 20,000 accounts were, allegedly, breached in this massive wave of attacks targeting Australia's superannuation industry, with some members reportedly losing some of their savings. |
Source: Bleeping Computer |
April 08, 2025 |
U.S. Office of the Comptroller of the Currency (OCC) |
US banking regulator reports on ‘major’ cyber incident involving senior officials’ emails |
Unknown |
The OCC discovered that the unauthorised access to a number of its executives’ and employees’ emails included highly sensitive information relating to the financial condition of federally regulated financial institutions used in its examinations and supervisory oversight processes. A source said the unidentified hackers had access to the email accounts of about 100 senior officials and more than 150,000 emails dating back to June 2023. |
Source: The Record Media |
April 10, 2025 |
Laboratory Services Cooperative (LSC) |
US lab testing provider exposed health data of 1.6 million people |
Unknown |
Laboratory Services Cooperative (LSC) has released a statement informing it suffered a data breach where hackers stole sensitive information of roughly 1.6 million people from its systems. |
Source: Bleeping Computer |
April 10, 2025 |
Western Sydney University |
Western Sydney University discloses security breaches, data leak |
Unknown |
Western Sydney University (WSU) announced two security incidents that exposed personal information belonging to members of its community. One of the incidents disclosed concerns the compromise of one of the University’s single sign-on (SSO) systems between January and February 2025. This breach has reportedly led to the unauthorized access of demographic, enrollment, and progression information for approximately 10,000 current and former students. The second cybersecurity incident concerns a leak on the dark web of personal information belonging to members of the University’s community as hackers published the data on November 1, 2024, WSU only became aware of it this year on March 24. |
Source: Bleeping Computer |
April 14, 2025 |
Govtech giant Conduent |
Govtech giant Conduent confirms client data stolen in January cyber attack |
Unknown |
In a new FORM-8K filing with the SEC, Conduent has now confirmed that threat actors had stolen files containing information about the company's customers. As part of its ongoing investigation, the Company determined that the threat actor exfiltrated a set of files associated with a limited number of the Company's clients. |
Source: Bleeping Computer |
April 14, 2025 |
Hertz |
Hertz says customers’ personal data and driver’s licenses stolen in data breach |
Cl0p Ransomware |
Car rental giant Hertz has begun notifying its customers of a data breach caused by CL0P ransomware. The stolen data varies by region, but largely includes Hertz customers’ names, dates of birth, contact information, driver’s licenses, payment card information, and workers’ compensation claims. |
|
April 14, 2025 |
Landmark Admin, Young Consulting |
2.6 Million Impacted by Landmark Admin, Young Consulting Data Breaches |
Unknown hacker was behind Landmark incident but BlackSuit claimed for Young Consulting |
More than 2.6 million individuals were impacted by two data breaches at insurance administrator Landmark Admin and software solutions provider Young Consulting, according to fresh filings with regulatory agencies. |
|
April 16, 2025 |
Ahold Delhaize |
Delhaize confirms data was stolen from its U.S. business systems during a November 2024 cyber attack |
INC Ransomware |
Food retail giant Ahold Delhaize confirms that data was stolen from its U.S. business systems during a November 2024 cyber attack. The firm said that based on its investigation to date, certain files were taken from some of their internal U.S. business systems. |
Source: Bleeping Computer |
April 17, 2025 |
Legends International |
Entertainment services giant Legends International discloses data breach |
Unknown |
Entertainment venue management firm Legends International warns it suffered a data breach in November 2024, which has impacted employees and people who visited venues under its management. |
Source: Bleeping Computer |
April 23, 2025 |
Yale New Haven Health |
Yale New Haven Health data breach affects 5.5 million patients |
Unknown |
Yale New Haven Health (YNHHS) warned that threat actors stole the personal data of 5.5 million patients in a cyber attack earlier this month. |
Source: Bleeping Computer |
April 23, 2025 |
Frederick Health |
Frederick Health data breach impacts nearly 1 million patients |
Unknown |
A ransomware attack in January at Frederick Health Medical Group, a major healthcare provider in Maryland, has led to a data breach affecting nearly one million patients. |
