Security Affairs

MARCH 10, 2025

Another American hospital falls victim to a ransomware attack; the RansomHouse gang announced the hack of Loretto Hospital in Chicago.” ” The RansomHouse gang announced the hack of Loretto Hospital in Chicago, the groups claims to have stolen 1.5TB of sensitive data.

Hacking 118

Hacking Healthcare Backups Ransomware 118

Security Affairs

MAY 12, 2025

Threat actors use fake AI tools to trick users into installing the information stealer Noodlophile, Morphisec researchers warn. The report includes Indicators of Compromise (IOCs) for this campaign Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,fake AI tools)

Malware 113

Malware Media Cybercrime Scams 113

Security Affairs

NOVEMBER 10, 2024

US CFPB warns employees to avoid work-related mobile calls and texts following China-linked Salt Typhoon hack over security concerns. internet-service providers in recent months in pursuit of sensitive information, according to people familiar with the matter.” and its allies for hacking activities in July.

Hacking 133

Hacking Internet Internet Malware 133

Security Affairs

JANUARY 25, 2025

To confirm their findings, the researchers reached out to their friend and asked if they could hack her car. Additionally, attackers could secretly obtain personal information such as the victims name, phone number, email, and physical address. Admin panel access exposed vehicle data (e.g., name, ZIP, phone, email, billing details).

Hacking 128

Hacking Accountability Passwords Authentication 128

Security Affairs

APRIL 10, 2025

No OCI service has been interrupted or compromised in any way,” Last week, Oracle confirmed a data breach and started informing customers while downplaying the impact of the incident. The hacker has published 10,000 customer records, a file showing Oracle Cloud access, user credentials, and an internal video as proof of the hack.

Hacking 122

Hacking Data breaches Encryption Passwords 122

Security Affairs

JANUARY 23, 2025

is end-of-life and no longer receives security updates, for this reason, these instances are exposed to hack. The advisory details hacking activities exploiting the mentioned vulnerabilities. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,CISA)

Hacking 119

Hacking Government Cybersecurity Information Security 119

Security Affairs

OCTOBER 27, 2024

Four former members of the REvil ransomware group were sentenced in Russia for hacking and money laundering, marking a rare case of Russian gang members being convicted in the country. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, REvil ransomware gang )

Ransomware 143

Ransomware Hacking Malware Cybercrime 143

Security Affairs

NOVEMBER 2, 2024

A former Disney World employee hacked servers after being fired, altering prices, adding profanities, and mislabeling allergy info. A former Walt Disney World employee hacked servers after being fired by the company. He is accused of changing prices, adding profanities, and falsely labeling items as allergy-safe.

Hacking 141

Hacking Risk Cybercrime Information Security 141

Security Affairs

NOVEMBER 9, 2024

Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, Mazda Connect) . “The CMU can then be compromised and “enhanced” to, for example, attempt to compromise any connected device in targeted attacks that can result in DoS, bricking, ransomware, safety compromise, etc.”

Hacking 132

Hacking Firmware Software Manufacturing 132

Security Affairs

FEBRUARY 2, 2025

The hacking campaign targeted 90 users and was disrupted in December, WhatsApp already alerted them of a possible compromise of their devices. WhatsApp linked the hacking campaign to Paragon, an Israeli commercial surveillance vendor acquired by AE Industrial Partners for $900 million in December 2024.

Spyware 111

Spyware Hacking Surveillance Malware 111

Security Affairs

MARCH 24, 2025

The breach was detected in February , leading to notifications to the FBI, Virginia State Police, and the Virginia Information Technologies Agency. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking, ransomware) Chief Deputy AG Steven Popps called it a sophisticated attack.

Ransomware 105

Ransomware Hacking Social Engineering VPN 105

Security Affairs

NOVEMBER 11, 2024

Amazon disclosed a data breach exposing employee data, with information allegedly stolen in the May 2023 MOVEit attacks. Amazon disclosed a data breach that exposed employee information after data was allegedly stolen during the May 2023 MOVEit attacks. million records containing employee data on the hacking forum BreachForums.

