Major Cyber Attacks, Ransomware Attacks and Data Breaches of June 2025

Date

Victim

Summary

Threat Actor

Business Impact

Source Link

June 01, 2025

Durant (OK), Lorain County (OH), and Puerto Rico’s Justice Department

Thousands impacted by cyber attacks on governments in Ohio, Oklahoma, Puerto Rico

RansomHub (Apparently)

Ransomware attacks—likely linked to the RansomHub gang—have disrupted critical services for thousands across Durant (OK), Lorain County (OH), and Puerto Rico’s Justice Department, crippling courts, communications, and digital services as officials scramble to restore operations.

Source: The Record

June 04, 2025

Lee Enterprises 

Newspaper giant Lee Enterprises says nearly 40,000 Social Security numbers leaked in ransomware attack

Qilin Ransomware

A ransomware attack by Qilin on newspaper giant Lee Enterprises exposed nearly 40,000 Social Security numbers, disrupted publishing operations nationwide, and caused $2 million in recovery costs along with significant revenue losses.

Source: The Record 

June 05, 2025

Kettering Health

Kettering Health confirms attack by Interlock ransomware group as health record system is restored

Interlock

Ohio’s Kettering Health confirmed a ransomware attack by the Interlock gang that disrupted internal systems, phone lines, and electronic health records across 14 hospitals, forcing procedure cancellations and ambulance diversions, with data including financial records reportedly stolen.

Source: The Record

June 06, 2025

Optima Tax Relief 

Tax resolution firm Optima Tax Relief hit by ransomware, data leaked

Chaos Ransomware

U.S. tax resolution firm Optima Tax Relief was hit by a double-extortion Chaos ransomware attack—resulting in 69 GB of sensitive corporate and client data, including tax documents, being stolen, encrypted, and leaked online by the threat actors.

Source: Bleeping Computer

June 09, 2025

Sensata Technologies

Sensata Technologies says personal data stolen by ransomware gang

Unknown

A ransomware attack in early April by an unknown threat group infiltrated Sensata Technologies’ network (March 28–April 6), encrypting systems and stealing personal and sensitive data—including SSNs, driver’s licenses, financial and medical information—for over 15,000 employees and dependents, now prompting identity monitoring offers

Source: Bleeping Computer 

June 10, 2025

South Korea's major ticketing platform Yes24

Ransomware attack on ticketing platform upends South Korean entertainment industry

Unknown

A ransomware attack by an unknown threat actor on South Korea's major ticketing platform Yes24 has disrupted online bookings, e-book access, and community forums for over four days, forcing cancellations and postponements of K-pop concerts and musicals, triggering a privacy investigation over potential customer data breaches, and echoing similar high-impact attacks on U.S. ticketing platforms like StubHub and Ticketmaster.

Source: The Record 

Date

Victim

Summary

Threat Actor

Business Impact

Source Link

June 02, 2025

North Face

Nearly 3,000 North Face website customer accounts breached as retail incidents continue

Scattered Spider

A credential stuffing attack on The North Face exposed sensitive customer data—including names, addresses, and purchase history—of nearly 3,000 users, as part of a broader campaign likely linked to the Scattered Spider ransomware group.

North Face Data Breached 

June 02, 2025

Cartier

Cartier discloses data breach amid fashion brand cyber attacks

Scattered Spider

Luxury brand Cartier has disclosed a data breach in which hackers accessed and stole limited customer information after compromising its systems.

Cartier Data Breach 

June 09, 2025

Texas and Illinois state agencies, TxDOT

Nearly 300,000 crash records stolen from Texas transportation department

Unknown

Texas and Illinois state agencies warned that hackers—unnamed but believed to be organised cyber criminals—compromised a TxDOT account to download nearly 300,000 crash reports containing personal and licensing information, while a phishing campaign against Illinois HFS employees exposed the sensitive data (SSNs, IDs, financial details) of 933 individuals.

Source: The Record

June 12, 2025

Aflac

Aflac says it stopped attack launched by ‘sophisticated cyber crime group’

Scattered Spider (apparently)

Aflac disclosed that on June 12 it was hit by a sophisticated social-engineering attack—likely the work of the Scattered Spider cyber crime group—that may have exposed Social Security numbers, health records, claims data, and personal information before the intrusion was swiftly contained.

