November 30, 2025

Dark Light

Search

News One Minute Roundup

0

20

Critical Sectors Faced 13 Cyber Attacks per Second in 2023 – January 30th

A Forescout Research – Vedere Labs report disclosed that over 420 million attacks were recorded between January and December 2023 in the medical, power, communications, waste, manufacturing, and transportation equipment sectors, amounting to 13 attacks per second.

Forescout’s report “2023 Global Threat Roundup” states that despite the ongoing surge in cyber attacks, the cybersecurity landscape remains optimistic considering proceedingly enhanced visibility and proactive defense strategies in the affected sectors.

News One Minute Roundup

0

11

Trello Data Breach Exposes 15M Users – January 29th

Initially noted by the ‘Have I Been Pwned?’ breach notification service, user data of 15 million Trello users are now exposed, and peddled on Dark Web hacking forums.

Atlassian, Trello’s parent company commented on the attack, claiming they’ve taken significant steps to prevent such data scraping attacks. They will continue to investigate and mitigate the situation surrounding the cyber attack.

News One Minute Roundup

0

8

Government Vulnerabilities Grow by 151% – January 26th

According to a Bugcrowd report, no other sector saw as much vulnerability growth as the government sector, which saw a 151% surge and a 58% rise in critical vulnerabilities.

Following the government sector were the retail (+34%), corporate services (+20%), and computer software (+12%) sectors.

News One Minute Roundup

0

13

The UK Warns on AI-Generated Malware from Nation-States – January 25th

According to the UK’s National Cyber Security Centre (NCSC), AI-generated malware built to avoid detection could be a serious threat inflicted by nation-state threat actors this year.

The NCSC further stated that based on their investigations, they believe nation-state groups hold repositories of malware large enough to effectively train an AI model to bolster ransomware attack capabilities.

News One Minute Roundup

0

15

26 Billion Stolen Record Database Discovered – January 24th

Security Discovery researchers and the Cybernews team discovered the largest data leak ever recorded, containing 26 billion records predominantly stolen from major social media platforms and government agencies.

Dubbed “The Mother of All Breaches”, the 12 terabytes of compromised records were stolen most notably from Tencent QQ (1.5B), Weibo (504M), MySpace (360M), Twitter (281M), LinkedIn (251M), AdultFriendFinder (220M), among government agency data from the United States, Brazil, Germany, the Philippines, Turkey, among others.

News One Minute Roundup

0

14

Exfiltrated Info Automatically Spread on Discord Bot Channel – January 23rd

On an analysis published by Trellix security researcher Gurumoorthi Ramanathan, the “NS-STEALER” malware distributed via a hidden ZIP file could lead to captured data automatically displayed on the Discord bot channel “EventListener”.

The hidden malware “NS-STEALER” when deployed onto a user’s system, can automatically collect screenshots, cookies, credentials, autofill data, and system information from web browsers.

News One Minute Roundup

0

17

Russia-Backed Hackers Infiltrate Microsoft’s Corporate Email System – January 22nd

Microsoft announced on a blog post that the email intrusion attack began in November 2023 and was discovered on January 12th, 2024. Microsoft deduced that the attack originated from a Russian nation-state hacking group.

The Microsoft blog post stated the attack gained access to a small percentage of Microsoft corporate email accounts, consisting of Microsoft leadership, security, and IT team members. The incident is still under investigation and reported to the SEC, Microsoft vowed to take any further necessary action while being as transparent as possible.

News One Minute Roundup

0

7

Cybersecurity Experts Question ‘Cyber Scam Warning’ Effectiveness – January 19th

The concern of official cyber scam warnings potentially being ineffective was raised by cybersecurity firms, Praxis Labs, eSentire, stemming from Dubai and Ghana cyber and law enforcement agency reports.

After multiple cyber scam warnings issued by the Dubai Police and the Cyber Security Authority of Ghana, reports of victims continuously poured in for these “search engine scams”. Following the incidents, researchers at Praxis Labs and eSentire released statements on human behavior corresponding to cyber, by being on “default mode” and for search engines, the issuance of “implicit trust”.

News One Minute Roundup

0

11

JP Morgan Chase Combats 45 Billion Cyber Attacks Daily – January 18th

On Wednesday, January 17th, JPMorgan Chase’s asset and wealth management division head, Mary Callahan Erdoes, said during the World Economic Forum in Davos that the firm faces a staggering 45 billion breach attempts daily.

Mary explained on a panel session that they have more security engineers than Google and Amazon, out of necessity, as threat actors increasingly get “smarter, savvier, quicker, more devious and mischievous.”