Data breaches 128

Data breaches Hacking Ransomware Technology 128

Security Affairs

OCTOBER 31, 2024

Peruvian Interbank confirmed a data breach after threat actors accessed its systems and leaked stolen information online. Interbank disclosed a data breach after a threat actor claimed the hack of the organization and leaked stolen data online. Interbank , formally the Banco Internacional del Perú Service Holding S.A.A.

Data breaches 130

Data breaches Financial Services Hacking Mobile 130

Security Affairs

OCTOBER 28, 2024

French internet service provider (ISP) Free disclosed a cyber attack, threat actors allegedly had access to customer personal information. Recently, many cybercriminals have been creating profiles shortly before sharing information about hacks, attacks, or data leaks in France.” Free S.A.S.

Cyber Attacks 128

Cyber Attacks Telecommunications Data breaches Banking 128

Security Affairs

NOVEMBER 18, 2024

T-Mobile confirmed being a victim of recent hacking campaigns linked to China-based threat actors targeting telecom companies. T-Mobile confirms it was hacked as part of a long-running cyber espionage campaign targeting Telco companies. The cyber spies stole information belonging to targeted individuals that was subject to U.S.

Mobile 115

Mobile Telecommunications Data breaches Hacking 115

Security Affairs

OCTOBER 11, 2024

Rather than using advanced hacking techniques, they exploited systems with default credentials to compromise target networks. This included working on malware that was still in development, and looking for information on potential targets.” ” continues the report.

Malware 138

Malware Social Engineering Engineering Hacking 138

Security Affairs

APRIL 7, 2025

These falsely obtained credentials enable cyber criminals to successfully mimic a real-world investigation by inducing platform operators to provide extremely sensitive information. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,EDR-as-a-Service)

Cybercrime 140

Cybercrime Social Engineering Accountability Government 140

Security Affairs

MAY 18, 2025

“That effectively means there is a built-in way to physically destroy the grid,” an anonymous informer told Reuters The rogue devices’ existence is newly revealed, with no public US government acknowledgment. The US grid was successfully hacked in November by hackers belonging to foreign governments.

Energy and Utilities 145

Energy and Utilities Manufacturing Government Hacking 145

Security Affairs

FEBRUARY 25, 2025

” NKTsKI recommends organizations to strengthen monitoring of threats and information security events in systems provided by LANIT. LANIT Group (Laboratory of New Information Technologies) is one of Russia’s largest IT service and software providers. ” said U.S.

Telecommunications 103

Telecommunications Software Technology Healthcare 103

Security Affairs

APRIL 9, 2025

The confidentiality and integrity of the OCCs information security systems are paramount to fulfilling its mission, said Acting Comptroller of the Currency Rodney E. security team the day before had notified OCC about unusual network behavior, according to the draft letter.” The review process is still ongoing. OCC on Feb.

Accountability 126

Accountability Banking Information Security Hacking 126

Security Affairs

NOVEMBER 24, 2024

Stolen information offered for sale on the carding website included bank account, credit card, and debit card numbers and associated information for conducting transactions. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, newsletter) million in revenue.

Cybercrime 133

Cybercrime Cryptocurrency Banking Accountability 133

Security Affairs

MAY 20, 2025

In April, SK Telecom reported that threat actors gained access to USIM-related information for customers following a malware attack. Upon discovering the infection, the company promptly reported it to the Korea Internet & Security Agency (KISA) on Sunday, April 20, sanitized the impacted systems, and isolated the suspected hacking device.

Malware 108

Malware Mobile Data breaches Wireless 108

Security Affairs

DECEMBER 8, 2024

The investigation aimed to determine the extent of the activity, and whether individual personal information, if any, may have been accessed or acquired by an unauthorized third party. ” reads the notice of security incident shared with the Maine Attorney General.

Data breaches 119

Data breaches Insurance Healthcare Ransomware 119

Security Affairs

JUNE 4, 2025

Luxury-goods conglomerate Cartier disclosed a data breach that exposed customer information after a cyberattack. Cartier has disclosed a data breach following a cyberattack that compromised its systems, exposing customers’ personal information. The incident comes amid a wave of cyberattacks targeting luxury fashion brands.

Data breaches 100

Data breaches Cyber Attacks Manufacturing Banking 100

Security Affairs

MAY 17, 2025

Access to personal or official accounts operated by US officials could be used to target other government officials, or their associates and contacts, by using trusted contact information they obtain.” Use a secret word with family to confirm identities and stay secure. ” reads the alert issued by the FBI.