Source: The Record

June 16, 2025

Zoom Car

8.4 million people affected by data breach at Indian car share company Zoomcar

Unknown

Zoomcar revealed that hackers accessed personal data—including names, phone numbers, addresses, email addresses, and car registration numbers—belonging to approximately 8.4 million users (detected June 9), though no threat actor has been publicly identified and there's no evidence financial or password details were stolen.

Source: The Record 

June 16, 2025

Email hosting provider Cock.li

Hacker steals 1 million Cock.li user records in webmail data breach

Unknown

A hacker exploited a Roundcube webmail vulnerability to steal over 1 million Cock.li user records—exposing email metadata and around 93,000 contact entries, though passwords and email contents remain safe—but the specific threat actor remains unidentified.

Source: Bleeping Computer 

June 17, 2025

Episource

More than 5 million affected by data breach at healthcare tech firm Episource

Unknown

Episource, a healthcare tech provider, suffered a cyber attack from late January to early February that exposed sensitive personal and medical data—including SSNs, insurance IDs, diagnoses, test results, and more—of over 5.4 million individuals, though no threat actor has yet claimed responsibility.

Source: The Record

June 17, 2025

Scania

Scania confirms insurance claim data breach in extortion attempt

Hensi hacker

Scania’s insurance claims portal was breached in late May using stolen third-party credentials, resulting in the theft and dark‑web sale of thousands of claim documents by an extortionist calling themselves “hensi,” though the fallout appears limited so far.

Source: Bleeping Computer 

June 17, 2025

SaaS provider Episource

Healthcare SaaS firm says data breach impacts 5.4 million patients

Unknown

A ransomware-driven breach at healthcare SaaS provider Episource between January 27–February 6 exfiltrated sensitive personal and medical data for approximately 5.4 million U.S. patients—though the attacker remains unidentified and data misuse has not been detected.

Source: Bleeping Computer  

June 20, 2025

Viasat

Telecom giant Viasat breached by China's Salt Typhoon hackers

Salt Typhoon

Viasat, a major satellite communications provider, was breached by China's state-linked Salt Typhoon hacking group—allowing them unauthorised access via a compromised device, though no customer impact was detected and the incident has since been remediated.

Source: Bleeping Computer 

June 21, 2025

Oxford City Council

Oxford City Council suffers breach exposing two decades of data

Unknown

Oxford City Council suffered a cyber breach in early June that exposed personal data of current and former council officers from as far back as 2001 to 2022 and disrupted ICT services—though no threat actor has yet been identified.

Source: Bleeping Computer 

June 22, 2025

McLaren Health Care

Data of more than 740,000 stolen in ransomware attack on Michigan hospital network

International ransomware gang linked to INC group 

McLaren Health Care revealed that an international ransomware gang (linked to the INC group) infiltrated its systems between July 17 and August 3, 2024, stealing Social Security numbers, driver’s license details, medical records, and insurance information for 743,131 individuals—leading to system outages, canceled procedures, and provision of credit monitoring services.

Source: The Record

June 22, 2025

Nucor

Steel giant Nucor confirms hackers stole data in recent breach

Unknown

Nucor, North America’s largest steelmaker, confirmed that cyber attackers breached its network in June—temporarily halting production at multiple facilities, stealing corporate data, and triggering an SEC filing—though the perpetrators remain unidentified.

Source: Bleeping Computer  

June 22, 2025

McLaren Health Care (and Karmanos Cancer Institute)

McLaren Health Care says data breach impacts 743,000 patients

INC ransomware

A July 2024 ransomware attack by the INC gang on McLaren Health Care (and Karmanos Cancer Institute) exposed personal and health data of about 743,000 patients, disrupted IT and phone systems across its 14‑hospital network, and prompted delayed notification after nine months.

Source: Bleeping Computer 

June 26,  2025

Ahold Delhaize

Retail giant Ahold Delhaize says data breach affects 2.2 million people

INC Ransom

A ransomware attack in November targeted Ahold Delhaize’s U.S. systems, exposing sensitive personal, financial, and health data of approximately 2.2 million individuals—INC Ransom was believed to be behind the breach and had posted samples of the stolen files.

Source: Bleeping Computer 

Date

Victim

Summary

Threat Actor

Business Impact

Source Link 

June 5, 2025 

United Natural Foods

Major food wholesaler says cyber attack impacting distribution systems

Unknown

United Natural Foods disclosed a cyber attack that forced systems offline, disrupting operations and order fulfillment, with ongoing business impacts and recovery efforts underway.