News One Minute Roundup

0

14

CISA and FBI Release IOCs Associated with Androxgh0st Malware – January 17th

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) released a joint cybersecurity advisory (CSA) containing the Indicators of Compromise (IOC) associated with the Androxgh0st malware.

The joint CSA also contained the dangerous Androxgh0st malware tactics, techniques, and procedures associated with the malware’s threat actors. The malware establishes a botnet for victim identification, exploits vulnerable networks, targets the theft of sensitive data, and may lead to remote code execution.

News One Minute Roundup

0

12

77% of CEOs Believe AI More Risk Than Reward in Cyber – January 16th

Despite the hype of AI in cybersecurity, a PwC survey revealed that 77% of CEOs still believe AI increases the risk of breaches rather than boosts cybersecurity.

The PwC survey interviewed 4,700 executives globally, the majority of whom are CEOs. The survey also found that 63% of respondents believed AI to be a misinformation risk, causing a barrier for legal and reputational damage stemming from generative AI.

News One Minute Roundup

0

9

Ukrainian Hacks Accounts to Mine $2M in Crypto – January 15th

A now arrested Ukrainian-based hacker infiltrated cloud-computing accounts to create over 1M virtual servers to mine $2M worth of cryptocurrencies, Europol announced.

The Europol investigation shed light on the dangers behind cloud computer hijacking campaigns used for large-scale illicit crypto mining.

News One Minute Roundup

0

17

Microsoft’s GitHub: A Growing Platform for Delivering Malicious Payloads – January 12th

A Recorded Future report discloses that Microsoft-owned GitHub is a growing and lucrative platform for threat actors to effectively deliver malicious payloads by blending the payloads with legitimate traffic.

The open-source data repository platform’s legitimacy is now being leveraged cleverly by threat actors who are “living-off-trusted-sites”. However, the limitations in the site’s file size and storage stopped large-scale payloads used for data exfiltration from being delivered.

News One Minute Roundup

0

9

Ukrainian Hacking Group Dismantles Russian Telco – January 11th

A source informed Reuters that the Ukrainian spy agency-backed “Blackjack” hacking group successfully deleted 20TB of data from M9 Telecom, massively disrupting their operations.

Seemingly coming as a retaliation attack to the “largest telco cyber attack in history” on Ukrainian telco, Kyivstar, the attack on M9 Telecom shut down internet use for thousands in Moscow.

News One Minute Roundup

0

14

SEC X Account Hacked to Push Bitcoin ETFs – January 10th

The Securities and Exchange Commission (SEC) confirmed through a spokesperson and social media announcements that the agency’s X (formerly Twitter) account was compromised to promote Bitcoin ETFs.

Bitcoin’s value spiked to nearly $48k as a result of the false Tweet, despite being taken down just 30 minutes after being published.

News One Minute Roundup

0

9

Turkish Cyber Espionage Group Targeting Dutch Orgs – January 9th

Hunt & Hackett uncovered information on “Sea Turtle”, a Turkish-affiliated cyber espionage group that shifted focus to target Netherlands-based organizations.

“Sea Turtle” was found to launch politically motivated evasive info-stealing campaigns targeting Dutch government, telco, media, and NGO organizations.

News One Minute Roundup

0

9

Cyberattack Shuts Down loanDepot IT Systems – January 8th

In response to complaints regarding its payment portal, loanDepot informed its customers that they fell victim to a cyberattack that shut down its IT systems, disrupting its business operations.

Currently in coordination with law enforcement and forensics experts to further investigate the attack. The attack on loanDepot marks the second major cyberattack on a US mortgage loan provider in the past few months, after the cyberattack on Mr. Cooper.

News One Minute Roundup

0

15

Google to Test Third-Party Cookies Restrictions by End of 2024 – January 5th

As part of Google’s “Privacy Sandbox” initiative, Google Chrome plans to test removing third-party cookies for 1% of its users by the end of 2024.

Going against the pleas of Google-focused advertisers, Google’s move to remove these third-party cookies used to track user data to build targeted advertiser profiles aims to enhance the web browser’s data privacy.

News One Minute Roundup

0

13

CISA Warns Google Chrome Users of Open Source Vulnerabilities – January 4th

In an announcement addressed to US Federal Agencies, the Cybersecurity and Infrastructure Security Agency (CISA) warned Google Chrome users of a vulnerability (CVE-2023-7101) impacting the web browser’s open-source Perl library.

The Google vulnerability affects an open-source project, Google Chromium WebRTC, which as a result allows threat actors to cause browser crashes and launch other actions.