Source: Bleeping Computer |
April 24, 2025 |
Blue Shield of California, Onsite Mammography, Kelly & Associates Insurance Group, Behavioral Health Resources, Hamilton Health Care System, Central Texas Pediatric Orthopedics and Medical Express Ambulance Service |
Millions impacted by data breaches at Blue Shield of California, mammography service and more |
Unknown |
The sensitive healthcare information of millions in the U.S. has been leaked through data breaches that multiple insurance companies, clinics, hospitals and more reported recently. The largest involves Blue Shield of California, which informed the U.S. Department of Health and Human Services (HHS) of an incident impacting 4.7 million people. |
Source: The Record Media |
April 25, 2025 |
Long Beach, California |
Nearly 500,000 impacted by 2023 cyber attack on Long Beach, California |
Unknown |
More than a year after a cyber attack on the government of Long Beach, California, the city is informing residents that information on nearly half a million people was leaked. In breach notification documents filed in multiple states, the city said 470,060 people had sensitive data accessed by hackers who breached government systems during a cyber attack in November 2023. |
Source: The Record Media |
April 25, 2025 |
MTN Mobile |
Mobile provider MTN says cyber attack compromised customer data |
Unknown |
African mobile giant MTN Group announced that a cybersecurity incident has compromised the personal information of some of its subscribers in certain countries. |
Source: Bleeping Computer |
April 28, 2025 |
Urban One |
Media firm Urban One confirms data breach after cybercriminals claim February attack |
Cactus ransomware |
Media conglomerate Urban One reported a data breach in recent days involving the personal information of employees and more. The media company said the cyberattack began on February 13 and was initiated through a sophisticated social engineering campaign. |
Source: The Record Media |
Cyber Attacks in April 2025
Date |
Victim |
Summary |
Threat Actor |
Business Impact |
Source Link |
April 02, 2025 |
A Native tribe in Minnesota; The Lower Sioux Indian Community |
Native tribe in Minnesota says cyber incident knocked out healthcare, casino systems |
RansomHub ransomware gang |
The Lower Sioux Indian Community warned residents that a cyber attack caused disruptions for the local healthcare facility, government center and casino. Researchers from cybersecurity firm ESET said in a detailed report in the previous week that the group has gained prominence by developing a special type of malware — called EDRKillShifter — designed to terminate, blind or crash the endpoint detection and response (EDR) security products typically installed on a victim’s system. |
|
April 04, 2025 |
Corporate accounts at Mailchimp, SendGrid, HubSpot, Mailgun, and Zoho |
PoisonSeed phishing campaign behind emails with wallet seed phrases |
Unknown |
A large-scale phishing campaign dubbed 'PoisonSeed' compromises corporate email marketing accounts to distribute emails containing crypto seed phrases used to drain cryptocurrency wallets. According to SilentPush, the campaign targets Coinbase and Ledger using compromised accounts at Mailchimp, SendGrid, HubSpot, Mailgun, and Zoho. |
|
April 09, 2025 |
Oregon Department of Environmental Quality (DEQ) |
Oregon’s environmental agency shuts down network after cyber attack |
Unknown |
Cyberattack forced officials at the Oregon Department of Environmental Quality (DEQ) to shut down the organisation’s network. |
Source: The Record Media |
April 21, 2025 |
The government of Abilene |
Texas city takes systems offline after cyber attack |
Unknown |
The government of Abilene, Texas, has shut down some of its systems due to a cyber attack as the outages halted the card systems at government offices and forced people to pay with cash or checks. |
Source: The Record Media |
April 21, 2025 |
M&S |
British retailer M&S confirms being hit by ‘cyber incident’ amid store delays |
Scattered Spider |
British retailer Marks and Spencer (M&S) disclosed the cyber incident as its customers have complained on social media that various electronic payments systems are not working, including card payments, gift cards and the retailer’s Click and Collect service. |
Source: The Record Media |
April 24, 2025 |
Aigües de Mataró, a Spanish water supplier |
Cyber attack hits drinking water supplier in Spanish town near Barcelona |
Unknown |
Aigües de Mataró, a Spanish water supplier responsible for both drinking water and sewage systems, announced that its corporate computer systems and website were hit by a cyberattack. |