Source: The Record

June 07, 2025

Gluestack's NPM package

Malware found in NPM packages with 1 million weekly downloads

Unknown

A supply chain attack compromised Gluestack's popular NPM packages—collectively downloaded 960,000 times weekly—potentially exposing countless developers to malicious code.

Source: Bleeping Computer 

June 09, 2025

SentinelOne

SentinelOne shares new details on China-linked breach attempt

APT41

A China-linked APT41 group deployed ShadowPad via a supply‑chain attack on SentinelOne’s IT logistics partner in early 2025—while also conducting reconnaissance (PurpleHaze) of SentinelOne servers—to install backdoors and exfiltrate data, though no direct breach of SentinelOne itself was found.

Source: Bleeping Computer 

June 13, 2025

Thomasville, North Carolina, and Georgia’s Ogeechee Judicial Circuit District Attorney’s Office, with Thomasville’s city systems 

Government offices in North Carolina, Georgia disrupted by cyber attacks

Unknown

Cyber attacks disrupted operations in Thomasville, North Carolina, and Georgia’s Ogeechee Judicial Circuit District Attorney’s Office, with Thomasville’s city systems taken offline and the DA’s office—covering four counties—suffering phone and internet outages, court closures, and limited staff capabilities; while no data compromise has been confirmed, Georgia officials admitted prior delays in implementing a backup system, though recent cybersecurity upgrades helped mitigate catastrophic data loss.

Source: The Record  

June 14, 2025

WestJet

WestJet investigates cyber attack disrupting internal systems

Unknown

WestJet suffered a cyber attack that disrupted access to its mobile app, website, and select internal systems—though flight operations remained unaffected—as the airline investigates the scope and works with law enforcement; the threat actor remains unidentified and no direct claim has been made.

Source: Bleeping Computer 

June 15, 2025

The Washington Post

The Washington Post's email system hacked, journalists' accounts compromised

Unknown

Journalists at The Washington Post had their Microsoft-based email accounts compromised in a targeted cyber attack—believed to be state‑sponsored—giving intruders access to sensitive internal communications, though overall systems and customer data were not affected.

Source: Bleeping Computer 

June 17, 2025

Iran’s Bank Sepah

Pro-Israel hackers claim breach of Iranian bank amid military escalation

Predatory Sparrow

Pro-Israel hacking group Predatory Sparrow, allegedly linked to Israeli military intelligence, claimed a cyber attack on Iran’s Bank Sepah—disrupting banking services, ATM withdrawals, card payments, and possibly fuel transactions—as retaliation for the bank's alleged role in funding Iran’s military and nuclear programs, amid escalating Israel-Iran tensions.

Source: The Record

June 18, 2025

Iran’s Nobitex exchange

Pro-Israel hackers hit Iran's Nobitex exchange, burn $90M in crypto

Predatory Sparrow (aka Gonjeshke Darande)

A pro-Israel hacktivist group known as Predatory Sparrow (aka Gonjeshke Darande) stole and “burned” over $90 million in cryptocurrency from Iran’s Nobitex exchange on June 18, 2025—destroying the funds by sending them to unusable “vanity” wallets in a politically motivated cyber attack.

Source: Bleeping Computer 

June 19, 2025

Glasgow City Council and CGI

Glasgow City Council impacted by ‘cyber incident’

Unknown

Glasgow City Council and its ICT provider CGI confirmed that a cyber attack  disrupted multiple online services (from planning forms to bin schedules), forced affected servers offline, and may have resulted in the theft of customer data.

Source: The Record

June 19, 2025

Hawaiian Airlines

Hawaiian Airlines discloses cyber attack, flights not affected

Unknown

Hawaiian Airlines experienced a cyber attack that disrupted access to some internal IT systems—though flights remained on schedule—and while the nature (e.g., ransomware) is unclear, no threat actors have claimed responsibility

Source: Bleeping Computer 

New Ransomware

Summary

Acreed malware

According to a report, a newly emerged malware called Acreed is gaining ground in the Russian cyber criminal market and is expected to become the go-to infostealer for hackers, following the recent takedown of Lumma stealer.

DarkGaboon (hacking group)

DarkGaboon, a financially driven cyber crime group active since 2023, has been independently targeting Russian organisations across multiple sectors using phishing emails and leaked LockBit 3.0 ransomware, according to Positive Technologies.