News One Minute Roundup

0

12

$80M in Crypto Stolen from Orbit Chain Cyberattack – January 3rd

Orbit Chain revealed to its users that as a result of a cyber attack, $84.5M worth of Ethereum and DAI (cryptocurrencies) were illicitly transferred to seven wallet addresses on the 1st of January.

Orbit Chain is now coordinating with the Korean National Police Agency and the Korea Internet & Security Agency (KISA) to find the threat actors behind the cyber attacks, and to further protect its customers’ crypto wallets.

News One Minute Roundup

0

17

Researchers Uncover a Tesla Autopilot Exploit – January 2nd

Researchers from the Technische Universität Berlin managed to hack into Tesla’s autopilot system, granting them access to internal hardware and hidden capabilities.

The university’s researchers using inexpensive tools amounting to $600 hacked into Tesla’s ARM64-based circuit board of the car’s autopilot system. The researchers’ hack on Tesla allowed them access to arbitrary code, user data, cryptographic keys, system parts, a deleted GPS coordinates video, and the hidden “Elon-mode” allowing the cars to have a fully hands-free self-driving feature.

News One Minute Roundup

0

12

Cyberattack Halts Albanian Parliament Data System – December 29th

Albania’s Parliament announced it was hit by a cyberattack targeting its data system, resulting in halting the Parliament’s services.

The Albanian Parliament assured that although disrupted, the data was not encrypted by the threat actors and that their services would go back online soon.

News One Minute Roundup

0

14

H2 2023 Dominated by AI Malicious Activity and Android Spyware Threats – December 28th

According to an ESET report, the threat landscape of the second half of 2023 was dominated by AI-generated malicious activity and newly emerged Android spyware.

Coming from ESET’s “Threat Report: H2 2023,” based on the firm’s recorded incidents, the report also states that a new economy has arisen from OpenAI API keys, especially for cybercriminals.

News One Minute Roundup

0

13

62% of Top Ransomware Groups Activated Remote Attacks in 2023 – December 27th

According to Sophos’ latest report, 62% of the most active ransomware groups in the world deliberately enable remote encryption for their attacks.

Sophos’ report entitled “CryptoGuard: An Asymmetric Approach to the Ransomware Battle,” gathered the data based on Sophos’ detected and halted ransomware attacks in 2023. The report further stated that remote encryption is used as a tactic for effective, widespread ransomware attacks within organizations, aiming to steal as much sensitive information as possible.

News One Minute Roundup

0

13

‘GTA V’ Source Code Leaked on Telegram Channel – December 26th

Links to Rockstar Games’ ‘GTA V’ source code were posted on a Telegram group, later posted on Discord servers and a dark web site.

The Rockstar Games leak ensued a year after threat actor group, Lapsus$ claimed a cyberattack on the gaming giant. Lapsus$ hacker, Arion Kurtaj is the suspected source of the video game’s code distribution.

News One Minute Roundup

0

10

November’s Ransomware Leak Victims Reach Record High – December 25th

A record-high 484 ransomware victims were posted on publicly available sites in November 2023, according to a Corvus Insurance report.

The spike in ransomware victims’ information being leaked reflects a 39.08% increase compared to October 2023 and a staggering 110.43% increase compared to November 2022.

News One Minute Roundup

0

10

US White House Issues Executive Order to Improve Nation’s Cybersecurity – December 22nd

On December 21st, the U.S. White House issued Executive Order (EO) 14028, “Executive Order on Improving the Nation’s Cybersecurity,” which emphasized modernizing cybersecurity infrastructure by coding in more secure ways.

A more detailed excerpt from the Executive Order stated; “Software engineers, developers, and coders must build secure code and security controls into the code they create. They need to make security by design and security by default software-design requirements.”

News One Minute Roundup

0

12

3,500 Cybercriminals Arrested by Law Enforcement – December 21st

Over 3,500 cybercriminals were arrested and $300M worth of assets were seized by Europol, the South Korean government, along with cooperation from law enforcement agencies from 34 countries on a large-scale sting operation labeled “HAECHI IV”.

The operation spanning from July to December 2023, targeted predominantly email, e-commerce, and investment cyber fraudsters.

News One Minute Roundup

0

12

Financial Sector Sees Most Cyberattacks in 2023 – December 20th

Based on a Netwrix survey, the financial sector in 2023 experienced the most cyberattacks among any other sector in 2023.

Surveying 1,610 IT and security professionals from more than 100 countries, the survey also revealed phishing and malware to be the most common attacks across all sectors.