Source: The Record Media |
April 29, 2025 |
Nova Scotia Power and Emera |
Nova Scotia energy provider takes some servers offline following cyber incident |
Unknown |
Nova Scotia Power and its parent company Emera said a cyber attack has affected parts of its Canadian network and servers supporting portions of its business. |
Source: The Record Media |
April 29, 2025 |
Ukrainian retailer, Epicentr |
Ukraine's largest home improvement retailer disrupted by cyber attack |
Unknown |
Epicentr, said the cyber attack that disrupted operations at dozens of its stores across the country and crippled key IT systems, including sales registers and logistics services. |
Source: The Record Media |
New Ransomware/Malware Discovered in April 2025
New Ransomware |
Summary |
MOONSHINE and BADBAZAAR spyware |
The U.K.’s National Cyber Security Centre and international cybersecurity and intelligence agencies on Wednesday said hackers are deploying two forms of previously identified spyware to snoop on Uyghur, Tibetan and Taiwanese individuals and civil society organizations. |
ResolverRAT malware |
A new remote access trojan (RAT) called 'ResolverRAT' is being used against organizations globally, with the malware used in recent attacks targeting the healthcare and pharmaceutical sectors. |
Sources for the above table: Bleeping Computer and Recorded Future News
Vulnerabilities Discovered & Patches Released in April 2025
Date |
New Flaws/Fixes |
Summary |
April 01, 2025 |
CVE-2025-2825/CVE-2025-31161 |
Attackers are targeting a critical authentication bypass vulnerability in the CrushFTP file transfer software using exploits based on publicly available proof-of-concept code. The security vulnerability (CVE-2025-2825) was discovered and reported by Outpost24 (which identifies it as CVE-2025-31161) |
April 01, 2025 |
CVE-2025-24200, CVE-2025-24201 |
Apple has released security updates that backport fixes for actively exploited vulnerabilities that were exploited as zero-days to older versions of its operating systems. |
April 03, 2025 |
CVE-2025-30065 |
A maximum severity remote code execution (RCE) vulnerability has been discovered impacting all versions of Apache Parquet up to and including 1.15.0. |
April 03, 2025 |
CVE-2025-22457 |
Ivanti has released security updates to patch a critical Connect Secure remote code execution vulnerability exploited by a China-linked espionage actor to deploy malware since at least mid-March 2025. |
April 08, 2025 |
CVE-2025-31161 |
Federal cybersecurity officials as well as incident responders at cyber companies say hackers are exploiting a vulnerability within the popular file transfer tool Crush. |
April 08, 2025 |
CVE-2025-29824 |
Hackers used a recently-patched zero-day vulnerability to attack real estate companies in the U.S. and several other organisations in Saudi Arabia, Spain and Venezuela. |
April 10, 2025 |
CVE-2025-3102 |
Hackers started exploiting a high-severity flaw that allows bypassing authentication in the OttoKit (formerly SureTriggers) plugin for WordPress just hours after public disclosure. |
April 16, 2025 |
CVE-2025-31200, CVE-2025-31201 |
Apple released emergency security updates to patch two zero-day vulnerabilities that were used in an "extremely sophisticated attack" against specific targets' iPhones as the two vulnerabilities are in CoreAudio and RPAC |
April 17, 2025 |
CVE-2021-20035 |
CISA warned federal agencies to secure their SonicWall Secure Mobile Access (SMA) 100 series appliances against attacks exploiting a high-severity remote code execution vulnerability. |
April 17, 2025 |
CVE-2025-32433 |
A critical vulnerability in the Erlang/OTP SSH, tracked as CVE-2025-32433, has been disclosed that allows for unauthenticated remote code execution on vulnerable devices. |
April 18, 2025 |
CVE-2025-20236 |
Cisco has released security updates for a high-severity Webex vulnerability that allows unauthenticated attackers to gain client-side remote code execution using malicious meeting invite links. |
April 18, 2025 |
CVE-2025-2492 |
ASUS is warning about an authentication bypass vulnerability in routers with AiCloud enabled that could allow remote attackers to perform unauthorized execution of functions on the device. |
April 22, 2025 |
CVE-2025-42599 |
An Active! Mail zero-day remote code execution vulnerability is actively exploited in attacks on large organisations in Japan. |
April 23, 2025 |
CVE-2024-54085 |
ASUS has released security updates to address CVE-2024-54085, a maximum severity flaw that could allow attackers to hijack and potentially brick servers. |
April 25, 2025 |
CVE-2025-31324 |