SuperCard — a malicious variant of the NFCGate tool

Russian cybersecurity firm F6 reported the first local attacks using SuperCard — a malicious variant of the NFCGate tool — which steals bank data via NFC on infected Android devices, marking a shift to commercialised malware-as-a-service operations with global targeting and causing $5.5 million in losses and over 175,000 infections in Russia alone.

Date

New Flaws/Fixes

Summary

June 02, 2025

CVE-2025-21479, CVE-2025-21480, CVE-2025-27038

Qualcomm has released security patches for three zero-day vulnerabilities in the Adreno Graphics Processing Unit (GPU) driver that impact dozens of chipsets and are actively exploited in targeted attacks. 

June 02, 2025

CVE-2025-5419

Google has issued an emergency security update to patch CVE-2025-5419, the third zero-day vulnerability in Chrome exploited in attacks since the beginning of the year.

June 03, 2025

CVE-2025-3935

CISA has warned U.S. federal agencies of active exploitation of a recently patched ScreenConnect flaw and four other vulnerabilities, including CVE-2025-3935, affecting ASUS routers and the Craft CMS.

June 03, 2025

CVE-2025-37093

HPE has warned of eight vulnerabilities— including the critical CVE-2025-37093—affecting all StoreOnce versions before v4.3.11, urging users to upgrade to the latest release.

June 08, 2025

CVE-2024-3721

A new variant of the Mirai malware botnet is exploiting a command injection vulnerability in TBK DVR-4104 and DVR-4216 digital video recording devices to hijack them. 

June 09, 2025

CVE-2025-49113

Over 84,000 Roundcube webmail installations are vulnerable to CVE-2025-49113, a critical remote code execution (RCE) flaw with a public exploit.

June 10, 2025

CVE-2025-33053

Microsoft’s June 2025 Patch Tuesday addressed 66 security flaws—including one actively exploited WebDAV zero‑day leveraged by APT‑style attackers and another publicly disclosed SMB flaw—to close remote‑code execution and privilege‑escalation gaps. Another report says that Stealth Falcon hackers exploited a Windows WebDAV zero-day (CVE-2025-33053) to deliver custom malware in targeted attacks, primarily against Middle Eastern government and defence entities.

June 11, 2025

CVE‑2025‑32711

A critical “EchoLeak” zero‑click flaw (CVE‑2025‑32711) in Microsoft 365 Copilot could have silently exfiltrated sensitive corporate data via a malicious email prompt injection—though Microsoft patched it server-side in May before any known exploitation

June 13, 2025

CVE‑2024‑57727

CISA has issued an advisory warning that ransomware actors have been exploiting CVE‑2024‑57727, a path‑traversal flaw in unpatched SimpleHelp RMM software, to breach a utility billing provider and launch double‑extortion attacks

June 15, 2025

CVE-2025-4123

More than 46,000 internet-facing Grafana instances remain unpatched and exposed to a client-side open redirect vulnerability that allows executing a malicious plugin and account takeover. 

June 16, 2025

CVE‑2025‑3464 

A critical flaw in ASUS Armoury Crate’s kernel driver allowed local attackers—once on a system—to elevate to SYSTEM privileges and potentially take full control of Windows machines

June 18, 2025

CVE-2025-5309

BeyondTrust has released security updates to fix a high-severity flaw in its Remote Support (RS) and Privileged Remote Access (PRA) solutions that can let unauthenticated attackers gain remote code execution on vulnerable servers.

June 21, 2025

CVE-2025-4322

Hackers are exploiting a critical privilege escalation vulnerability in the WordPress theme "Motors" to hijack administrator accounts and gain complete control of a targeted site. 

June 23, 2025

CVE-2023-20198

The Canadian Centre for Cyber Security and the FBI confirm that the Chinese state-sponsored 'Salt Typhoon' hacking group is also targeting Canadian telecommunication firms, breaching a telecom provider in February. 

June 25, 2025

CVE-2025-6543

Citrix warned that a vulnerability in NetScaler appliances tracked as CVE-2025-6543 is being actively exploited in the wild, causing devices to enter a denial of service condition.

June 26, 2025

CVE-2025-20281 ,CVE-2025-20282

Cisco has published a bulletin to warn about two critical, unauthenticated remote code execution (RCE) vulnerabilities affecting Cisco Identity Services Engine (ISE) and the Passive Identity Connector (ISE-PIC). 

June 26, 2025

CVE-2024-51978

A critical flaw (CVE-2024-51978) affected 742 printer models from Brother, Fujifilm, Toshiba, and Konica Minolta, allowing remote attackers to generate default admin passwords—with no firmware fix possible for existing devices.