News One Minute Roundup

0

13

‘Predatory Sparrow’ Cyberattack Shuts Down 70% of Iran’s Gas Stations – December 19th

Threat actor group Gonjeshke Darande, which translates to “Predatory Sparrow” claimed the cyberattacks against Iranian petrol stations, rail networks, and steel factories, according to Iranian State Media.

‘Predatory Sparrow’, speculated to be linked to Israel, explains the attack to be in response to “the aggression of the Islamic Republic and its proxies in the region”.

News One Minute Roundup

0

17

MongoDB’s Data Breach Confirmed – December 18th

MongoDB revealed a data breach exposing customer metadata and sensitive information in an email announcement to their customers.

The email, alerting MongoDB’s customers of the cyberattack, also informed customers to be aware of heightened phishing email risk due to the data breach, and to set up multi-factor authentication for their accounts as a phishing safety measure.

News One Minute Roundup

0

15

Newsquest Media Group Discloses Cyberattack – December 15th

The UK’s Newsquest Media Group reported a cyberattack that disrupted the company’s websites and apps to the UK National Cyber Security Centre (NCSC) on Monday, December 11th.

The UK media company with over 250 local news sites’ stated that the series of Distributed Denial-of-Service (DDoS) attacks disrupted the reading experience of an estimated 48 million monthly readers.

News One Minute Roundup

0

9

The UK is at ‘High Risk’ of Ransomware Attacks – December 14th

The Joint Committee on National Security Strategy (JCNSS) published a report “A hostage to fortune: ransomware and UK National Security,” which revealed the UK’s lack of planning against ransomware attacks.

Targeted mainly at the critical cyber infrastructure of the UK government, the JCNSS report warns that a severe attack could disrupt the core of government services, healthcare, and child protection, which could lead to bringing the country to a ‘standstill’.

News One Minute Roundup

0

11

Ukraine’s Largest Telecom Crippled by Russian Cyberattack – December 13th

Kyivstar, Ukraine’s largest telecom provider announced it was hit by a devastating cyberattack, disrupting internet access for over 26 million users.

Kyivstar’s parent company, VEON Ltd confirmed the devastating cyberattack, claiming it to be “one of the largest cyberattacks in the history of the global telecom market.”

News One Minute Roundup

0

7

Fraudulent LinkedIn Profiles Targeting Saudi Workers for Corporate Data Leaks – December 12th

Revealed in a presentation at last month’s Black Hat Middle East and Africa conference, was a corporate information leak tactic targeting Saudi Arabian workers using fraudulent LinkedIn profiles.

The LinkedIn attacks start with fraudulent accounts pretending to be Muslim women in their 20s who say they work in Southeast Asia. Once the connection is made, attempts to harvest sensitive corporate information through long, seemingly legitimate professional conversations ensue.

News One Minute Roundup

0

7

AutoSpill Attack May Lead to Stolen Android Credentials – December 11th

Researchers from the International Institute of Information Technology (IIIT) presented a new attack named ‘AutoSpill’ that enables attackers to steal account credentials on Android devices via an autofill operation, during the Black Hat Europe security conference.

IIIT researchers pinpointed WebView, the Android feature used to open external links through an internal browser view as the starting point of the security flaw, leaving autofilled usernames and passwords vulnerable.

News One Minute Roundup

0

10

Russian Campaign Targeting UK Politics Exposed – December 8th

The National Cyber Security Centre (NCSC) in collaboration with partners from the US, Australia, Canada, and New Zealand revealed the Russian-state-backed threat actors terrorizing UK political systems.

The NCSC identified the group ‘Star Blizzard’ to be a subordinate to Centre 18 from the Russian Federal Security Service (FSB). Star Blizzard targeted UK parliamentarians, UK-US trade documents, UK think tanks, universities, journalists, and NGOs using various sophisticated phishing tactics.

News One Minute Roundup

0

13

LockBit Keeps Role as Biggest Global Ransomware Threat in 2023 – December 7th

According to a report by ZeroFox, LockBit was involved in more than a quarter of global ransomware and digital extortion (R&DE) attacks in 2023.

The report found 30% of LockBit’s attacks target Europe and 25% in North America. Despite remaining the global leader in ransomware, ZeroFox notes there to be a downward trajectory in the number of LockBit’s attacks compared to 2022.

News One Minute Roundup

0

13

New Sophisticated Attacks Demonstrated by Disney+ Impersonators – December 6th

Abnormal Security published a study revealing a Disney+ impersonation attack, demonstrating never-before-seen phishing tactics.

The cybercriminals initiated the impersonation attack through an auto-generated notification email, about pending charges for their Disney+ subscription. The emails also demonstrated customized PDFs, with legitimate numbers & emails, inflated charges, and believable branding.

1
2
3
4
5