Government 125

Government Social Engineering Authentication Accountability 125

Security Affairs

OCTOBER 21, 2024

The Internet Archive was breached again, attackers hacked its Zendesk email support platform through stolen GitLab authentication tokens. Internet Archive Zendesk emails sent by the threat actor Source: BleepingComputer The message highlights a poor security posture by the Internet Archive.

Internet 130

Internet Internet Data breaches Authentication 130

Security Affairs

DECEMBER 21, 2024

” Recently, The Federal Office for Information Security (BSI) announced it had blocked communication between the 30,000 devices infected with the BadBox malware and the C2. ” Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,botnet)

Firmware 143

Firmware Malware Internet Internet 143

Security Affairs

APRIL 13, 2025

. “During the half-day meeting in Geneva, Wang Lei, a top cyber official with Chinas Ministry of Foreign Affairs, indicated that the infrastructure hacks resulted from the U.S.s “Wang or the other Chinese officials didnt directly state that China was responsible for the hacking, the U.S. ” states the WSJ.

Hacking 131

Hacking Manufacturing Education Government 131

Security Affairs

NOVEMBER 4, 2024

for phishing scams that stole millions by hacking email accounts. Then the man conducted Business Email Compromise (BEC) attacks by changing the information related to wire payments. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, phishing scams)

Scams 127

Scams Phishing Identity Theft Accountability 127

Security Affairs

NOVEMBER 6, 2024

Security researcher Rick de Jager demonstrated the vulner ability, called RISK:STATION by cybersecurity firm Midnight Blue, at the Pwn2Own Ireland 2024 hacking contest. Midnight Blue took 3rd at Pwn2Own Ireland 2024 , the team demonstrated five zero-day flaws in routers, printers, security cameras, and NAS devices.

Firmware 127

Firmware Manufacturing Hacking Media 127

Security Affairs

DECEMBER 3, 2024

Securities and Exchange Commission (SEC), the company discovered the attack on November 25. The threat actors had access to the company’s information technology systems and encrypted some of its data files. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, ransomware)

Ransomware 122

Ransomware Encryption Technology Cybersecurity 122

Security Affairs

MARCH 4, 2025

HGFS information-disclosure vulnerability: the vulnerability is an information disclosurevulnerability that impacts VMware ESXi, Workstation, and Fusion. The virtualization giant confirmed that it has information to suggest that exploitation of the three flaws has occurred in the wild. CVE-2025-22226 (CVSS score of 7.1)

Hacking 116

Hacking Information Security 116

Security Affairs

MAY 25, 2025

Coordination by Eurojust ensured that authorities were able to exchange information and align their investigative efforts.” Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,Operation ENDGAME) ” Authorities also seized 3.5M

Ransomware 127

Ransomware Cybercrime Malware Cryptocurrency 127

Security Affairs

JANUARY 15, 2025

At the beginning of the year, and as a positive start for us, and in order to solidify the name of our group in your memory, we are proud to announce our first official operation: Will be published of sensitive data from over 15,000 targets worldwide (both governmental and private sectors) that have been hacked and their data extracted.”

VPN 133

VPN Passwords Firewall Firmware 133

Security Affairs

MARCH 8, 2025

A data breach suffered by the Japanese telecom giant NTT exposed information of nearly 18,000 corporate customers. Japanese telecom giant NTT suffered a data breach that exposed information of nearly 18,000 corporate customers. Please note that information about services for individual customers was not included.”

Data breaches 118

Data breaches Mobile Hacking Malware 118

Security Affairs

MAY 13, 2025

The systems that companies use in the defense sector may also hold classified information. Such information will be of interest to foreign intelligence agencies, nation-state actors, and advanced espionage groups, especially during local conflicts and ongoing wars.

Ransomware 115

Ransomware Cyber Attacks Risk Hacking 115

Security Affairs

APRIL 22, 2025

Japan s Financial Services Agency (FSA) warns of hundreds of millions in unauthorized trades linked to hacked brokerage accounts. from fake websites (phishing sites) disguised as websites of real securities companies.” from fake websites (phishing sites) disguised as websites of real securities companies.”

Financial Services 122

Financial Services Passwords Accountability Antivirus 122