News Type

Summary

Report

According to a recent report, a little-known hacking group, Black Owl, has emerged as a major threat to Russian state institutions and critical industries. The group is reportedly carrying out cyber attacks intended to cause maximum disruption while also seeking financial gain.

Warning

Google warned that a cyber criminal operation known as “The Com” is tricking companies into giving them widespread access to a popular Salesforce tool, allowing them to steal sensitive data and move through other parts of the organisations.

Report

According to newly released FBI data, the Play ransomware gang has targeted over 900 organisations since its emergence in 2022, establishing itself as one of the most dangerous active cyber crime groups.

Report

Scammers used phishing to steal £47 million by posing as taxpayers and targeting 100,000 HMRC accounts in a rebate fraud—though no customer funds were lost, arrests were made, and HMRC clarified it was not a cyber or hacking attack like recent ones on major retailers.

Report

A newly released report reveals that a cyberespionage group suspected of links to Iran, known as BladedFeline—a likely subgroup of OilRig—has been targeting Kurdish and Iraqi government officials in a prolonged spying campaign, according to cybersecurity firm ESET.

Report 

A report said that the "Russian Market" cyber crime marketplace has become a leading hub for trading credentials stolen through information-stealing malware.

Report

Arkana Security briefly relisted over 569 GB of Ticketmaster data—originally stolen in Snowflake breaches tied to ShinyHunters in 2024—for sale again over the weekend, reigniting concerns about widespread exposure of customer ticketing and personal information.

Report 

AI is being called a “data‑breach time‑bomb” after a Varonis report found that 99% of organisations expose sensitive information across clouds, apps, and AI copilots—making a single prompt capable of leaking critical data.

Report 

A recent Coinbase data breach was linked to India-based TaskUs support staff who were bribed by threat actors to leak user data, with two employees admitting to the scheme after one was caught photographing her screen.

Report 

Google's Threat Intelligence Group has linked voice phishing attacks by hackers posing as ShinyHunters to attempts at stealing data from Salesforce platforms by tricking employees into using a tampered Data Loader tool.

Report 

OpenAI dismantled multiple ChatGPT accounts linked to state-backed hackers and disinformation campaigns from countries including China, Russia, North Korea, Iran, and the Philippines, citing misuse for malware development, influence operations, and employment scams.

Report

The NHS is urgently calling for 1 million blood donors as stocks remain critically low due to last year’s ransomware attack on Synnovis by the Qilin group, which disrupted pathology services and led to overuse of O-type blood, while over 900,000 patients' sensitive medical data remains compromised and many still await breach notification.

Report

Kazakhstan has arrested over 140 individuals, including business owners and Telegram channel admins, for allegedly selling citizens’ personal data from government databases, with some of the stolen info shared with debt collectors and over 400 devices seized in the crackdown.

Report

A massive Google Cloud outage on June 12 disrupted core services—API management failures caused widespread outages across Gmail, Drive, Cloudflare-integrated services, and other critical platforms for over three hours before recovery

Report

Victoria’s Secret has fully restored its critical systems and e-commerce platform following a May 24 cyber attack that forced a three-day shutdown—though it continues to assess financial impacts and incurred remediation costs.

Report

The hacker group Rare Werewolf has targeted hundreds of devices in Russia, Belarus, and Kazakhstan—mainly in industrial firms and engineering schools—using phishing emails to deploy XMRig cryptomining malware via malicious attachments, Kaspersky reports

Report

Cyber crime group FIN6 (aka Skeleton Spider) is impersonating job seekers on LinkedIn and Indeed to trick recruiters into opening phishing emails containing the MoreEggs backdoor, marking a shift from their usual payment card and PoS data theft operations, according to DomainTools.

Warning

Google has warned that the Scattered Spider hacking collective (aka UNC3944) is now targeting U.S. insurance companies—using sophisticated social‑engineering techniques on help desks and call centers to breach sensitive corporate systems

Report

Singapore led a multinational law enforcement operation across seven Asian jurisdictions—including Hong Kong, South Korea, Malaysia, the Maldives, Thailand, and Macao—that investigated 33,900 suspects tied to over 9,200 scams (including investment fraud, fake job sites, and pig butchering), arrested more than 1,800 individuals, froze 32,000 scam-linked bank accounts, and seized $20 million, in response to an estimated $225 million in total victim losses.