SAP has released out-of-band emergency NetWeaver updates to fix a suspected remote code execution (RCE) zero-day flaw actively exploited to hijack servers. |
Source for the above table: Bleeping Computer
Warnings/Advisories/Reports/Analysis
News Type |
Summary |
Warning |
As thousands were laid off from the Department of Health and Human Services during the Trump administration, Congress held a hearing on medical device cybersecurity where experts raised concerns about the ramifications of the firings. |
Report |
The European Commission announced its intention to join the ongoing debate about lawful access to data and end-to-end encryption while unveiling a new internal security strategy aimed to address ongoing threats. |
Report |
In a policy statement, the British government set out what its forthcoming Cyber Security and Resilience Bill will include when it is introduced to parliament later this year. |
Report |
A significant spike in scanning activity targeting Palo Alto Network GlobalProtect login portals has been observed, with researchers concerned it may be a prelude to an upcoming attack or flaw being exploited. |
Report |
Autorité de la concurrence, France's antitrust watchdog, has fined Apple €150 million ($162 million) for using the App Tracking Transparency privacy framework to abuse its dominant market position in mobile app advertising on its devices. |
Report |
Oracle has finally acknowledged to some customers that attackers have stolen old client credentials after breaching a "legacy environment" last used in 2017. |
Report |
The Hunters International Ransomware-as-a-Service (RaaS) operation is shutting down and rebranding with plans to switch to data theft and extortion-only attacks. |
Warning |
CISA, the FBI, the NSA, and international cybersecurity agencies are calling on organisations and DNS providers to mitigate the "Fast Flux" cybercrime evasion technique used by state-sponsored threat actors and ransomware gangs. |
Report |
A Maryland pharmacist installed spyware on hundreds of computers at a major teaching hospital and recorded videos over the course of a decade of staff pumping breastmilk and breastfeeding, a class-action lawsuit alleges. |
Report |
Hackers are impersonating Ukrainian drone manufacturers and state agencies to infect targeted systems with information-stealing malware, according to new government research. |
Report |
An Australian corporate regulator is pulling the plug on 95 companies registered in the country that are believed to be illegitimate, with many of them having suspected links to online scams. |
Report |
The Cybersecurity and Infrastructure Security Agency is firming up plans to slash staffing and spending amid increased scrutiny from the White House, which is still chafing over what it sees as CISA’s role in suppressing conservative viewpoints. |
Report |
Researchers have discovered a novel tactic used by Moroccan cybercrime group Atlas Lion to attack big-box retailers, apparel companies, restaurants and more. The group was observed using stolen credentials to enroll its own virtual machines (VMs) into an organisation’s cloud domain as this act essentially allows the group to act like its cybercrime infrastructure is a legitimate part of a company’s network. |
Report |
Artificial Intelligence has supercharged an array of tax-season scams this year, with fraudsters using deepfake audio and other techniques to intercept funds and trick taxpayers into sending them financial documents. |
Report |
Fourlis Group, the operator of IKEA stores in Greece, Cyprus, Romania, and Bulgaria, has informed that the ransomware attack it suffered just before Black Friday on November 27, 2024, caused losses estimated to €20 million ($22.8 million). |
Report |
Swiss cybersecurity firm Prodaft has launched a new initiative called 'Sell your Source' where the company purchases verified and aged accounts on hacking forums to spy on cybercriminals. |
Report |
Atlassian users experienced degraded performance amid an 'active incident' affecting multiple Jira products. |
Report |
Over 16,000 internet-exposed Fortinet devices have been detected as compromised with a new symlink backdoor that allows read-only access to sensitive files on previously compromised devices. |
Report |
In a keynote address at the Vanderbilt University Summit on Modern Conflict and Emerging Threats, the chair of the House Homeland Security Committee said his panel was prepared to take on pressing cyber policy challenges, like an estimated cyber workforce shortage of 500,000 professionals and burdensome digital compliance. |
Report |