Report

Belarusian hacktivists known as the Cyber Partisans publicly taunted Kaspersky—mocking the firm's detailed report on their cyber attacks by suggesting it was merely a self-serving defence of its outdated security tools—asserting they remain undeterred and even grateful for the unintended attention

Report

A Fog ransomware attack on an Asian financial institution stood out due to the unusual use of legitimate employee monitoring software (Syteca) and rare pentesting tools (like GC2), raising concerns that the operation may have been a front for espionage rather than a typical ransomware campaign.

Report

In a court filing, privacy ombudsman Neil Richards urged that bankrupt genomics firm 23andMe should have obtained separate and affirmative consent from customers before selling their sensitive genetic data — a move prompted by consumer concerns, spikes in deletion requests following a 2023 hack and the company's March bankruptcy, and criticism from lawmakers, as 23andMe’s prior privacy updates were deemed unclear and possibly conflicting with its public assurances.

Report

The UK’s Information Commissioner fined genetic testing firm 23andMe £2.31 million for “profoundly damaging” security failures that exposed sensitive genetic, health, and personal data of over 150,000 UK users during a 2023 credential-stuffing breach.

Warning

Google warned that the notorious Scattered Spider (aka UNC3944) hacker group—recently linked to major retail breaches—has now shifted its focus to the insurance sector in the U.S., targeting help desks and call centers with sophisticated social‑engineering attacks to infiltrate networks and access sensitive customer data.

Report

Radware reported that the pro-Cambodian hacktivist group AnonsecKh (aka Bl4ckCyb3r) launched at least 73 DDoS and defacement attacks on Thai government and private-sector websites following a border skirmish on May 28, intensifying operations amid rising military tensions.

Report

Krispy Kreme confirmed that a November 2024 cyber attack—claimed by the Play ransomware gang—compromised the personal data of around 161,676 people (predominantly employees and family members), including SSNs, driver’s licenses, payment details, health and biometric records, disrupted online ordering, and led to over $11 million in losses.

Report

Researchers from Recorded Future and Resecurity discovered that threat actor Brigada Cyber PMC used the Redline infostealer to hack a Paraguayan government official’s device, leading to the leak of personal data belonging to 7.4 million citizens on dark web forums.

Report

North Korea’s BlueNoroff APT (aka TA444) used deepfake videos of company executives during fake Zoom calls in June 2025 to trick employees into installing custom macOS malware aimed at cryptocurrency theft.

Report

Cloudflare mitigated a record-breaking 7.3 Tbps DDoS attack in mid-May that flooded a hosting provider with 37.4 TB of data in just 45 seconds, using a global, automated defence system to block traffic from over 122,000 IPs across 161 countries.

Report

A recent “16 billion credentials” leak isn’t a fresh breach but a massive compilation of old passwords stolen over years via infostealer malware and credential-stuffing attacks—simply repackaged and briefly exposed online

Report

Another report on the Synnovis data breach said that the ransomware attack by the Qilin group on Synnovis in June 2023 disrupted blood testing across London hospitals, contributing to a patient’s death and exposing sensitive medical data of over 900,000 individuals, according to the NHS. 

Report

A British hacker known as “IntelBroker” (Kai West) has been charged in the U.S. for breaching dozens of global companies—stealing and selling sensitive data, inflicting over $25 million in damages, and trafficking stolen information via BreachForums.

Warning

The U.S. Department of Homeland Security has issued a National Terrorism Advisory warning that Iran-backed cyber threat actors and pro‑Iranian hacktivists are likely to ramp up low-level cyber attacks targeting poorly secured U.S. networks, internet-connected devices, and critical infrastructure amid the current Israel–Iran conflict

Report

The U.S. House of Representatives has officially banned WhatsApp on all government-issued devices—citing it as a "high-risk" app due to unclear data protection, lack of stored-data encryption, and other security vulnerabilities.

Report

Hackers have been abusing ConnectWise ScreenConnect’s trusted installer by tampering with its Authenticode signature—injecting malicious settings that convert it into signed remote access malware for stealthy initial access.

Report

A new wave of North Korea's 'Contagious Interview' campaign is targeting job seekers with malicious npm packages that infect dev's devices with infostealers and backdoors.

Report

American grocery giant United Natural Foods (UNFI) reported that it has restored its core systems and brought online the electronic ordering and invoicing systems affected by a cyberattack.

Report

Hackers associated with "Scattered Spider" tactics have expanded their targeting to the aviation and transportation industries after previously attacking insurance and retail sectors.