The House Oversight Committee has launched an investigation into the privacy and security risks associated with the bankruptcy of genetic testing company 23andMe and has asked its former CEO to testify at a hearing planned for early May. |
Warning |
CISA warned of heightened breach risks after the compromise of legacy Oracle Cloud servers earlier this year and highlighted the significant threat to enterprise networks. |
Warning |
A set of 57 Chrome extensions with 6,000,000 users have been discovered with very risky capabilities, such as monitoring browsing behavior, accessing cookies for domains, and potentially executing remote scripts. |
Report |
China accused three alleged employees of the U.S. National Security Agency of carrying out cyberattacks on the Asian Winter Games in February. |
Report |
The MITRE Corporation said on Tuesday that its stewardship of the CVE program — which catalogs all public cybersecurity vulnerabilities — may be ending this week because the federal government has decided not to renew its contract with the nonprofit. |
Report |
A Chinese state-owned company that was previously sanctioned by the U.S. for facilitating human rights abuses against Uyghurs is now training police officers in Tibet on hacking techniques and digital forensics, according to a watchdog organization. |
Report |
A British law firm has been fined £60,000 ($80,000) after cybercriminals accessed the company’s case management system and published sensitive information on the dark web, something the company only learned about after being contacted by the National Crime Agency. |
Report |
The airport retail company Paradies Shops is close to finalizing a $6.9 million settlement to resolve a class-action lawsuit on behalf of employees whose personal information was stolen in a ransomware attack in 2020. |
Report |
The FBI warned that scammers impersonating FBI Internet Crime Complaint Center (IC3) employees offer to "help" fraud victims recover money lost to other scammers. |
Report |
The Interlock ransomware gang now uses ClickFix attacks that impersonate IT tools to breach corporate networks and deploy file-encrypting malware on devices. |
Report |
An alleged operator of the SmokeLoader malware is now facing federal hacking charges in Vermont after accusations that he stole personal information on more than 65,000 people. |
Warning |
Japanese regulators published an urgent warning about hundreds of millions of dollars worth of unauthorized trades being conducted on hacked brokerage accounts in the country. |
Report |
A research report said the operators behind the DragonForce and Anubis ransomware-as-a-service schemes are launching new business models to attract affiliates. |
Warning |
South Korea's largest mobile operator, SK Telecom, warned that a malware infection allowed threat actors to access sensitive USIM-related information for customers. |
Report |
Cloudflare and other internet monitoring organizations like NetBlocks have tracked dozens of internet shutdowns or specific website bans globally for years, with multiple throughout 2024 related to contentious elections or military conflict. Some have persisted since they began, including years-long internet throttling in dictatorships like Myanmar. |
Report |
A proof-of-concept attack called "Cookie-Bite" uses a browser extension to steal browser session cookies from Azure Entra ID to bypass multi-factor authentication (MFA) protections and maintain access to cloud services like Microsoft 365, Outlook, and Teams. |
Analysis |
According to researchers at Verizon, an examination of thousands of data breaches last year found that ransomware was involved in 44% of incidents. |
Report |
North Korean IT workers illicitly gaining employment at U.S. and European tech companies are increasingly using generative artificial intelligence in a variety of ways to assist them throughout the job application and interview process. |
Report |
The FBI said cybercriminals have stolen a record $16,6 billion in 2024, marking an increase in losses of over 33% compared to the previous year. |
Report |
In a recent espionage campaign, the infamous North Korean threat group Lazarus targeted multiple organizations in the software, IT, finance, and telecommunications sectors in South Korea. |
Report |
A new Android malware has been discovered hidden inside trojanized versions of the Alpine Quest mapping app, which is reportedly used by Russian soldiers as part of war zone operational planning. |
Report |
The French foreign ministry blamed the APT28 hacking group linked to Russia's military intelligence service (GRU) for targeting or breaching a dozen French entities over the last four years. |
Sources: Bleeping Computer and Recorded Future News